Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 04-22-2005, 00:25
thomasantony
 
Posts: n/a
Question API Hooking

Hi,
I am trying my hand at API hooking. I tried making a User32.dll of myself which redirected the functions to the real user32.dll renamed as myuser.dll. I made a small program to generate the MASM Code for this. But it failed. I will try again using GoASM maybe. In the meantime, is there any other way of hooking API?

Thomas
Reply With Quote
  #2  
Old 04-22-2005, 00:52
nikola nikola is offline
Friend
 
Join Date: Jan 2004
Location: Your head
Posts: 115
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
nikola Reputation: 0
Of course. It depends if you want global hook or hook only in your app context. There is plenty of tutorials around. Its somewhat easier to do hooking in WinNt systems. In 9x there is few problems. You can hook a procedure dynamicly and on another application.
Allocate memory in remote process with VirtualAllocEx.
Write your code and data with WriteProcessMemory.
Execute your code that will set up the hook with CreateRemoteThread.
In win9x VirtualAllocEx and CreateRemoteThread procedures dont exist.

Now on hooking. What you need to do is:
1. find start address of your api function
2. gain write access to it (VirtualProtectEx in NT, in 9x there is an undocumented way...)
3. write a jump to your code (jmp MyCode)
Thats it. Then you can restore read bytes of hooked procedure and execute it and return value you wanted...
I hope this helps...
Reply With Quote
  #3  
Old 04-22-2005, 01:11
Hero Hero is offline
VIP
 
Join Date: Jan 2005
Posts: 224
Rept. Given: 2
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 4
Thanks Rcvd at 2 Times in 2 Posts
Hero Reputation: 1
Hi nikola
You suggest very good way for redirecting APIs.But I should say that this algorithm
will not work at any OS.In normal windows OSs,you can use this,but in some cases
(for example if you want to do this for a PDA with windows CE) this will not work.
Because in this sample,main system DLLs will run from PDA ROM directly and
will not load into RAM and this will cause that you can't use WriteProcessMemory
for changing it.

sincerely yours
__________________
I should look out my posts,or JMI gets mad on me!
Reply With Quote
  #4  
Old 04-22-2005, 01:45
nikola nikola is offline
Friend
 
Join Date: Jan 2004
Location: Your head
Posts: 115
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
nikola Reputation: 0
uh well i never even seen something that runs with WinCE or held a PDA so i cant tell tnx for the info
Reply With Quote
  #5  
Old 04-22-2005, 09:28
thomasantony
 
Posts: n/a
Cool

Hi,
I found that I can use VirtualProtect in Win9x to change system DLLs

Thomas
Reply With Quote
  #6  
Old 04-22-2005, 11:44
NeOXOeN NeOXOeN is offline
Friend
 
Join Date: Jan 2005
Posts: 273
Rept. Given: 2
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 2
Thanks Rcvd at 18 Times in 18 Posts
NeOXOeN Reputation: 3
Here is article which will help you in solving all your problems :P IS was By Ivo Ivanov


Just read it ..its best tut i found so fare about hooking

http://www.codeproject.com/system/hooksys.asp


Bye NeO
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Hooking WMI (.NET Application) aldente General Discussion 12 08-07-2012 01:32
API-hooking MaRKuS-DJM General Discussion 11 03-25-2005 13:27


All times are GMT +8. The time now is 08:48.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )