#1
|
|||
|
|||
API Hooking
Hi,
I am trying my hand at API hooking. I tried making a User32.dll of myself which redirected the functions to the real user32.dll renamed as myuser.dll. I made a small program to generate the MASM Code for this. But it failed. I will try again using GoASM maybe. In the meantime, is there any other way of hooking API? Thomas |
#2
|
|||
|
|||
Of course. It depends if you want global hook or hook only in your app context. There is plenty of tutorials around. Its somewhat easier to do hooking in WinNt systems. In 9x there is few problems. You can hook a procedure dynamicly and on another application.
Allocate memory in remote process with VirtualAllocEx. Write your code and data with WriteProcessMemory. Execute your code that will set up the hook with CreateRemoteThread. In win9x VirtualAllocEx and CreateRemoteThread procedures dont exist. Now on hooking. What you need to do is: 1. find start address of your api function 2. gain write access to it (VirtualProtectEx in NT, in 9x there is an undocumented way...) 3. write a jump to your code (jmp MyCode) Thats it. Then you can restore read bytes of hooked procedure and execute it and return value you wanted... I hope this helps... |
#3
|
|||
|
|||
Hi nikola
You suggest very good way for redirecting APIs.But I should say that this algorithm will not work at any OS.In normal windows OSs,you can use this,but in some cases (for example if you want to do this for a PDA with windows CE) this will not work. Because in this sample,main system DLLs will run from PDA ROM directly and will not load into RAM and this will cause that you can't use WriteProcessMemory for changing it. sincerely yours
__________________
I should look out my posts,or JMI gets mad on me! |
#4
|
|||
|
|||
uh well i never even seen something that runs with WinCE or held a PDA so i cant tell tnx for the info
|
#5
|
|||
|
|||
Hi,
I found that I can use VirtualProtect in Win9x to change system DLLs Thomas |
#6
|
|||
|
|||
Here is article which will help you in solving all your problems :P IS was By Ivo Ivanov
Just read it ..its best tut i found so fare about hooking http://www.codeproject.com/system/hooksys.asp Bye NeO |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Hooking WMI (.NET Application) | aldente | General Discussion | 12 | 08-07-2012 01:32 |
API-hooking | MaRKuS-DJM | General Discussion | 11 | 03-25-2005 13:27 |