API Hooking (via Memory patching)

Sven Blumenstein

Member

Join Date: Jun 2002
Posts: 271

14 Sep 2001, 01:40 PM

I'm searching for a API hooking solution via memory patching.
There's a solution by Semen in the SourceCode Forum wich uses PEEK & POKE. But his Programm only works for the own Process. I want to hook other Processes with my App.
Here's my (non functional) code. I don't know if there are logical or syntax error. But it does nothing

Code:

#COMPILE EXE
#INCLUDE "win32api.inc"

FUNCTION PBMAIN
   LOCAL lpHwnd      AS LONG
   LOCAL lpProcessID AS LONG
   LOCAL lpProc      AS LONG
   LOCAL lpLib       AS LONG
   LOCAL lpOld       AS LONG
   LOCAL lpWritten   AS LONG
   LOCAL PatchString AS STRING
   
   PatchString = CHR$(&HB8) + MKL$(CODEPTR(MyMessageBox)) + CHR$(&HFF, &HE0)
   
   lpLib = LoadLibrary("user32.dll")
   
   lpProc = GetProcAddress(lpLib, "MessageBoxA")
   
   'msgbox hex$(lpProc)
   
   lpHwnd = FindWindow("Notepad", "")
   
   lpProcessID = GetWindowThreadProcessId(lpHwnd, lpProcessID)
   
   'MSGBOX FORMAT$(lpProcessID)
   
   VirtualProtectEx lpProcessID, lpProc, 8, %PAGE_EXECUTE_READWRITE, lpOld
   
'   POKE$ hProc, CHR$(&HB8) + MKL$(CODEPTR(MySetWindowText)) + CHR$(&HFF, &HE0)

   WriteProcessMemory lpProcessID, lpProc, PatchString, SIZEOF(PatchString), lpWritten
    
END FUNCTION

FUNCTION MyMessageBox (BYVAL hwnd AS DWORD, lpText AS ASCIIZ, lpCaption AS ASCIIZ, BYVAL wType AS LONG) AS LONG
   
    FUNCTION = MessageBox(hwnd, lpText, lpCaption + " - [HOOKED]", wType)
   
END FUNCTION

------------------
Sven Blumenstein
IT-Trainee at DECOMA Exterior Systems, Germany
E-Mail (work): mailto:[email protected][email protected]</A>
E-Mail (home): mailto:[email protected][email protected]</A>
Programming with: PB/Dll, MASM, VB, VC++, LCC, VBA, WML

Tags: None

Semen Matusovski

Member

Join Date: Sep 1999

Posts: 3358
- Share
- Tweet
#2

14 Sep 2001, 02:07 PM

sven --
take a look http://www.powerbasic.com/support/pb...ad.php?t=21331
you will find a sample (using global hook; "target - poffs").

------------------
e-mail: [email protected]
Comment

Announcement

API Hooking (via Memory patching)

API Hooking (via Memory patching)

Comment