logo
down
shadow

Injecting a hook DLL into a process before its imports get called?


Injecting a hook DLL into a process before its imports get called?

By : user2952237
Date : November 19 2020, 12:41 AM
will be helpful for those in need You can create the target process suspended and use CreateRemoteThread() for injection, but mind the following limitations:
You should copy the thread main routine for the remote thread to the address space of the target process. This code cannot contain any external references (e.g. CRTL or direct WinApi calls). I would usually limit this code to loading of the DLL and either executing function from it, or relying on the DllMain to do the job you need. In order to call LoadLibrary and GetProcAddress methods, I obtain their addresses and copy structure containing this information to the target process and pass the address of the remote structure as an argument for the thread main routine in CreateRemoteThread(). You can use VirtualAllocEx() to allocate memory in the remote process. Remote thread in this situation will be executed before main thread, including process and some Win32/64 initialization. Therefore, not every Win32 API is safe to call in this condition.
code :


Share : facebook icon twitter icon
Hook into Windows sizing events: hook is not called

Hook into Windows sizing events: hook is not called


By : Mark Fisher
Date : March 29 2020, 07:55 AM
like below fixes the issue Your assumption that the passed lParam is a pointer to a MSG is just wrong. Check the MSDN article for the callback, scroll to the bottom. You'll see that when nCode == HCBT_MOVESIZE then lParam is a pointer to RECT.
wParam gives you the handle to the window.
How to Version Imports for Cabal Hook

How to Version Imports for Cabal Hook


By : cocuyo123
Date : March 29 2020, 07:55 AM
like below fixes the issue Usually yes, code that is dependent on a version of a library manages it via CPP macros, using macros defined by Cabal itself. See http://www.edsko.net/2014/09/13/haskell-cpp-macros/ for some examples. In your case:
code :
#if MIN_VERSION_Cabal(1,22,0)
    -- something working in Cabal 1.22 or above
#else
    -- something working in Cabal versions prior to 1.22
#endif
how to hook delay imports

how to hook delay imports


By : user1354457
Date : March 29 2020, 07:55 AM
I hope this helps you . I wanted to do hooks without microsoft detours so I went to IAT hooking as it was the simplest method , but I found that some of the functions I want to hook are in the delay import table I tried to hook it like I hooked iat table : , the working code after RbMm comment :
code :
 HMODULE lib = GetModuleHandleA(0);
 PIMAGE_DOS_HEADER dos = (PIMAGE_DOS_HEADER)lib;
 PIMAGE_NT_HEADERS nt = (PIMAGE_NT_HEADERS)((uintptr_t)lib + dos->e_lfanew);
 PIMAGE_DELAYLOAD_DESCRIPTOR dload = (PIMAGE_DELAYLOAD_DESCRIPTOR)((uintptr_t)lib +
      nt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT].VirtualAddress); 
 while (dload->DllNameRVA)
 {
  char *dll = (char*)((uintptr_t)lib + dload->DllNameRVA);
  if (!strcmp(dll,"mydll.dll")) {
      MessageBoxA(0,"found mydll","info",0);
      PIMAGE_THUNK_DATA firstthunk = (PIMAGE_THUNK_DATA)((uintptr_t)lib + dload->ImportNameTableRVA);
      PIMAGE_THUNK_DATA functhunk = (PIMAGE_THUNK_DATA)((uintptr_t)lib + dload->ImportAddressTableRVA);
      while (firstthunk->u1.AddressOfData)
      {
      if (firstthunk->u1.Ordinal & IMAGE_ORDINAL_FLAG) {}
      else {
          PIMAGE_IMPORT_BY_NAME byName = (PIMAGE_IMPORT_BY_NAME)((uintptr_t)lib + firstthunk->u1.AddressOfData);
          if (!strcmp((char*)byName->Name,"func")) {
              MessageBoxA(0,"found func","info",0);
              DWORD oldProtect;
              DWORD tmp;
              VirtualProtect(&functhunk->u1.Function, sizeof(uintptr_t), PAGE_EXECUTE_READWRITE, &oldProtect);
              functhunk->u1.Function = (uintptr_t)hControlService;
              VirtualProtect(&functhunk->u1.Function, sizeof(uintptr_t), oldProtect, &tmp);
              MessageBoxA(0, "hooked func", "info", 0);
          }
      }
      functhunk++;
      firstthunk++;
      }
  }
  dload++;
 }
How receive hook from Bitbucket on JIRA and process this hook data?

How receive hook from Bitbucket on JIRA and process this hook data?


By : Hemant Barhate
Date : March 29 2020, 07:55 AM
should help you out I figured it out, it's simple via WebHooks
I used the plugin JIRA Automation
Deviarev2 Hook API: Hook into existing process winapi calls?

Deviarev2 Hook API: Hook into existing process winapi calls?


By : sajid hasan
Date : March 29 2020, 07:55 AM
wish of those help It's actually much easier to hook APIs in your own process (actually when you want to hook in another process you need to DLL inject into that process anyway, so basically when you're hooking in your own process you can just skip that step). It might be a bug with the library you are using. Try Microsoft Detours or if you're up to it, patch the memory yourself, it's not that hard actually, a few hours work if you're new to the subject.
What you need to be wary of is that some C++ compilers will in some cases (I think debug builds) use some jump stub or something like this, which can interfere with the hooking process. In that case you must take some extra care when hooking - MS Detours probably does this properly. You can try debug/release builds if that affects your success. What I mean is to get the proper address of the API. If the function is in a DLL like is the case with WinAPI you can be sure you are getting the right address if you use LoadLibrary and GetProcAddress.
Related Posts Related Posts :
  • How to wrap std::chrono in a c++ iterator type
  • Check if a socket is connected in mac os x
  • Grabbing the mouse cursor in GLFW
  • Calling Windows shell menu (same as right-click in Explorer) for multiple files programmatically
  • Pop up dialog to save file in seperate thread
  • Why would you use the keyword const if you already know variable should be constant?
  • Detecting Small Sound Effects In C++
  • How to avoid the copy when I return
  • Getting error code C2228: left of '._Ptr' must have class/struct/union
  • In win32 C++ programming how can I duplicate a window style?
  • Should the order of import statements matter when importing a .so?
  • Design decision regarding std::array fill
  • Access array of C++ structs from Fortran?
  • Determining when functions allocate memory in C++
  • C++ using std::set remove duplicate item for a struct fail.
  • Code to find out the number of triplets which lead to a sum less than or equal to threshold is giving a wrong output
  • Converting glm::lookat matrix to quaternion and back
  • Searching multi-dimensional vectors
  • Send and receive via SOCKS5 c++
  • GDI+: unhandled exception when drawing bitmap
  • Editing other processes memory
  • Object deleted when its member function is being executed?
  • Infinite Loop while inputting the different data type values in STACK
  • const members and operator=
  • Threaded Video Player sync
  • Does infinite of floating point number satisfy these equation?
  • map sorting in c++ by the frequencies
  • The Preprocessor program linked in g++ similar to the cpp program in gcc
  • How is the union used in this OpenCV library?
  • C++ memory leak in recursion
  • C++ Error: C4430 and C2143 Error at an impossible place
  • How can I track object lifetime in C++11 lambda?
  • #include statement mapping in Biicode (biicode.conf)
  • std::equal gives "Term doesnt evaluate to a function taking 2 arguments"
  • C++ template argument as reference lvalue
  • Legal to forward declare C standard library entities but not C++ standard library entities?
  • Conversion of wchar_t* to string
  • VirtualTreeView - Embarcadero C++ Builder XE7 - 64 bits
  • I don't understand C++ pointer arithmetic
  • Invalid addition of constness? Error: Cannot use char** to initialize const char**
  • Initilize constructor of class from another class
  • what happens when a class object is used as an index for an array?
  • Read and straighten multiple images from vector string, get error: "vector subscript out of range" [c++]
  • Meaning of a few lines in C++
  • Map, pair-vector or two vectors...?
  • Redefinition error in ostream overload in template and inherited classes
  • CUDA 6.5: error MSB3191 Unable to create directory and LNK2001 Unresolved External symbol
  • Is it possible to overlap batched FFTs with CUDA's cuFFT library and cufftPlanMany?
  • How to delete function from DLL binary
  • How do I loop over a boost MPL list of non-default constructed classes?
  • Download page using IE engine + use POST
  • How to insert an element into ublas matrix with dynamic size
  • Using typedefs appropriately to avoid "typedef contamination"
  • C++ Simple Converting from Binary to Decimal
  • error deleting item from list after passing through function
  • C++: RVO, NRVO and returning local objects
  • performance map c++ find (g++ (GCC) 4.4.7 20120313 (Red Hat 4.4.7-3))
  • How to change the fundamental underlying container type for the adaptor containers?
  • Crash when SAFE_RELEASE is called on IMMDeviceEnumerator
  • Visual Studio C++, how to change the text color for "nullptr"
  • shadow
    Privacy Policy - Terms - Contact Us © ourworld-yourmove.org