madshi.net

Posted: **Thu Jan 11, 2007 5:06 pm**

Hello,

I want to Hook a Function, but it dont work. When I use HookAPI is alwas False.

if(HookAPI('msvcrt.dll', 'fopen', @fopenCallback, @fopenNext)=false) then begin
showMessage('Error');
end;

His is before:

Code: Select all

var fopenNext: function(filename: pchar; mode: pchar): pointer;

function fopenCallback(filename: pchar; mode: pchar): pointer;
begin 
  result := fopenNext(filename, mode); 
end;

I load The Libery whis:

Code: Select all

procedure TForm1.Button1Click(Sender: TObject);
var fHookLibrary:     HMODULE;
begin
fHookLibrary := LoadLibrary('HookDLL.dll');
If fHookLibrary <> 0 Then Begin
end;
end;

can you help? tanks

Posted: **Fri Jan 12, 2007 3:25 am**

If you want to hook open file/create file use

CreateFileEx
CreateFile
OpenFile

Or, use the native API (this will catch all of the above aswell):

NtOpenFile
NtCreateFile

Posted: **Sun Jan 14, 2007 1:40 pm**

no, it was only a examble.

Hat had Tested a litle bit and now it works good!

Now I want Hook NtReadFile and ReadFile... whis NtCreateFile it works, but by NtReadFile I can't find the Filename for the Pointer:

Code: Select all

function New_NtReadFile(FileHandle, Event: THandle; ApcRoutine: Pointer; ApcContext: Pointer; IoStatusBlock: Pointer; Buffer: Pointer; Length: ULONG; ByteOffset: Pointer; Key: Pointer): LongInt; stdcall;
begin
  Result := Old_NtReadFile(FileHandle, Event, ApcRoutine, ApcContext,
              IoStatusBlock, Buffer, Length, ByteOffset, Key);
end;

Code: Select all

function New_ReadFile(hFile: THandle; var Buffer; nNumberOfBytesToRead: DWORD;
  var lpNumberOfBytesRead: DWORD; lpOverlapped: POverlapped): BOOL; stdcall;
begin
  Result := Old_ReadFile(hFile, Buffer, nNumberOfBytesToRead, lpNumberOfBytesRead, lpOverlapped);
end;

Thanks for Help! Please.

madshi.net

How to use madCollection?

How to use madCollection?