How to use madCollection?

contains all delphi packages mentioned below
Post Reply
Sascha9999999999
Posts: 7
Joined: Thu Jan 11, 2007 4:57 pm

How to use madCollection?

Post by Sascha9999999999 »

Hello,

I want to Hook a Function, but it dont work. When I use HookAPI is alwas False.

Code: Select all

if(HookAPI('msvcrt.dll', 'fopen', @fopenCallback, @fopenNext)=false) then begin
showMessage('Error');
end;
His is before:

Code: Select all

var fopenNext: function(filename: pchar; mode: pchar): pointer;

function fopenCallback(filename: pchar; mode: pchar): pointer;
begin 
  result := fopenNext(filename, mode); 
end;
I load The Libery whis:

Code: Select all

procedure TForm1.Button1Click(Sender: TObject);
var fHookLibrary:     HMODULE;
begin
fHookLibrary := LoadLibrary('HookDLL.dll');
If fHookLibrary <> 0 Then Begin
end;
end;
can you help? tanks
gnif
Posts: 46
Joined: Fri Jan 05, 2007 9:12 am

Post by gnif »

If you want to hook open file/create file use

CreateFileEx
CreateFile
OpenFile

Or, use the native API (this will catch all of the above aswell):

NtOpenFile
NtCreateFile
Sascha9999999999
Posts: 7
Joined: Thu Jan 11, 2007 4:57 pm

Post by Sascha9999999999 »

no, it was only a examble.

Hat had Tested a litle bit and now it works good!

Now I want Hook NtReadFile and ReadFile... whis NtCreateFile it works, but by NtReadFile I can't find the Filename for the Pointer:

Code: Select all

function New_NtReadFile(FileHandle, Event: THandle; ApcRoutine: Pointer; ApcContext: Pointer; IoStatusBlock: Pointer; Buffer: Pointer; Length: ULONG; ByteOffset: Pointer; Key: Pointer): LongInt; stdcall;
begin
  Result := Old_NtReadFile(FileHandle, Event, ApcRoutine, ApcContext,
              IoStatusBlock, Buffer, Length, ByteOffset, Key);
end;

Code: Select all

function New_ReadFile(hFile: THandle; var Buffer; nNumberOfBytesToRead: DWORD;
  var lpNumberOfBytesRead: DWORD; lpOverlapped: POverlapped): BOOL; stdcall;
begin
  Result := Old_ReadFile(hFile, Buffer, nNumberOfBytesToRead, lpNumberOfBytesRead, lpOverlapped);
end;
Thanks for Help! Please.
Post Reply