SetWindowLong

c++ / delphi package - dll injection and api hooking

SetWindowLong

Postby cabal » Thu Jul 01, 2004 7:05 am

I'm trying to inject a DLL into another process and insert my own WinProc using InjectLibrary and SetWindowLong.

I am successfully injecting the DLL, but the app crashes when I run SetWindowLong and then move my mouse over the app's window (I am trying to run my own code when one of the two buttons is pressed in the target app)

Is it possible to use SetWIndowLong from an injected DLL?

The code that injects the DLL:

Code: Select all
  wnd := FindWindow('TForm1','Target Me!');
  GetWindowThreadProcessID(wnd, @pid);
  ph := OpenProcess(PROCESS_ALL_ACCESS, false, pid);
  InjectLibrary(ph, 'D:\Projects\Injection\InjectNewWindowLong.dll');
  CloseHandle(ph);


The code for the injected DLL:
Code: Select all
library InjectNewWindowLong;

uses
  Windows, Messages;

{$R *.RES}

const
  ID_CREATEBTN = 100;

var
  OldWinProc: Integer  =  0;
 
procedure Cleanup;
begin
  Beep(2000, 200);
  Beep(500, 200);
  Beep(2000, 200);
  if (OldWinProc <> 0) then
    SetWindowLong(GetCurrentProcess, GWL_WNDPROC, OldWinProc);
end;
 
function NewWndProc(hWindow: HWND; uMsg: UINT; wParam: WPARAM; lParam: LPARAM): LRESULT;
var
  NotifyCode: Integer;
  ID: Integer;
begin
  {case uMsg of
     WM_COMMAND  : begin
        NotifyCode := HIWORD(wParam);
        ID := LOWORD(wParam);

        if (NotifyCode = BN_CLICKED) then
          MessageBox(0, 'Button clicked!!', 'Googoo!', MB_OK or MB_ICONINFORMATION);
     end;
     //WM_CLOSE:  Cleanup;
  end;
}
  // Call original window procedure
  result:=CallWindowProc(Pointer(OldWinProc), hWindow, uMsg, wParam, lParam);
end;

procedure EntryPointProc(Reason: Integer);
begin
  case Reason of
    DLL_PROCESS_ATTACH: begin
      DisableThreadLibraryCalls(HInstance);
      Set8087CW( $133f );
      Beep(100, 1000);
      Beep(500, 1000);
      Beep(1000, 1000);
      OldWinProc := SetWindowLong(FindWindow('TForm1','Target Me!'), GWL_WNDPROC, Integer(@NewWndProc));
    end;
    DLL_THREAD_ATTACH: begin
        Beep(100,1000); Beep(200,1000);Beep(300,1000);
    end;
    DLL_PROCESS_DETACH: begin
      Cleanup;
    end;
  end;
end;

begin
  DllProc := @EntryPointProc;
  EntryPointProc(DLL_PROCESS_ATTACH);
end.


The "target app" is just a new delphi 5 app with two buttons on it that say "Hello World" when clicked.

I have read all your wonderful Experts Exchange posts and I cannot figure this one out. I prefer to inject the DLL instead of using hooks because it's more efficient.
cabal
 
Posts: 2
Joined: Thu Jul 01, 2004 6:53 am

Postby madshi » Thu Jul 01, 2004 1:37 pm

Well, before going remote you should always test the stuff in your own process. You would have noticed that your code won't run there, either. You have at least one big bug in the code, which is that your NewWndProc needs to be "stdcall".
madshi
Site Admin
 
Posts: 9879
Joined: Sun Mar 21, 2004 5:25 pm

Stdcall... *blush*

Postby cabal » Thu Jul 01, 2004 5:19 pm

madshi,

I found this last night! Doh. This is my first time using WinProc and I should've tested this in my own process. Everything works great now.

Thanks
cabal
 
Posts: 2
Joined: Thu Jul 01, 2004 6:53 am


Return to madCodeHook

Who is online

Users browsing this forum: Google [Bot] and 4 guests

cron