Hooking Question
-
- Posts: 5
- Joined: Sun Sep 12, 2004 12:33 am
Hooking Question
Hi all...
I´ve started using madcodehook ( its way too great! ) and i need to make a program that protects some process...
ive writed it so its protecting from "terminateprocess" "exitprocess" i tested it and its working...
Now i need to give this process readonly access, like if some other process tries to write or restart or do whatever to it, it hook and wont let it write... i dont know if i explained it well since my english sux.
is it possible? if so, can you point me with advices?
ty
I´ve started using madcodehook ( its way too great! ) and i need to make a program that protects some process...
ive writed it so its protecting from "terminateprocess" "exitprocess" i tested it and its working...
Now i need to give this process readonly access, like if some other process tries to write or restart or do whatever to it, it hook and wont let it write... i dont know if i explained it well since my english sux.
is it possible? if so, can you point me with advices?
ty
-
- Posts: 5
- Joined: Sun Sep 12, 2004 12:33 am
Well, you have to define what you mean with write access exactly. There is no real definition for "write access to a process" in Windows. I guess you mean you want to stop manipulation of another process somehow? Then you will have to hook a whole bunch of APIs. E.g. WriteProcessMemory, CreateRemoteThread, TerminateProcess, TerminateThread, maybe even Send/PostMessage...
Perhaps you should just hook OpenProcess and don't let it succeed under the wanted circumstances. Then you could probably forget about hooking TerminateProcess and CreateRemoteThread and WriteProcessMemory.
Perhaps you should just hook OpenProcess and don't let it succeed under the wanted circumstances. Then you could probably forget about hooking TerminateProcess and CreateRemoteThread and WriteProcessMemory.
-
- Posts: 5
- Joined: Sun Sep 12, 2004 12:33 am
Wow, nice sugestion. if it wont open it wont close it lol.
I saw this on the site
function OpenProcessCallback(access : dword;
inheritHandles : bool;
processHandle : dword) : dword; stdcall;
begin
###### what i need to put here? how do i kill it so it wont open the process?
end;
then i hook it
HookAPI('kernel32.dll', 'OpenProcessCall', @openprocesscallback, @openprocesscallbacknext);
ps. sorry im very new to this. thanks for your help and patience.
I saw this on the site
function OpenProcessCallback(access : dword;
inheritHandles : bool;
processHandle : dword) : dword; stdcall;
begin
###### what i need to put here? how do i kill it so it wont open the process?
end;
then i hook it
HookAPI('kernel32.dll', 'OpenProcessCall', @openprocesscallback, @openprocesscallbacknext);
ps. sorry im very new to this. thanks for your help and patience.
>> what i need to put here? how do i kill it so it wont open the process?
Well, I can't do all the work for you. Generally I'm refusing to do that. Mainly for one reason: If I do all the work, you'll come back with every little question again and again in the future and I simply don't have the time for that. You need to dig into this yourself.
What I can say is this: Look up the documentation of OpenProcess and read how the caller of OpenProcess can find out whether the call succeeded or not. Your Callback must behave so that the caller of OpenProcess can properly detect that his OpenProcess call failed. And the caller should also be able to ask why.
HookAPI('kernel32.dll', 'OpenProcessCall', @openprocesscallback, @openprocesscallbacknext);
That's incorrect. Check out Windows.pas to see how OpenProcess is defined and which dll exports it with which name.
Well, I can't do all the work for you. Generally I'm refusing to do that. Mainly for one reason: If I do all the work, you'll come back with every little question again and again in the future and I simply don't have the time for that. You need to dig into this yourself.
What I can say is this: Look up the documentation of OpenProcess and read how the caller of OpenProcess can find out whether the call succeeded or not. Your Callback must behave so that the caller of OpenProcess can properly detect that his OpenProcess call failed. And the caller should also be able to ask why.
HookAPI('kernel32.dll', 'OpenProcessCall', @openprocesscallback, @openprocesscallbacknext);
That's incorrect. Check out Windows.pas to see how OpenProcess is defined and which dll exports it with which name.
-
- Posts: 5
- Joined: Sun Sep 12, 2004 12:33 am
madshi
I do understand what you told, and i agree, im being too lazy.
i was trying to do the proggie work last night and i came out with this pice of code:
the hook part you told me
>> HookAPI('kernel32.dll', 'OpenProcessCall', @openprocesscallback, @openprocesscallbacknext);
i changed to
HookAPI('kernel32.dll', 'OpenProcess', @openprocesscallback, @openprocesscallbacknext);
i have tried it and seens to work now
I do understand what you told, and i agree, im being too lazy.
i was trying to do the proggie work last night and i came out with this pice of code:
Code: Select all
function OpenProcessCallback(access : dword;
inheritHandles : bool;
processHandle : dword) : dword; stdcall;
begin
if ThisIsOurProcess(processHandle) then // checks if the process is the process im hooking
begin
result := null;
SetLastError(ERROR_ACCESS_DENIED)
end
else
result := OpenProcessNext(access, inheritHandles, processHandle);
>> HookAPI('kernel32.dll', 'OpenProcessCall', @openprocesscallback, @openprocesscallbacknext);
i changed to
HookAPI('kernel32.dll', 'OpenProcess', @openprocesscallback, @openprocesscallbacknext);
i have tried it and seens to work now