Intercepting MFC class method

c++ / delphi package - dll injection and api hooking
Post Reply
ameetmalekar
Posts: 29
Joined: Thu Feb 16, 2012 5:12 am

Intercepting MFC class method

Post by ameetmalekar »

Hello Madshi,

I am trying to hook a member function of a class which is exported from a dll.

Code: Select all

void (WINAPI *UnhookCMainFrame)(LPVOID THIS,char ch,int num,DWORD cls ,HWND *hwnd);

void WINAPI  NewCMainFrame(LPVOID THIS,char ch,int num,DWORD cls,HWND *hwnd)
{
	MessageBox(0,"IN NewCMainFrame","FUN",0);
	return UnhookCMainFrame(THIS,ch, num, cls, hwnd);
}


LPVOID Address_Of_Function = GetProcAddress(GetModuleHandleA("XYZ.dll"), "_Mangled_Name_Of_exported_Class_MemberFunction");
             
Example;-
LPVOID m_pFcn1 = GetProcAddress(GetModuleHandleA("XYZ.dll"), "??0CMainFrame@@QAE@DHPAVCMyUIThread@@PAUHWND__@@@Z");
//i get magled name of above function from dependency walker/depends. 

int res=HookCode(m_pFcn1,NewCMainFrame  ,(PVOID*) &UnhookCMainFrame);
here, HookCode returns -1.

The issue is the application get crashed at the time of UnhookCMainFrame.

I get same address from some API tools also. So I think my address is correct.

I also tried with different combination of function declarations, that is by removing WINAPI and LPVOID THIS parameter, but the result is same.

Regards,
Ameet
Top
madshi
Site Admin
Posts: 10766
Joined: Sun Mar 21, 2004 5:25 pm

Re: Intercepting MFC class method

Post by madshi »

I'm not sure which calling convention MFC uses. Is it WINAPI? Or CDECL? Or FASTCALL? Or something else? I'm not sure.

My first suggestion would be to check/output the parameters in your hook callback function. Do they appear to be correct? The next thing to try would be to step through the generated assembler code with a debugger.
Top
Post Reply

Return to “madCodeHook”