Hookapi, Winsock, DLL inject, sharing - a variable gets lost

c++ / delphi package - dll injection and api hooking
Post Reply
deeped
Posts: 6
Joined: Mon Apr 11, 2011 9:37 am

Hookapi, Winsock, DLL inject, sharing - a variable gets lost

Post by deeped »

Lets imagine two architect level:

hooked program + DLL
A client program

I want to share data, when a winsock function run, I want to give some data to the client.

Code: Select all

The DLL:

Var
 l_TestCallfromExe : pointer;

procedure Init (TestCallfromExe: pointer);
begin
  l_TestCallfromExe:= TestCallfromExe;
end;

function mioAccept (s: TSocket; addr: PSockAddr; addrlen: PInteger): TSocket; stdcall;
begin
 [b]l_TestCallfromExe ('dalksdasld'); // this is when I want to notice something to the controller program. And this pointer remains 12345678 instead of the set pointed value![/b]
 Result := acceptNextHook(s, addr, addrlen);
end;

exports
 Init;

begin
 integer(@l_TestCallfromExe):= 12345678;
 LoadLibrary ('wsock32.dll');
 LoadLibrary ('WS2_32.dll');
 CollectHooks;
 HookAPI ('wsock32.dll', 'accept', @mioAccept, @acceptNextHook, 0);
 .... other hooks, all returns TRUE
 FlushHooks;
end.
The other program:

Code: Select all

LoadLibrary ('x.dll');
@l_Init := GetProcAddress (dll, 'Init');
CreateProcessEx (nil, 'target program exe', nil, nil, false, 0, nil, nil, si, pi, 'x.dll');
l_Init (@prodecureToNotifyMe);
what is it all about? I tell the hooked program that there is a routine (prodecureToNotifyMe()) with "init" function. This init always run, I used "beep"s to make sure - still, when the hooked "accept" function triggers, the set "prodecureToNotifyMe" variable remains 12345678, like if I didnt set up! So program cant run.
How to work this around? Init surely runs sooner than the hooked "accept"
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: Hookapi, Winsock, DLL inject, sharing - a variable gets

Post by madshi »

I think you're not understanding the basic concept of how win32 processes work. Each process is totally separate from other processes. If you load your "x.dll" into another process by using CreateProcessEx, the newly created process loads a *copy* of your dll, but the dll runs in the context of the newly created process and doesn't have anything to do with your own application. When your exe calls "l_Init" you're initialiting the copy of the "x.dll" which is loaded in your own process, but that doesn't have any affect on the copies of your dll that are loaded any other processes.

What you need is IPC (inter process communication). Basically your hook dll wants to notify your application about certain things. Your hook dll cannot "call" a function of your application directly, because the hook dlls are loaded in other processes which have are totally separated from your application. What you can do is use specific IPC functions which send a method to your application. Imagine your hook dll calling SendMessage(WindowOfYourApplication). Using SendMessage would actually work in many cases. But in some cases it doesn't work. So it's better to use other methods. E.g. have a look at CreateIpcQueue() and SendIpcMessage(), which are part of the madCodeHook tool set.
deeped
Posts: 6
Joined: Mon Apr 11, 2011 9:37 am

Re: Hookapi, Winsock, DLL inject, sharing - a variable gets

Post by deeped »

thanks for the answer. The SendMessage doesnt work, application wont get the message.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: Hookapi, Winsock, DLL inject, sharing - a variable gets

Post by madshi »

SendMessage was just an example to explain the concept. As I said, using the madCodeHook IPC functions is a better solution than SendMessage for things like this.
deeped
Posts: 6
Joined: Mon Apr 11, 2011 9:37 am

Re: Hookapi, Winsock, DLL inject, sharing - a variable gets

Post by deeped »

Allright, this method seems to work. Before I buy a licence, a last question, maybe offtopic, and unable to answer without code: sometimes, after using it, Win 7 "hangs", this means, some apps wont answer (freezes, white screen), some do, taskmanager wont load either. After about 5 mins everything gets back to normal. I know its hard to answer without code, but is there some tipical errors/situation, which results in hanging the system?
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: Hookapi, Winsock, DLL inject, sharing - a variable gets

Post by madshi »

I'm not aware of such problems with the current 3.x version. Try this demo:

http://madshi.net/HookProcessCreation.zip

It's compiled with the latest 3.x version. Does this also freeze your win7? It should not...
Post Reply