madshi.net

Hmmm, have you tried modifying the VMT directly instead of using HookCode() in the case of IFileDialog? In other words, replacing the method address pointer in the virtual method table (VMT) instead of overwriting the method address in memory at the prologue (first few binary bytes, which HookCode does). That should get around any uninterceptable code because the address is replaced to point to your callback directly, much like the way IAT patching works, it's an address replacement inside a table only.

--Iconic

iconic wrote:Hmmm, have you tried modifying the VMT directly instead of using HookCode() in the case of IFileDialog? In other words, replacing the method address pointer in the virtual method table (VMT) instead of overwriting the method address in memory at the prologue (first few binary bytes, which HookCode does). That should get around any uninterceptable code because the address is replaced to point to your callback directly, much like the way IAT patching works, it's an address replacement inside a table only.

--Iconic

Hi Iconic,

I tried using VMT for IFileDialogue::Show and that worked fine. Thanks for your valuable help.
Just had one doubt: "whether there is a possibility of the vtable changing for an Interface (IFileDialogue), say for e.g. When an interface can be created with different CLSIDs."

COM technology has to adhere to contract standards for interoperability (this is a Microsoft derived interface even, not 3rd-party) so the chances are virtually none that the index you're referring to would change in the case of the generic Show() method. IID is more important than CLSID here in your case. IUnknown -> IModalWindow -> IFileDialog should be the inheritance hierarchy (interface wise) with IModalWindow directly exposing the Show() method

--Iconic