Hook OpenClipboard without MadCodeHook is it possible?

cool_tester · Post by **cool_tester** » Tue Feb 22, 2005 12:49 pm

Hello guys,
Just wondering if i can Hook OpenClipboard in my Application Only without the use of MadCodeHook...

Basically i wan to know when my application is trying to open the clipboard and go from there, give it access or no... depending on what is being copied to the clipboard... i can acheive it in MadCodehook but i want to know if it's doable trough just Delphi.

Thanks,

cool_tester · Post by **cool_tester** » Tue Feb 22, 2005 3:27 pm

Ok after Diggin around i found the following which got it to work under Win2k, but it fails Most of teh time in Win95, it did work a couple of times and now it just won't work in win95 but works fine in Win2k anyone can help fix this problem please.......

Thanks...

Code: Select all


 var
 nextMessageboxA: function(chWnd: HWND): integer;  stdcall;
 oldMessageboxA: function(chWnd: HWND): integer;  stdcall;


procedure HookApi(my, old: pointer; var next: pointer); stdcall;
begin
asm
push PAGE_EXECUTE_READWRITE
push MEM_COMMIT or MEM_RESERVE 
push 64+5*4
push 0 
call VirtualAlloc
push eax 
mov [eax], $C7241C8B; add eax, 4 
mov [eax], $00002404; add eax, 4
mov [eax], $058b0000; add eax, 4 
mov [eax], $00000000; add eax, 4 
mov [eax], $0000158B; add eax, 4
mov [eax], $10890000; add eax, 4 
mov [eax], $0000158B; add eax, 4 
mov [eax], $50890000; add eax, 4
mov [eax], $50E0FF04; add eax, 4 
mov [eax], $00058B52; add eax, 4 
mov [eax], $8B000000; add eax, 4
mov [eax], $00000015; add eax, 4 
mov [eax], $8B108900; add eax, 4 
mov [eax], $00000015; add eax, 4
mov [eax], $04508900; add eax, 4 
mov [eax], $E3FF5A58; add eax, 4 
pop eax
push eax 


mov ebx, eax 
add eax, 6
add ebx, $23 
mov [eax], ebx


add eax, 6 
add ebx, $40-$23
mov [eax], ebx 


add eax, 6 
add ebx, 4 
mov [eax], ebx 


add eax, 8 
add ebx, 4 
mov [eax], ebx 


add eax, 13 
sub ebx, 8 
mov [eax], ebx 


add eax, 6 
add ebx, 12 
mov [eax], ebx 


add eax, 8 
add ebx, 4 
mov [eax], ebx 


push eax 
push esp 
push PAGE_EXECUTE_READWRITE 
push 8
push [old] 
call VirtualProtect 


pop eax
pop eax 
push eax 
add eax, $40 
mov ebx, [old] 
mov [eax], ebx
add eax, 4 
mov ecx, [ebx] 
mov [eax], ecx 
add ebx, 4 
add eax, 4
mov ecx, [ebx] 
mov [eax], ecx 


mov eax, [old]
mov byte ptr [eax], $E9 
add eax, 1 
mov ebx, [my] 
sub ebx, [old]
sub ebx, 5 
mov [eax], ebx 


pop eax 
push eax
add eax, $40 
add eax, 12 
mov ebx, [old] 
mov ecx, [ebx] 
mov [eax], ecx
add eax, 4 
add ebx, 4 
mov ecx,[ebx] 
mov [eax], ecx 


mov eax, [next] 
pop edx 
mov [eax], edx 
end;
end;



function myMessageboxA(ChWnd: HWND): integer; stdcall;
begin 
  //My Code handling here
  Result := nextMessageboxA(0); //if set to ChWnd instead of 0 it fails and give an access error
end;
************  Calling like this ******************
procedure TfrmMain.Button1Click(Sender: TObject);
begin
@oldMessageBoxA := GetProcAddress(LoadLibrary('user32.dll'),'OpenClipboard');
HookApi(@myMessageboxA,@oldMessageBoxA,@nextMessageboxA);
end;

also anyone knows how to UnHook it.?

nildo · Post by **nildo** » Tue Feb 22, 2005 3:31 pm

Hey, what people will think of you if you ask for Linux support at Microsoft's technical support???

nildo · Post by **nildo** » Tue Feb 22, 2005 3:34 pm

Anyway, user32.dll is in the Shared Arena, on win95. Windows is protecting this area. You will only be able to hook DLLs wich aren't "user32.dll", "kernel32.dll", "gdi32.dll".

Hey, you should use MadCodeHook.

uall · Post by **uall** » Tue Feb 22, 2005 3:35 pm

where did u found this?

and have a look @ www.arschvoll.net/myhook.txt
but why dont u want to use madcodehook?

cool_tester · Post by **cool_tester** » Tue Feb 22, 2005 3:36 pm

i know it's nuts....

I will ended up using MadCodeHoock for most of my stuff, i just have this one application that all i want to do is Control the clipboard Access, and i thougth it would be easier done without MadCodeHook...

That's all.

i hope i didn't offened anyone...

Madshi if you don't think it is appropriate please feel free to delete this post.

i found it at this site, which i didn't understand their language, also noticed your name in there uall..... with your code... btw your code doesn't work in Win95 at all.
here is the link

Code: Select all

http://216.239.39.104/translate_c?hl=en&u=http://www.security-world.nl/artikelen.php%3Fcat%3D11

Thanks...

nildo · Post by **nildo** » Tue Feb 22, 2005 3:41 pm

i thougth it would be easier done without MadCodeHook...

By doing with MadCodeHook you won't get problems. Thats the point. Without madCodeHook you will have ALL possible problems.

uall · Post by **uall** » Tue Feb 22, 2005 4:06 pm

ahhh k i knew it, it is my code oO

u can install a messagehandler to get a message if ClipBoard updates, mybe i find he source

cool_tester · Post by **cool_tester** » Wed Feb 23, 2005 1:22 am

Thanks for looking into it, i trie dthe message handler the one that allow you to monitor the clipbard but it gets fired after the fact, what i need is to get notified as soon as the OpenClipboard is called and allow access or not from there, again not as a wide hook just from within my own application.

if it can't be done using messagehooks then MadCodeHook is the only way.

Thanks....