getcallingmodule

c++ / delphi package - dll injection and api hooking
Post Reply
jonny_valentine
Posts: 109
Joined: Thu Dec 30, 2004 9:59 pm
Location: UK

getcallingmodule

Post by jonny_valentine »

Hello all.

Does anyone know why the getcallingmodule returns the path of my own .dll?

code:

Code: Select all

TCHAR szCallingModulePath[MAX_PATH]; 
HMODULE hCallingModule = (HMODULE) GetCallingModule(); 
GetModuleFileName ( hCallingModule, szCallingModulePath, sizeof(szCallingModulePath) );
the szCallingModulePath is always the path to my own injected .dll and never the .dll that called the api function.

I simple need to know what process and .dll inside that process called the api.

I have no idea what a stack frame is, so if its because of that, can someone briefly explain.

Thanks in advance,

Jon
Top
uall
Posts: 254
Joined: Sun Feb 20, 2005 1:24 pm

Post by uall »

getcallingmodule returns no path
it should return the handle of the calling module, but in you case it sees math it is return your modulehandle

so are you sure you call this in the Callback? if so, try to call it FIRST in callback and save it into a variable wehen u need it later

if that doesnt help you must wait until madshi has an idea, i havent the sourcecode so i dont know how he did it :)
Top
madshi
Site Admin
Posts: 10764
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Yep, uall is right, you need to call it directly in your hook callback function - not in any other function which is called from your hook callback function. How does your complete hook callback function look like?

Stack frames is a special frame of asm instructions which the compiler inserts to the beginning and end of each function. In Delphi it's being used automatically if it makes sense. Furthermore you can force it for a specific function or for all functions. Not sure how C++ handles this. I guess C++ also uses stack frames when it makes sense. Not sure whether you can force stack frames.
Top
jonny_valentine
Posts: 109
Joined: Thu Dec 30, 2004 9:59 pm
Location: UK

Post by jonny_valentine »

excellent, thankyou...

I simply put

Code: Select all

TCHAR szCallingModulePath[MAX_PATH];
at the top of the project and..

Code: Select all

	HMODULE hCallingModule = (HMODULE) GetCallingModule(); 
	GetModuleFileName ( hCallingModule, szCallingModulePath, sizeof(szCallingModulePath) );
Inside each callback function.

This works. I used to call a separate function to deal with this eg:

function

...
writefilename()

return...

/function




The szCallingModulePath contains the whole path of the file, including the filename.
How do i trim off all but the filename? eg:

'c:\folder\folder\file.exe'

i want 'file.exe' only

In Visual Basic i use split or instr functions.

Thanks
Top
dcsoft
Posts: 380
Joined: Sat Dec 11, 2004 2:11 am
Location: San Francisco Bay Area, CA USA
Contact:
Contact dcsoft

Post by dcsoft »

jonny_valentine wrote:How do i trim off all but the filename? eg:

'c:\folder\folder\file.exe'

i want 'file.exe' only
Use PathFindFileName() from shlwapi.dll (available in Win98 or later).

-- David
Top
Post Reply

Return to “madCodeHook”