GetCallingModule is now failing .. :s

c++ / delphi package - dll injection and api hooking
Post Reply
jonny_valentine
Posts: 109
Joined: Thu Dec 30, 2004 9:59 pm
Location: UK

GetCallingModule is now failing .. :s

Post by jonny_valentine »

All was working fine, and now it doesn't .. this makes no sense?? ....

This is my code inside the LoadLibraryACallback function:

Code: Select all

DWORD WINAPI LoadLibraryACallback (LPCSTR lpLibFileName)
{

TCHAR szCallingDLLPath[MAX_PATH]; 

	HMODULE hCallingModule = (HMODULE) GetCallingModule(); 
	GetModuleFileName ( hCallingModule, szCallingDLLPath, sizeof(szCallingDLLPath) ); 
	
	LPTSTR mCallingModuleFilename = PathFindFileName(szCallingDLLPath);
	
	if (lstrcmpi("TEST.EXE",mCallingModuleFilename)==0)
	{

		char dta [MAX_PATH + 1];

		lstrcpyA(dta, "E2:");
		lstrcatA(dta, ", ");
		lstrcatA(dta, lpLibFileName);
		lstrcatA(dta, ", ");
		lstrcatA(dta, szCallingDLLPath);
		lstrcatA(dta, ", ");
		lstrcatA(dta, mCallingModuleFilename);

... and so on
The string compare filters out calls from other processes, but is wrong.

The above was working, but now is returning the module path of the current process.
Checking with the example loadlibrary dll Madshi put in the demo folder, it should be returning something else.

Taken from the log file of the example .dll madshi made for loadlibrary hook:


Test.exe kernel32.dll LoadLibraryExA: $61dd0000 flags: - lib: "MCD32.DLL"
Test.exe Test.exe LoadLibraryA: $61dd0000 flags: - lib: "MCD32.DLL" <<<<I WANT THIS LINE ONLY (notice the 2nd Test.exe!!
Test.exe HookLoadLibrary.dll LoadLibraryExW: $5ed00000 flags: - lib: "USER32.dll"



The above shows 2 test.exe's the first being the process itself, the second being the calling module. The code i made should have filtered this line, and DID, now it doesnt.. maybe ive added something to the c++ project??

Any ideas?

many thanks,

Jon
    Top
    madshi
    Site Admin
    Posts: 10764
    Joined: Sun Mar 21, 2004 5:25 pm

    Post by madshi »

    Not sure what to say. Your log output doesn't fit to the code you posted. E.g. there's no "E2:" in the log output. So I don't really know what the log means.
    Top
    jonny_valentine
    Posts: 109
    Joined: Thu Dec 30, 2004 9:59 pm
    Location: UK

    Post by jonny_valentine »

    Hi Madshi,

    The log output shown is from your example .dll, showing what seems to be firstly the process itself, then the callingmodule, then the api, etc

    I think i've found the problem though, i have tracked back to how it worked before and it works again. I simply removed the following code:

    Code: Select all

    #include <crtdbg.h>


and ..


extern "C" BOOL __stdcall _DllMainCRTStartup( HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) {
    return DllMain( hinstDLL, fdwReason, lpvReserved );
}

    Then recompiled and tried again, it worked.

    I'll just have to deal with the slighty larger .dll.

    Thanks for replying anyway.


    Jon
    Top
    Post Reply

    Return to “madCodeHook”