unresolved external

c++ / delphi package - dll injection and api hooking

unresolved external

Postby gegs » Mon Jun 07, 2004 3:34 am

BCB6,c++
using madcodehook for hooking api getforegroundwindow().
include: madCodeHook.hpp
calling: InitializeMadCHook(),HookAPI()

-> LinkerError: unresolved external '__fastcall Madcodehook::InitalizeMadCHook()' referenced from ...main.obj
-> LinkerError: unresolved external '__stdcall Madcodehook::HookAPI(...)' referenced from ...main.obj

any help?
gegs
 
Posts: 7
Joined: Mon Jun 07, 2004 3:21 am

Postby madshi » Mon Jun 07, 2004 7:27 am

In BCB when using madCodeHook.hpp you don't need InitializeMadCHook and FinalizeMadCHook.

BUT that's not the reason for the problem you're describing. Hmmm... Please try to add this to your project file:

#pragma link "madCodeHook"

Does that help?
madshi
Site Admin
 
Posts: 9719
Joined: Sun Mar 21, 2004 5:25 pm

Postby gegs » Mon Jun 07, 2004 10:13 am

thx for the fast answer ;)

linking 'everything' ->
Code: Select all
#pragma link "madCodeHook"
#pragma link "madRemote"
#pragma link "madTools"
#pragma link "madTypes"
#pragma link "madStrings"
#pragma link "maddisasm"

seems to be the solution, so no errors/dll compiled (200kb).
Now i need to call the 'original' function from the 'hooked' function.
I tried:
Code: Select all
HWND WINAPI GetForegroundWindowWCallback(void)

  HWND result = GetForegroundWindowWNext(); 
  return result;
}

but this crashes the target.exe (hook per dllinjection) so i guess GetForegroundWindowWNext() doesnt return a HWND value? or maybe i dont get the exact idea how madhook works ;)
And another question:
is it possible to get the address of the function who 'calls' the hooked function? (MSVC++ -> _returnaddress:BCB6 or madCode* -> ?)
gegs
 
Posts: 7
Joined: Mon Jun 07, 2004 3:21 am

Postby madshi » Mon Jun 07, 2004 10:50 am

Please post your full dll source code here.

The caller can be identified by using madCodeHook.GetCallingModule. That is, if you're interested in the module only. If you want to know more about the caller, you have to use inline assembler.
madshi
Site Admin
 
Posts: 9719
Joined: Sun Mar 21, 2004 5:25 pm

Postby gegs » Mon Jun 07, 2004 11:13 am

target.exe runs fine up to the moment where the hooked function is called
i hope i didnt forget something while copy&pasting...
maybe its the 'Beep()' that crashes the exe ? guess not, but i never use Beep usually...
main.cpp:
Code: Select all
#define  WIN32_LEAN_AND_MEAN
#pragma optimize("gsy",on)

#include <windows.h>
#include <stdio.h>

#include "main.h"
#include "madCodeHook.hpp"
#pragma link "madCodeHook"
#pragma link "madRemote"
#pragma link "madTools"
#pragma link "madTypes"
#pragma link "madStrings"
#pragma link "maddisasm"

HMODULE hTtnDll = (NULL);

//***************************************************************
HWND (WINAPI *GetForegroundWindowANext) (void);
HWND (WINAPI *GetForegroundWindowWNext) (void);

//***************************************************************

HWND WINAPI GetForegroundWindowACallback(void)
{
  Beep(500,250);
  HWND result = GetForegroundWindowANext();
  //HWND result = 0;
  return result;
}

HWND WINAPI GetForegroundWindowWCallback(void)
{
  Beep(500,250);
  HWND result = GetForegroundWindowWNext();
  //HWND result = 0;
  return result;
}
//***************************************************************

bool WINAPI DllMain(HMODULE hDll, DWORD dwReason, PVOID pvReserved)
{
   if(dwReason == DLL_PROCESS_ATTACH)
   {
      hTtnDll = hDll;
      DisableThreadLibraryCalls(hDll);

      

                HookAPI("user32.dll", "GetForegroundWindowA", GetForegroundWindowACallback, (PVOID*) &GetForegroundWindowANext);
                HookAPI("user32.dll", "GetForegroundWindowW", GetForegroundWindowWCallback, (PVOID*) &GetForegroundWindowWNext);

      return TRUE;
   }
   return FALSE;
}


main.h
Code: Select all
extern HMODULE hTtnDll;
gegs
 
Posts: 7
Joined: Mon Jun 07, 2004 3:21 am

Postby madshi » Mon Jun 07, 2004 11:36 am

First of all: There is no GetForegroundWindowA and GetForegroundWindowW, instead there's only a GetForegroundWindow. But that is most probably not the reason of the crash.

Code: Select all
HookAPI("user32.dll", "GetForegroundWindowA", GetForegroundWindowACallback, (PVOID*) &GetForegroundWindowANext);

I don't know exactly what C++ does with that. Does it really give the address of "GetForegroundWindowACallback" to HookAPI? Or does it *call* "GetForegroundWindowACallback" and return the result to HookAPI? That would explain the crash, because GetForegroundWindowACallback calls GetForegroundWindowANext, which is still NULL at the time.
madshi
Site Admin
 
Posts: 9719
Joined: Sun Mar 21, 2004 5:25 pm

Postby gegs » Mon Jun 07, 2004 1:17 pm

lol my bad, corrected the code. now the crash happens @ dllmain hookapi().

Type-Def c++:
PVOID == Pointer to any type
VOID == any type
DWORD == Doubleword (32 bits)

GetForegroundWindowCallback is called i guess. But I use hookapi the same way it is shown in the c++ sourcefiles for HookFindNextFile, HookProcessCreation? Would it be a solution to call GetForegroundWindow() before hookapi() is called and store the return value for use until GetForegroundWindowNext() isnt NULL anymore?
I've seen other hookmethods using DWORD for addresses if thats what u mean?
gegs
 
Posts: 7
Joined: Mon Jun 07, 2004 3:21 am

Postby madshi » Mon Jun 07, 2004 1:28 pm

Try &GetForegroundWindowCallback. Don't know why MSVC should call your function instead of using the address, but who knows? The different might be that your function has no parameters, while in my demos all the functions have parameters. So maybe in my demos C++ knows that it isn't supposed to call the functions, because the parameters are missing? Well, I'm just guessing...
madshi
Site Admin
 
Posts: 9719
Joined: Sun Mar 21, 2004 5:25 pm

Postby gegs » Mon Jun 07, 2004 1:38 pm

u were right ;)
taking the 'GetForegroundWindowNext()' call out of
Code: Select all
HWND WINAPI GetForegroundWindowCallback(void)
{
  Beep(500,150);
  //HWND result = GetForegroundWindowNext();
  HWND result = 0;
  return result;
}

and just returning 0 seems to hook the function, as it continuously (?spelling?) beeps (what is logical as the target.exe needs to update GetForegroundWindow() quite often)
I'll test it a bit more but this looks promising.
btw its wonderful that u not only share ur work with others but even help them using it. If only more people would act like this...

P.S. if i add the & i get a
[C++ Warnung] main.cpp(144): W8001 & bei Funktion überflüssig
gegs
 
Posts: 7
Joined: Mon Jun 07, 2004 3:21 am

Postby madshi » Mon Jun 07, 2004 1:59 pm

Hmmmm... Try this:

Code: Select all
PVOID testPtr;

testPtr = (PVOID) &GetForegroundWindowCallback;
HookAPI(..., testPtr, ...);

Do you then still get the warning?
madshi
Site Admin
 
Posts: 9719
Joined: Sun Mar 21, 2004 5:25 pm

Postby gegs » Mon Jun 07, 2004 2:27 pm

yes still the same warning, but warning does mean BCB compiles the dll and it runs as if i didnt add & (or & per testPtr). But as far i can see (hear *g*), the function is hooked, no crashes/errors... now i need just to get the HWND for the active window and everythings fine
gegs
 
Posts: 7
Joined: Mon Jun 07, 2004 3:21 am

Postby madshi » Mon Jun 07, 2004 2:32 pm

Sounds really strange to me. I've no idea where the problem comes from.
madshi
Site Admin
 
Posts: 9719
Joined: Sun Mar 21, 2004 5:25 pm

Postby gegs » Mon Jun 07, 2004 2:39 pm

np, i'll just keep testing. if i find anything interesting i'll post it here. Up to now you helped me a lot more with hooks than everyone else (google included *g*), so a BIG thank you ;)
gegs
 
Posts: 7
Joined: Mon Jun 07, 2004 3:21 am


Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 3 guests

cron