Hijacking?

c++ / delphi package - dll injection and api hooking

Hijacking?

Postby Wintr » Mon Apr 19, 2004 12:35 pm

I am wondering if it's possible to hijack a function of a program by injecting a DLL. For example, I want to inject a DLL paint and then call the MouseDown procedure to draw something to the screen. Any other example is appreciated.
Thanks :)

edit:also if this is possible. how would I go about hooking a function that does not have a name but that i have the offset to? what I want to do is hook the function of a dll file and like I said, I have the offset of it but not the actual name. Anything that might help me figure it out is helpful though. I'm guessing I'll be needing to use GetProcAddress and some other functions like that. Thanks!
Wintr
 
Posts: 4
Joined: Mon Apr 19, 2004 12:32 pm

Postby madshi » Mon Apr 19, 2004 2:44 pm

If you want to simulate mouse events for Paint, you should simply use the API mouse_event. No need to do things like DLL injection in that case.

You can hook functions for which you only have the address. But *please* make sure that you are really sure that you have the correct address. Do not hardcode the address, otherwise you'll most probably crash the target process! Anyway, you not only need the address, you also need to know which parameters the to-be-hooked function has and which calling convention it uses. If you know all that, just use madCodeHook's "HookCode".
madshi
Site Admin
 
Posts: 9664
Joined: Sun Mar 21, 2004 5:25 pm

Postby Wintr » Mon Apr 19, 2004 4:29 pm

That was just an example.

This is what I am trying to achieve.
I want to inject a DLL into an EXE file. This EXE has other DLL's loaded into it. I want to use the functions exported from the other DLL's in mine.

Usually I would just do LoadLibrary to load the DLL then use GetProcAddress to find the address of the function. However, since I am not doing this from an EXE but from an injected DLL, I am wondering if it is different.

I have the offset to the functions in the other DLLs. I can get the address of the DLL then add the offset.

Any more ideas how I can do this ? I am not at home right now so I haven't had time to try these things yet.
Wintr
 
Posts: 4
Joined: Mon Apr 19, 2004 12:32 pm

Postby madshi » Mon Apr 19, 2004 4:33 pm

You can use LoadLibrary/GetModuleHandle + GetProcAddress in your injected dll in the same way you do that in your own exe.
madshi
Site Admin
 
Posts: 9664
Joined: Sun Mar 21, 2004 5:25 pm

Postby Wintr » Tue Apr 20, 2004 2:40 am

(edit)
I posted this on experts-exchange.com if you can help I'll give points ^_^

http://www.experts-exchange.com/Program ... 59904.html

(/edit)
I'm troubled...

This is what I am doing and for some reason I am not getting the right value..


type
TGetTextWidth=function(text: widestring): integer;
var
GetTextWidth: TGetTextWidth;
hmod:=GetModuleHandle('EXTRAFUNCS.DLL');
@GetTextWidth:=GetProcAddress(hmod,pchar($2789));
myint:=GetTextWidth('test');

the function is ordinal 0x2789 so I get the handle that way. For some reason myint is always equal to 504. Can you give me some insight on this ?
Thanks!
Wintr
 
Posts: 4
Joined: Mon Apr 19, 2004 12:32 pm

Postby Wintr » Wed Apr 21, 2004 2:15 am

Thanks for the help there Madshi..
I got another question kind of related to that and I posted it on E-E..175 pts.. here's the link...

http://www.experts-exchange.com/Program ... 61297.html

Also:Delphi doesn't support fastcalls ? I read that the 'register' is the same as fastcall.. but it didn't give me the same results when I tried.. thanks!
Wintr
 
Posts: 4
Joined: Mon Apr 19, 2004 12:32 pm


Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 7 guests

cron