unresolved external

c++ / delphi package - dll injection and api hooking
Post Reply
gegs
Posts: 7
Joined: Mon Jun 07, 2004 3:21 am

unresolved external

Post by gegs »

BCB6,c++
using madcodehook for hooking api getforegroundwindow().
include: madCodeHook.hpp
calling: InitializeMadCHook(),HookAPI()

-> LinkerError: unresolved external '__fastcall Madcodehook::InitalizeMadCHook()' referenced from ...main.obj
-> LinkerError: unresolved external '__stdcall Madcodehook::HookAPI(...)' referenced from ...main.obj

any help?
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

In BCB when using madCodeHook.hpp you don't need InitializeMadCHook and FinalizeMadCHook.

BUT that's not the reason for the problem you're describing. Hmmm... Please try to add this to your project file:

#pragma link "madCodeHook"

Does that help?
gegs
Posts: 7
Joined: Mon Jun 07, 2004 3:21 am

Post by gegs »

thx for the fast answer ;)

linking 'everything' ->

Code: Select all

#pragma link "madCodeHook"
#pragma link "madRemote"
#pragma link "madTools"
#pragma link "madTypes"
#pragma link "madStrings"
#pragma link "maddisasm"
seems to be the solution, so no errors/dll compiled (200kb).
Now i need to call the 'original' function from the 'hooked' function.
I tried:

Code: Select all

HWND WINAPI GetForegroundWindowWCallback(void)
{  
  HWND result = GetForegroundWindowWNext();  
  return result;
}
but this crashes the target.exe (hook per dllinjection) so i guess GetForegroundWindowWNext() doesnt return a HWND value? or maybe i dont get the exact idea how madhook works ;)
And another question:
is it possible to get the address of the function who 'calls' the hooked function? (MSVC++ -> _returnaddress:BCB6 or madCode* -> ?)
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Please post your full dll source code here.

The caller can be identified by using madCodeHook.GetCallingModule. That is, if you're interested in the module only. If you want to know more about the caller, you have to use inline assembler.
gegs
Posts: 7
Joined: Mon Jun 07, 2004 3:21 am

Post by gegs »

target.exe runs fine up to the moment where the hooked function is called
i hope i didnt forget something while copy&pasting...
maybe its the 'Beep()' that crashes the exe ? guess not, but i never use Beep usually...
main.cpp:

Code: Select all

#define  WIN32_LEAN_AND_MEAN
#pragma optimize("gsy",on) 

#include <windows.h>
#include <stdio.h>

#include "main.h"
#include "madCodeHook.hpp"
#pragma link "madCodeHook"
#pragma link "madRemote"
#pragma link "madTools"
#pragma link "madTypes"
#pragma link "madStrings"
#pragma link "maddisasm"

HMODULE hTtnDll = (NULL);

//***************************************************************
HWND (WINAPI *GetForegroundWindowANext) (void);
HWND (WINAPI *GetForegroundWindowWNext) (void);

//***************************************************************

HWND WINAPI GetForegroundWindowACallback(void)
{
  Beep(500,250);
  HWND result = GetForegroundWindowANext();
  //HWND result = 0;
  return result;
}

HWND WINAPI GetForegroundWindowWCallback(void)
{
  Beep(500,250);
  HWND result = GetForegroundWindowWNext();
  //HWND result = 0;
  return result;
}
//***************************************************************

bool WINAPI DllMain(HMODULE hDll, DWORD dwReason, PVOID pvReserved)
{
	if(dwReason == DLL_PROCESS_ATTACH)
	{
		hTtnDll = hDll;
		DisableThreadLibraryCalls(hDll);

		

                HookAPI("user32.dll", "GetForegroundWindowA", GetForegroundWindowACallback, (PVOID*) &GetForegroundWindowANext);
                HookAPI("user32.dll", "GetForegroundWindowW", GetForegroundWindowWCallback, (PVOID*) &GetForegroundWindowWNext);

		return TRUE;
	}
	return FALSE;
}
main.h

Code: Select all

extern HMODULE hTtnDll;
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

First of all: There is no GetForegroundWindowA and GetForegroundWindowW, instead there's only a GetForegroundWindow. But that is most probably not the reason of the crash.

Code: Select all

HookAPI("user32.dll", "GetForegroundWindowA", GetForegroundWindowACallback, (PVOID*) &GetForegroundWindowANext);
I don't know exactly what C++ does with that. Does it really give the address of "GetForegroundWindowACallback" to HookAPI? Or does it *call* "GetForegroundWindowACallback" and return the result to HookAPI? That would explain the crash, because GetForegroundWindowACallback calls GetForegroundWindowANext, which is still NULL at the time.
gegs
Posts: 7
Joined: Mon Jun 07, 2004 3:21 am

Post by gegs »

lol my bad, corrected the code. now the crash happens @ dllmain hookapi().

Type-Def c++:
PVOID == Pointer to any type
VOID == any type
DWORD == Doubleword (32 bits)

GetForegroundWindowCallback is called i guess. But I use hookapi the same way it is shown in the c++ sourcefiles for HookFindNextFile, HookProcessCreation? Would it be a solution to call GetForegroundWindow() before hookapi() is called and store the return value for use until GetForegroundWindowNext() isnt NULL anymore?
I've seen other hookmethods using DWORD for addresses if thats what u mean?
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Try &GetForegroundWindowCallback. Don't know why MSVC should call your function instead of using the address, but who knows? The different might be that your function has no parameters, while in my demos all the functions have parameters. So maybe in my demos C++ knows that it isn't supposed to call the functions, because the parameters are missing? Well, I'm just guessing...
gegs
Posts: 7
Joined: Mon Jun 07, 2004 3:21 am

Post by gegs »

u were right ;)
taking the 'GetForegroundWindowNext()' call out of

Code: Select all

HWND WINAPI GetForegroundWindowCallback(void)
{
  Beep(500,150);
  //HWND result = GetForegroundWindowNext();
  HWND result = 0;
  return result;
}
and just returning 0 seems to hook the function, as it continuously (?spelling?) beeps (what is logical as the target.exe needs to update GetForegroundWindow() quite often)
I'll test it a bit more but this looks promising.
btw its wonderful that u not only share ur work with others but even help them using it. If only more people would act like this...

P.S. if i add the & i get a
[C++ Warnung] main.cpp(144): W8001 & bei Funktion überflüssig
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Hmmmm... Try this:

Code: Select all

PVOID testPtr;

testPtr = (PVOID) &GetForegroundWindowCallback;
HookAPI(..., testPtr, ...);
Do you then still get the warning?
gegs
Posts: 7
Joined: Mon Jun 07, 2004 3:21 am

Post by gegs »

yes still the same warning, but warning does mean BCB compiles the dll and it runs as if i didnt add & (or & per testPtr). But as far i can see (hear *g*), the function is hooked, no crashes/errors... now i need just to get the HWND for the active window and everythings fine
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Sounds really strange to me. I've no idea where the problem comes from.
gegs
Posts: 7
Joined: Mon Jun 07, 2004 3:21 am

Post by gegs »

np, i'll just keep testing. if i find anything interesting i'll post it here. Up to now you helped me a lot more with hooks than everyone else (google included *g*), so a BIG thank you ;)
Post Reply