SetWindowLong

c++ / delphi package - dll injection and api hooking
Post Reply
cabal
Posts: 2
Joined: Thu Jul 01, 2004 6:53 am

SetWindowLong

Post by cabal »

I'm trying to inject a DLL into another process and insert my own WinProc using InjectLibrary and SetWindowLong.

I am successfully injecting the DLL, but the app crashes when I run SetWindowLong and then move my mouse over the app's window (I am trying to run my own code when one of the two buttons is pressed in the target app)

Is it possible to use SetWIndowLong from an injected DLL?

The code that injects the DLL:

Code: Select all

  wnd := FindWindow('TForm1','Target Me!');
  GetWindowThreadProcessID(wnd, @pid);
  ph := OpenProcess(PROCESS_ALL_ACCESS, false, pid);
  InjectLibrary(ph, 'D:\Projects\Injection\InjectNewWindowLong.dll');
  CloseHandle(ph);
The code for the injected DLL:

Code: Select all

library InjectNewWindowLong;

uses
  Windows, Messages;

{$R *.RES}

const
  ID_CREATEBTN = 100;

var
  OldWinProc: Integer  =  0;
  
procedure Cleanup;
begin
  Beep(2000, 200);
  Beep(500, 200);
  Beep(2000, 200);
  if (OldWinProc <> 0) then
    SetWindowLong(GetCurrentProcess, GWL_WNDPROC, OldWinProc);
end;
  
function NewWndProc(hWindow: HWND; uMsg: UINT; wParam: WPARAM; lParam: LPARAM): LRESULT;
var
  NotifyCode: Integer;
  ID: Integer;
begin
  {case uMsg of
     WM_COMMAND  : begin
        NotifyCode := HIWORD(wParam);
        ID := LOWORD(wParam);

        if (NotifyCode = BN_CLICKED) then
          MessageBox(0, 'Button clicked!!', 'Googoo!', MB_OK or MB_ICONINFORMATION);
     end;
     //WM_CLOSE:  Cleanup;
  end;
}
  // Call original window procedure
  result:=CallWindowProc(Pointer(OldWinProc), hWindow, uMsg, wParam, lParam);
end;

procedure EntryPointProc(Reason: Integer);
begin
  case Reason of
    DLL_PROCESS_ATTACH: begin
      DisableThreadLibraryCalls(HInstance);
      Set8087CW( $133f );
      Beep(100, 1000);
      Beep(500, 1000);
      Beep(1000, 1000);
      OldWinProc := SetWindowLong(FindWindow('TForm1','Target Me!'), GWL_WNDPROC, Integer(@NewWndProc));
    end;
    DLL_THREAD_ATTACH: begin
        Beep(100,1000); Beep(200,1000);Beep(300,1000);
    end;
    DLL_PROCESS_DETACH: begin
      Cleanup;
    end;
  end;
end;

begin
  DllProc := @EntryPointProc; 
  EntryPointProc(DLL_PROCESS_ATTACH);
end.
The "target app" is just a new delphi 5 app with two buttons on it that say "Hello World" when clicked.

I have read all your wonderful Experts Exchange posts and I cannot figure this one out. I prefer to inject the DLL instead of using hooks because it's more efficient.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Well, before going remote you should always test the stuff in your own process. You would have noticed that your code won't run there, either. You have at least one big bug in the code, which is that your NewWndProc needs to be "stdcall".
cabal
Posts: 2
Joined: Thu Jul 01, 2004 6:53 am

Stdcall... *blush*

Post by cabal »

madshi,

I found this last night! Doh. This is my first time using WinProc and I should've tested this in my own process. Everything works great now.

Thanks
Post Reply