Hey,
The main idea is that i'd like to hook GetDlgItemInt in my own application.
What's the safest way to do it?
Thanks.
I've been playing with API hooks recently. This is how I disable ExitProcess (old, good EBFE ;-)
;Thank you edcba :)
.data
mydll db "kernel32.dll", 0
myfnc db "ExitProcess", 0
blah dd ?
.code
start:
invoke LoadLibrary, ADDR mydll
invoke GetProcAddress, eax, ADDR myfnc
push eax
invoke VirtualProtect, eax, 2, PAGE_READWRITE, ADDR blah
pop eax
mov word ptr [eax], 0FEEBh ; EBFE kicks ass :-)
invoke MessageBox,0,0,0,0 ; VOILA!!!
invoke ExitProcess, 0
end start
Good luck! :U
Thanks, i'll see what i can do :P
Hi,
I don't know much about hooking but I think it would be better to save the bytes replaced with EBFEh. BTW, does this work in Non NT OSes. Should I use WriteProcessMemory instead in 98Se?
And what is the ue of hooking an API?
Thomas
This should work for ANY Windows OS.
EBFEh is universal! ;-)
Good luck! :U
EBFE = JMP SHORT -2, effectively an endless loop. What's the point?
It looks like he is disabling ExitProcess by forcing a *hang*
Still, it still seems pretty pointless as you said, Michael.
Paul
Hi,
EBFE means jmp eip.What I wanted to know is whether windows 98 and similiar allows modification of the kernel memory
Thomas
I think you can edit kernel32's memory, yes.
Not sure though, I've tested on 2K only.
Quote from: pbrennick on April 07, 2005, 05:19:21 PM
It looks like he is disabling ExitProcess by forcing a *hang*
Still, it still seems pretty pointless as you said, Michael.
Paul
It's just an example of API hooking. And why should it be pointless? It disables ExitProcess :U
Hi,
I think a better way of disabling ExitProcess will be writing RET 4 (or whatever the total size of Parameters). I think that converts to C2 04 00 or as DWORD 0004C2h . BTW I tested and found it works in win98 too. But I think the point of hooking is not disabling an API but redirecting it through your code to detect where it i coming from or something like that.
Thomas
I wrote up a basic hooking tutorial located here:
[link removed]
There's a few more examples in that section.
Kunt0r,
i have removed the link as your site deals with reverse engineering and cracking third party applications. I know there is no bad intent on your behalf, but we do have a standard to maintain.
That is not too mean that your tutorials should go to waste.... you should "clean" them a little to remove any potentially objectionable references to apps that are not your own, then post them here.
- sluggy
Hi,
I am working on a source generator which makes PROC frames for all teh functions in a DLL so that we can make a stub for system DLLs soo that all the calls pass through our code :bdg. I will complete the User33.dll after I get back from a tour.
Thomas