Hooking

[Krozgen]

I've been over more and more sites, still trying to get a working remote process hook. The best... or rather, most universal, method I've seen so far is DLL Injection. If i'm not totally mistaken, it'll load a DLL of your own making into a remote program. If anyone has a sample of this is assembly code, it would prove invaluable to me. I'm essentially just looking to inject into the remote process, and then whenever a specific message is sent / recieved in the window (in this case, WM_SETTEXT), I'd like the DLL that's injected to forward the message onto my program. I've done system wide hooks, but this is something different altogether... does anyone have an example of somesuch code? Thanks.

[zooba]

The MSDN Lab (lab.msdn.microsoft.com) has a sample of this somewhere. I think it's called 'Detours'.

[MichaelW]

Krozgen,

Take care, you are treading on increasingly thin ice. You are by your own admission new to assembly, and so far you have progressed from programmed mouse control, to hiding windows, to hooking a remote process, to DLL injection. Regardless of your explanations the probability that you are up to anything good is rapidly approaching zero.

The Rules Of The Forum

[Krozgen]

Oooh... sorry Michael, didn't mean to give cause for concern. I don't know how to prove to you that I really am trying to just learn assembly. My friends actually suggested the Winamp program, as he wanted to duplicate something similar in another language (but I need to understand hooks first to show him), as well as for my own learning purposes. If you have any suggestions on other cool programs to make (without just following a tut), let me know! It's what I've been looking to do. Crackme's and all are a great way to learn to read assembly, but not actually code straight up in it.

Again, sorry to cause concern :) I do recognize that my topics have been ... er ... odd, I suppose.

BTW, I have read the rules over twice, and I do understand them. Sorry.

-- edit --

Almost forgot ... found the link, Zooba, thanks :) It seems to be... http://lab.msdn.microsoft.com/searchbeta/Redirect.aspx?title=Intercepting+System+API+Calls&url=http://www.devx.com/Intel/Article/21023/1954?pf=true&type=kbArticle&trk=MSCP ... but the link is down (?) If you know of a mirror, please let me know. Thanks.

[dsouza123]

The MS detours 1.5 package is at
http://research.microsoft.com/sn/detours/

[Krozgen]

I've gotten pretty far now... but I'm still one step away, unfortunately :( Before trying to make my winamp hook, which I know has too many uncertain factors, I decided to go with something far simpler... a notepad Keyboard hook. Unfortunately, the SetWindowsHookEx returns 0 for some reason, and the GetLastError (which is then called) returns 0x57 = 87 = Invalid Parameter, I believe.

Code for the main program:

<< Edited by P1 >>

Attached is a zip of all the files, in case anyone's willing to help me. It's called NCOTD because it was originally a Notepad Change Of Title Detector, changed it to just keyboard stroke detector, but didn't feel like changing the file names :P

Please, if you get this working, or know why the hook fails... let me know.

Of course, a copy of notepad MUST BE RUNNING before you run this application.

Thanks in advance for any help, and... I know my word might not mean much, but it's not for any malicious intent.

[P1]

All the fundamentals of system control and fracturing a few EULAs in the process.

Google for Krozgen and assassin@bunnie.net

He associates himself with White Scorpion, who has a history here as well.

I like a novice hacker with a little attitude.  So easy to catch.

Too much to risk here.  Thread Closed.   :naughty:

Regards,  P1  :8)