Home > Software engineering >  Under Win10 API HOOK doesn't work
Under Win10 API HOOK doesn't work

Time:09-17

The traditional way of API Hook in Winxp - Windows 7 can work, but work on Win10 will produce abnormal cause program exits, anyone know how to correctly under Win10 Hook API? 
 
DWORD g_pMsgA=0; 
BYTE g_szMsgAOld [8]={NULL}; 
Xb8 BYTE g_szMsgANew [8]={0, 0 x00 to 0 x00 to 0 x40, 0 x00 to 0 XFF, 0 xe0-0xfc, 0 x00}; 

DWORD dwSize=0; 
HMODULE hDLL=NULL; 

HDLL=: : LoadLibrary (" User32. DLL "); 
G_pMsgA=(DWORD) GetProcAddress call (hDLL, "MessageBoxA"); 
ReadProcessMemory (INVALID_HANDLE_VALUE (void *) g_pMsgA, g_szMsgAOld, 8, & amp; DwSize); 
* * (DWORD) (g_szMsgANew + 1)=(DWORD) MyMessageBoxA; 
WriteProcessMemory (INVALID_HANDLE_VALUE (void *) g_pMsgA, g_szMsgANew, 8, & amp; DwSize); 


Int MyMessageBoxA (HWND HWND, LPCTSTR lpText, LPCTSTR lpCaption, UINT uType) 
{
Int iRet=0; 
DWORD dwSize=0; 
If (CheckDlg (hWnd)) return 0; 
WriteProcessMemory (INVALID_HANDLE_VALUE (void *) g_pMsgA, g_szMsgAOld, 8, & amp; DwSize); 
IRet=MessageBoxA (hWnd, lpText lpCaption, uType); 
WriteProcessMemory (INVALID_HANDLE_VALUE (void *) g_pMsgA, g_szMsgANew, 8, & amp; DwSize); 
Return iRet; 
}

CodePudding user response:

64 or 32 bit system?
And the HOOK mileage is 32 bit or 64 bit

CodePudding user response:

A function call was successful??

CodePudding user response:

May also can't use the doing, OS have change,

CodePudding user response:

Use VirtualProtect memory properties of the modified code position, change it to write?

CodePudding user response:

http://codefromthe70s.org/
2014 - Mar - 5: Mhook v2.4, an API hooking library

Bear children firewall: process filter based on AppInit_DLLs
http://nicoconi.com/2015-08/appinit_dlls-minifilterz.html
Finally, the DLL by VS2013 compilation, use the open source mhook library, in a 64 - bit Windows 7, doing, win10 test pass, xp compatibility is unknown, xp please use

LZ, ever tried mHook v2.4, at first glance to see information from & lt; The introduction of look, as if support win10, you can try.
MHook is open source, if can be used to Win10, you can find the difference.

CodePudding user response:

WinAPIOverridehttp://jacquelin potier. Free. Fr/winapioverride32/

CodePudding user response:

This is used to find the code, the author has carried on the simple modification, can be used all the time, in the Windows and there are no problems with 10,
Example for the Hook MessageBoxA function: 
 # include & lt; Windows. H> 
# pragma comment (lib, "user32. Lib") 

# # ifndef _X86_JMP_SIZE 
# define _X86_JMP_SIZE 6 
# endif 

Void * g_pfnToHook=NULL; 
Void * g_pfnHooked=NULL; 

BYTE g_oldBytes [_X86_JMP_SIZE]={0}; 
BYTE g_jmpBytes [_X86_JMP_SIZE]={0}; 

DWORD g_dwProtect=0; 
DWORD g_dwResult=0; 

Int WINAPI HookedMessageBoxA (
The HWND HWND, 
LPCSTR lpText, 
LPCSTR lpCaption, 
UINT uType 
) 
{
Int iRet=1; 
If (VirtualProtect (g_pfnToHook, _X86_JMP_SIZE PAGE_EXECUTE_READWRITE, & amp; G_dwResult)) {
Memcpy (g_pfnToHook, (void *) g_oldBytes, _X86_JMP_SIZE); 
IRet=MessageBoxA (hWnd, "The message from hooked MessageBox!" , lpCaption uType); 
Memcpy (g_pfnToHook, (void *) g_jmpBytes, _X86_JMP_SIZE); 
VirtualProtect (g_pfnToHook, _X86_JMP_SIZE g_dwProtect, & amp; G_dwResult); 
} 
Return iRet; 
} 

BOOL InitializeMessageBoxHook (void) 
{
BYTE jmpBytes [_X86_JMP_SIZE]={x90 xe9 0, 0 x90, 0, 0 x90, 0 x90, 0 xc3}; 
Memcpy (, (void *) (void *) g_jmpBytes jmpBytes, sizeof (jmpBytes)); 
DWORD jmpSize=(DWORD) ((DWORD_PTR) g_pfnHooked - (DWORD_PTR) g_pfnToHook - 5). 
BOOL fResult=VirtualProtect (g_pfnToHook, _X86_JMP_SIZE PAGE_EXECUTE_READWRITE, & amp; G_dwProtect); 
If (fResult) {
Memcpy ((void *) g_oldBytes g_pfnToHook, _X86_JMP_SIZE); 
Memcpy ((void *) & amp; G_jmpBytes [1], (void *) & amp; JmpSize, sizeof (jmpSize)); 
Memcpy (g_pfnToHook, (void *) g_jmpBytes, _X86_JMP_SIZE); 
FResult=VirtualProtect (g_pfnToHook, _X86_JMP_SIZE g_dwProtect, & amp; G_dwResult); 
} 
Return fResult; 
} 

BOOL FinalizeMessageBoxHook (void) 
{
BOOL fResult=VirtualProtect (g_pfnToHook, _X86_JMP_SIZE PAGE_EXECUTE_READWRITE, & amp; G_dwResult); 
If (fResult) {
Memcpy (g_pfnToHook g_oldBytes, _X86_JMP_SIZE); 
} 
Return fResult; 
} 

Int main (int arg c, char * argv []) 
{
G_pfnToHook=(void *) MessageBoxA; 
G_pfnHooked=(void *) HookedMessageBoxA; 

MessageBoxA (NULL, "Before the hooks!" , "before", MB_OK); 

If (InitializeMessageBoxHook ()) {
MessageBoxA (NULL, "Hello world!" ", "info", MB_OK); 
FinalizeMessageBoxHook (); 
} 
MessageBoxA (NULL, "After the hooks!" , "after", MB_OK); 

return 0; 
}

CodePudding user response: 

 g_pMsgA=(DWORD) GetProcAddress call (hDLL, "MessageBoxA");
visual into a 64 - bit application, then collapsed

CodePudding user response:

May be due to the cause of the LoadLibrary, win10 kernel32 below there is no longer the name, the name of the function in the KERNELBASE. DLL hasn't changed, you export the try

CodePudding user response:

More than you meet this thing, many past XP or Windows 7 on the reliable and practical API WIN10 now on can't use or the results is difficult to determine, estimates that Microsoft WIN10 have new running code, such as Windows 7 can startup and shutdown of the service manual operation can't now, Microsoft has your computer completely for his computer,

CodePudding user response:

There would be no need to write their own iat inline hooks failure tangle, direct detoursnullnullnullnullnullnullnullnullnull

Page link:https//www.codepudding.com/Softwareengineering/7394.html

Prev:The computer running, nothing will be stuck
Next:3. CHouse class of operators> overloading, realize from the flow of housing information. 4. CBuil
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding