---------------------
[HELP]Hooking MessageBoxA
01/29/2014 14:40
nerdsupreme#1
01/29/2014 16:34
KingClem™#2
Code:
int MyMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
{
UnHookFunction("user32.dll", "MessageBoxA", hook);
int x = MessageBox(hWnd, lpText, lpCaption, uType);
//MessageBox(hWnd, "HAHAHAHA", lpCaption, uType);
HookFunction("user32.dll", "MessageBoxA", MyMessageBoxA, hook);
return x;
}
Unhook = you "delete" the hook.
Try that: (didn't looked at your detours )
Code:
int MyMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
{
lpText = "Hooked"
return POINTER_MessageBoxA(hWnd,....);//create a pointer.. :D
}
01/30/2014 00:15
+Yazzn#3
Here you can find a full example of how to hook MessageBox (via hotpatching): [Only registered and activated users can see links. Click Here To Register...]
01/30/2014 02:59
nerdsupreme#4
----------------------
01/30/2014 10:51
XxharCs#5
Please first learn the language instead of copy&pasting fom progamercity.net
First, if you want to use MessageBoxA to display that you injected successfully, then do this before hooking it.
And by the way, it's better to create a thread for hooking and unhooking to see the effect better.
Here is the corrected code:
First, if you want to use MessageBoxA to display that you injected successfully, then do this before hooking it.
And by the way, it's better to create a thread for hooking and unhooking to see the effect better.
Here is the corrected code:
Code:
...
...
DWORD WINAPI HackThread(LPVOID unused)
{
while(true)
{
if(GetAsyncKeyState(VK_F3))
{
MessageBoxA(NULL, "Successfully hooked MessageBoxA", "Hooking", MB_OK);
HookFunction("user32.dll", "MessageBoxA", MyMessageBoxA, hook);
}
if(GetAsyncKeyState(VK_F4))
{
UnHookFunction("user32.dll", "MessageBoxA", hook);
MessageBoxA(NULL, "Successfully unhooked MessageBoxA", "Hooking", MB_OK);
}
}
return 0;
}
BOOL APIENTRY DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
switch(fdwReason)
{
case DLL_PROCESS_ATTACH:
MessageBoxA(0, "DLL_PROCESS_ATTACH\nPress F3 to hook MessageBoxA\nPress F4 to unhook MessageBoxA", "Hooking", MB_OK);
Sleep(10);
CreateThread(0, 0, &HackThread, 0, 0, 0);
break;
case DLL_PROCESS_DETACH:
UnHookFunction("user32.dll", "MessageBoxA", hook);
Sleep(10);
MessageBoxA(0, "DLL_PROCESS_DETACH", "Hooking", MB_OK);
break;
}
return TRUE;
}
int MyMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
{
UnHookFunction("user32.dll", "MessageBoxA", hook);
int x = MessageBox(hWnd, "Hooked MessageBoxA", lpCaption, uType);
HookFunction("user32.dll", "MessageBoxA", MyMessageBoxA, hook);
return x;
}
...
...
01/30/2014 13:13
nerdsupreme#6
--------------------
01/30/2014 13:21
XxharCs#7
Huh.. then i will quote me because u didn't read it correctly:Quote:
thank you, and btw: i didnt copypasted it..
but i still don't see what i did wrong, even your code works now.
is a thread needed? or what changes you made? lol
You hook MessageBoxA and then use it (from your dll), of course it's gonna crash.Quote:
01/30/2014 13:30
nerdsupreme#8
---------------------
01/30/2014 14:30
XxharCs#9
You don't even need to unhook the original function and hook yours. Just hook it, but don't forget to unhook the function after closing the application ;)Quote:
01/30/2014 17:15
MrSm!th#10
Use Microsoft detours - > problem solved
@XxharCs
You mean before ejecting the dll. When the application closes, it doesn't matter anyway, because well.. the application closes.
Cleanup is only needed if you want to keep the process working after ejecting the dll.
@XxharCs
You mean before ejecting the dll. When the application closes, it doesn't matter anyway, because well.. the application closes.
Cleanup is only needed if you want to keep the process working after ejecting the dll.
01/31/2014 06:26
nerdsupreme#11
------------------------
01/31/2014 12:11
MrSm!th#12
Ms Detours isnt shit, your hooking library obviously is, if it doesn't support a trampoline, because that's what solves your problem.Quote:
but then i am unable to call messagebox (the original function) in "mymessagebox" cause my call would land in my fake function again and again (endless loop).
look, you replace the the first bytes of messagebox with YOUR JMP to YOUR NEW function.
if you don't unhook it in YOUR function and CALL it again, logically it lands back to the REPLACED BYTES (the JMP TO YOUR FUNCTION) and then it jmps again to your function. it trys again to call MessageBoxA, but it gets again to your func.
or what you mean?
i could only copy the orig. func. to new allocated memory, so i can call it from there..
and M$-detours is $hit, cause it does not support x64(free version) :P
One does not simply unhook a hook that is currently executing (it's possible, but it has no point in most cases and it isn't thread-safe).
01/31/2014 13:07
Brendan Jordan#13
Quote:
One does not simply unhook a hook that is currently executing (it's possible, but it has no point in most cases and it isn't thread-safe).
|
|
:rolleyes: <3
01/31/2014 13:18
nerdsupreme#14
------------------------
01/31/2014 16:34
th0rex#15
If you would have a good Detour Function/Library you would have an pointer to the original function and you could just call it. Don't really understand want your detour code is returning there. ( Well i understand it, but i don't know why it is returning the start adress of the function.)Quote:
but then i am unable to call messagebox (the original function) in "mymessagebox" cause my call would land in my fake function again and again (endless loop).
Code:
UINT WINAPI hookMessageBox(HWND hWnd, LPCSTR lpszText, LPCSTR lpszTitle, UINT uStyle)
{
return pMessageBoxA(hWnd, "bla", "MessageBoxFuncHooked", uStyle);
}