[HELP]Hooking MessageBoxA

[nerdsupreme]

---------------------

[KingClem™]

Code:

int MyMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
{
UnHookFunction("user32.dll", "MessageBoxA", hook);


int x = MessageBox(hWnd, lpText, lpCaption, uType);
//MessageBox(hWnd, "HAHAHAHA", lpCaption, uType);

HookFunction("user32.dll", "MessageBoxA", MyMessageBoxA, hook);
return x;
}

??? Can't work.
Unhook = you "delete" the hook.

Try that: (didn't looked at your detours )

Code:

int MyMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
{

lpText = "Hooked"
return POINTER_MessageBoxA(hWnd,....);//create a pointer.. :D
}

Written in this editor.

[+Yazzn]

Here you can find a full example of how to hook MessageBox (via hotpatching): Warrock - Code Snippets

[nerdsupreme]

----------------------

[XxharCs]

Please first learn the language instead of copy&pasting fom progamercity.net

First, if you want to use MessageBoxA to display that you injected successfully, then do this before hooking it.
And by the way, it's better to create a thread for hooking and unhooking to see the effect better.

Here is the corrected code:

Code:

...
...
DWORD WINAPI HackThread(LPVOID unused)
{
	
	while(true)
	{
		if(GetAsyncKeyState(VK_F3))
		{
			MessageBoxA(NULL, "Successfully hooked MessageBoxA", "Hooking", MB_OK);
			HookFunction("user32.dll", "MessageBoxA", MyMessageBoxA, hook);
		}

		if(GetAsyncKeyState(VK_F4))
		{
			UnHookFunction("user32.dll", "MessageBoxA", hook);
			MessageBoxA(NULL, "Successfully unhooked MessageBoxA", "Hooking", MB_OK);
		}
	}
	return 0;
}

BOOL APIENTRY DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
	switch(fdwReason)
	{
	case DLL_PROCESS_ATTACH:
		MessageBoxA(0, "DLL_PROCESS_ATTACH\nPress F3 to hook MessageBoxA\nPress F4 to unhook MessageBoxA", "Hooking", MB_OK);
		Sleep(10);
		CreateThread(0, 0, &HackThread, 0, 0, 0);
		
		break;

	case DLL_PROCESS_DETACH:
		
		UnHookFunction("user32.dll", "MessageBoxA", hook);
		Sleep(10);
		MessageBoxA(0, "DLL_PROCESS_DETACH", "Hooking", MB_OK);

		break;

	}
	return TRUE;
}

int MyMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
{
	UnHookFunction("user32.dll", "MessageBoxA", hook);
	int x = MessageBox(hWnd, "Hooked MessageBoxA", lpCaption, uType);

	HookFunction("user32.dll", "MessageBoxA", MyMessageBoxA, hook);
	return x;
}
...
...

[nerdsupreme]

--------------------

[XxharCs]

Quote:

Originally Posted by nerdsupreme

thank you, and btw: i didnt copypasted it..

but i still don't see what i did wrong, even your code works now.

is a thread needed? or what changes you made? lol

Huh.. then i will quote me because u didn't read it correctly:

Quote:

Originally Posted by XxharCs

First, if you want to use MessageBoxA to display that you injected successfully, then do this before hooking it.

You hook MessageBoxA and then use it (from your dll), of course it's gonna crash.

[nerdsupreme]

---------------------

[XxharCs]

Quote:

Originally Posted by nerdsupreme

maybe there are other soultions for detouring, without unhooking it everytime it gets into my function

You don't even need to unhook the original function and hook yours. Just hook it, but don't forget to unhook the function after closing the application

[MrSm!th]

Use Microsoft detours - > problem solved

@XxharCs
You mean before ejecting the dll. When the application closes, it doesn't matter anyway, because well.. the application closes.
Cleanup is only needed if you want to keep the process working after ejecting the dll.

[nerdsupreme]

------------------------

[MrSm!th]

Quote:

Originally Posted by nerdsupreme

it is not needed?

but then i am unable to call messagebox (the original function) in "mymessagebox" cause my call would land in my fake function again and again (endless loop).

look, you replace the the first bytes of messagebox with YOUR JMP to YOUR NEW function.

if you don't unhook it in YOUR function and CALL it again, logically it lands back to the REPLACED BYTES (the JMP TO YOUR FUNCTION) and then it jmps again to your function. it trys again to call MessageBoxA, but it gets again to your func.


or what you mean?


i could only copy the orig. func. to new allocated memory, so i can call it from there..


and M$-detours is $hit, cause it does not support x64(free version) :P

Ms Detours isnt ****, your hooking library obviously is, if it doesn't support a trampoline, because that's what solves your problem.
One does not simply unhook a hook that is currently executing (it's possible, but it has no point in most cases and it isn't thread-safe).

[Brendan Jordan]

Quote:

Originally Posted by MrSm!th

Ms Detours isnt ****, your hooking library obviously is, if it doesn't support a trampoline, because that's what solves your problem.
One does not simply unhook a hook that is currently executing (it's possible, but it has no point in most cases and it isn't thread-safe).

<3

[nerdsupreme]

------------------------

[th0rex]

Quote:

Originally Posted by nerdsupreme

it is not needed?

but then i am unable to call messagebox (the original function) in "mymessagebox" cause my call would land in my fake function again and again (endless loop).

If you would have a good Detour Function/Library you would have an pointer to the original function and you could just call it. Don't really understand want your detour code is returning there. ( Well i understand it, but i don't know why it is returning the start adress of the function.)

Code:

UINT WINAPI hookMessageBox(HWND hWnd, LPCSTR lpszText, LPCSTR lpszTitle, UINT uStyle)
{
	return pMessageBoxA(hWnd, "bla", "MessageBoxFuncHooked", uStyle);
}

I got no idea why you exaclty want to Unhook the function, once the hooked function is called and then want to hook it again. Hook it one Time on load and Unhook it on unload but only if the process is not closing and the dll is being unloaded. MrSmith said the rest.