chengyan
asked on
How to use Windows' undocumented API?
Hi,
I've learnt an undocumented API, AllocCStoDSAlias,from an article which
is used to spawn a CS to DS segment value, so as I can use it to write to
the code memory.
I know its declaration and usage, but I just can't make it linked successfully
in VC++5, for I don't know where this undocumented API comes from which
DLL/EXE, so how can I link it to my code?
Or perhaps how can I use thoese undocumented APIs? What lib should I link
to? Or are they coming from a KERNEL/GDI/USER?
Thanks
Chengyan
checcy@public.hr.hl.cn
I've learnt an undocumented API, AllocCStoDSAlias,from an article which
is used to spawn a CS to DS segment value, so as I can use it to write to
the code memory.
I know its declaration and usage, but I just can't make it linked successfully
in VC++5, for I don't know where this undocumented API comes from which
DLL/EXE, so how can I link it to my code?
Or perhaps how can I use thoese undocumented APIs? What lib should I link
to? Or are they coming from a KERNEL/GDI/USER?
Thanks
Chengyan
checcy@public.hr.hl.cn
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This function is available only to a 16 bit program. (and is documented for a 16 bit program). It cannot be used from a 32 bit program. It makes no sense in a 32 bit environment. VC 5 only produces 32 bit code, so there is no reason for you to be using it.
You can use VirtualProtect() to perform the same sort of function in the 32 bit world.
ASKER
Thanks for your kind answer. However, I tried to use VirtualProtect API, but it always returns zero(that is, failed). What kind of memory address does it work on? Any sample code?
Thanks
Thanks
You know you accepted Galkin's answer not mine.
This is not going to be too similar to the sample code you have. This is an area where the 16 bit and 32 bit design is very different. for one thing the 16 bit code probably alloacted memory using GlobalAlloc. In 32 bits the memory has to be allocated using VirtualAlloc().
This is not going to be too similar to the sample code you have. This is an area where the 16 bit and 32 bit design is very different. for one thing the 16 bit code probably alloacted memory using GlobalAlloc. In 32 bits the memory has to be allocated using VirtualAlloc().
nietod, I can post dummy question so you can post empty answer. I will accept it and give you points. It's Ok?
Tha's alright. I just wanted chengyan to be more careful in the future.
ASKER
Hi, galkin and nietod,
I must admit this was the first time I used this site to post questions, and I was not very familiar with the credit points stuff. In fact I indeed wanted to give both of your my points, but I don't know how to do this, when I hit the "submit' button, it said all points went to galkin, is there a way to accept answers from up to one persons?
Though your answers were very informative till this moment, I must say that they don't help much with my problem. Maybe I posted my question too briefly. In fact, what I want to do is to capture a Windows95 api call in my program. I've seen a utitlity on a site, which seemed very useful to me, but unfortunately it's for Mac! So I decide to make one for win95. After some tiresome investigation, I found out that the only way to achieve the function of that utility is to replace a win95 system API with one of my own. So I think maybe I can get that API's entry address, and replace it with one which points to my own function, and in my own function, I could do some stuff before pass back the control to the original win95 system api.
I must admit I've never program this low level under win95, so I think i need help on how to do this. For instance, many applications will call MessageBox api of win95, now how can I replace this api with one of my own functions, which could do some stuff before calling the real messagebox api, so that whenever an application calls MessageBox, it should first call my own hook function.
I know this is possible under win31, though I am not very sure of how to do it, but I don't know whether this is possible under win95? Because the api function I wish to replace is pure 32bit api, am I able to do this?
Now I have only 10 points left after accepting galkin's answer, I don't know how to give you these points once you answer me.
Any of you could help me about this?
Thanks,
Chengyan
I must admit this was the first time I used this site to post questions, and I was not very familiar with the credit points stuff. In fact I indeed wanted to give both of your my points, but I don't know how to do this, when I hit the "submit' button, it said all points went to galkin, is there a way to accept answers from up to one persons?
Though your answers were very informative till this moment, I must say that they don't help much with my problem. Maybe I posted my question too briefly. In fact, what I want to do is to capture a Windows95 api call in my program. I've seen a utitlity on a site, which seemed very useful to me, but unfortunately it's for Mac! So I decide to make one for win95. After some tiresome investigation, I found out that the only way to achieve the function of that utility is to replace a win95 system API with one of my own. So I think maybe I can get that API's entry address, and replace it with one which points to my own function, and in my own function, I could do some stuff before pass back the control to the original win95 system api.
I must admit I've never program this low level under win95, so I think i need help on how to do this. For instance, many applications will call MessageBox api of win95, now how can I replace this api with one of my own functions, which could do some stuff before calling the real messagebox api, so that whenever an application calls MessageBox, it should first call my own hook function.
I know this is possible under win31, though I am not very sure of how to do it, but I don't know whether this is possible under win95? Because the api function I wish to replace is pure 32bit api, am I able to do this?
Now I have only 10 points left after accepting galkin's answer, I don't know how to give you these points once you answer me.
Any of you could help me about this?
Thanks,
Chengyan
>>So I think maybe I can get that API's entry address, and replace it with
>> one which points to my own function, and in my own function, I could
>> do some stuff before pass back the control to the original win95
>> system api.
You can't "patch" code in windows like that. It a protected mode environment and will not allow you to alter code pages. Especially OS code. There are extremely cumbersome ways of achieving this however. But before we discuss that, what is the end goal you want to reach. There is probably a better way.
>> one which points to my own function, and in my own function, I could
>> do some stuff before pass back the control to the original win95
>> system api.
You can't "patch" code in windows like that. It a protected mode environment and will not allow you to alter code pages. Especially OS code. There are extremely cumbersome ways of achieving this however. But before we discuss that, what is the end goal you want to reach. There is probably a better way.
ASKER
Well, thanks again for your comments, nietod.
In fact, the real APIs that I wished to rewrite are GetOpenFileName and GetSaveFileName. I wish to replace the default Open/Save dialog boxes with ones of my own, which will add more features. I know both two functions are located in COMDLG32.DLL, and I even tried to rewrite a new DLL replacing the win95's original one, but with no luck. I recompiled my new DLL via including the commdlg.h, and exporting all functions in it and these functions will just call the orginal apis in COMDLG32.DLL. So I renamed the win95's COMDLG32.DLL to another name, and named my DLL as COMDLG32.DLL. And my test result is that the applications(such as Notepad, Wordpad,etc.) could load my new DLL all right, but when it comes to call the functions in it, the win95 just stop responding. So I think there might also be some misbehavior with parameters passing. But I am not sure. Or maybe there're any undocumented APIs hidden in COMDLG32.DLL which I don't know how to export?
I compiled the DLL using Delphi and also VC5, but none of the output of the both compilers just worked as win95's original COMDLG32.DLL does. What is COMDLG32.DLL made in? VC or Assembler?
If I can't replace the win95's api, why some of cracking tools can? They can monitor win95's api calls, and certainly have no difficulty to write to the code memory. How do they make it?
Any bettwer way out?
In fact, the real APIs that I wished to rewrite are GetOpenFileName and GetSaveFileName. I wish to replace the default Open/Save dialog boxes with ones of my own, which will add more features. I know both two functions are located in COMDLG32.DLL, and I even tried to rewrite a new DLL replacing the win95's original one, but with no luck. I recompiled my new DLL via including the commdlg.h, and exporting all functions in it and these functions will just call the orginal apis in COMDLG32.DLL. So I renamed the win95's COMDLG32.DLL to another name, and named my DLL as COMDLG32.DLL. And my test result is that the applications(such as Notepad, Wordpad,etc.) could load my new DLL all right, but when it comes to call the functions in it, the win95 just stop responding. So I think there might also be some misbehavior with parameters passing. But I am not sure. Or maybe there're any undocumented APIs hidden in COMDLG32.DLL which I don't know how to export?
I compiled the DLL using Delphi and also VC5, but none of the output of the both compilers just worked as win95's original COMDLG32.DLL does. What is COMDLG32.DLL made in? VC or Assembler?
If I can't replace the win95's api, why some of cracking tools can? They can monitor win95's api calls, and certainly have no difficulty to write to the code memory. How do they make it?
Any bettwer way out?
I doubt that has to do with "undocumented APIs hidden in COMDLG32.DLL which" You just need to make sure that you export every function that the original ComDlg32.dll exported AND you must make sure the exports are in the right order. Some applications/DLLs might import by ordinal rather than by name, so if you change the order of the exports, you will cause problems.
As to "misbehavior with parameters passing" you must make sure that the functions that you aren't implimenting specially, are declared with the same parameters as the originals and just call the originals with the same parameters.
>> If I can't replace the win95's api, why some of cracking tools can? They can monitor win95's api calls, and certainly have no difficulty to write to the code memory. How do they make it?
I beleive there are some debugging API's that can give you access to the OS's code pages. But those are not intended for use in a regular application. They would allow your application to crash other programs and the system.
As to "misbehavior with parameters passing" you must make sure that the functions that you aren't implimenting specially, are declared with the same parameters as the originals and just call the originals with the same parameters.
>> If I can't replace the win95's api, why some of cracking tools can? They can monitor win95's api calls, and certainly have no difficulty to write to the code memory. How do they make it?
I beleive there are some debugging API's that can give you access to the OS's code pages. But those are not intended for use in a regular application. They would allow your application to crash other programs and the system.
Your idea is possible, there is a way to change the dll's proc address once the dll is loaded. I write my software in Delphi so my source isn't valid for you (I also no longer have the source), but it IS possible.
This question is 5 years old. I don't think chengyan has been waiting all this time for an answer.
Yes, but the information should be complete and correct so others can see it. I came across this page via google.
Well, how do you do it then? The solution would have nothing to do with language (delphi vs C++) It is purely a windows OS issue.