Link to home
Start Free TrialLog in
Avatar of galkin
galkin

asked on

API call hook

How can I hook call from some EXE to the function exported from one of Windows common DLLs. I have to intercept this call and modify parameters passed to the function. I am looking for solution for both Windows NT and Windows 95.
Avatar of lucidity
lucidity

There is a way to have your program open up the DLL get the function pointer, then place your own code at the function pointer location (after you have made a copy of the original code that was there). Then your code you replaced will receive calls destined for the DLL, then you can call the original function from your code and "manipulate" it before returning the results.

I have not had time to do this but I plan to, If anyone has done this I would like to get the source.

Thanks

Avatar of galkin

ASKER

You comment is to general, I need a tip pointing to solution.
that was a tip dumb ass.

key word search - DLL thunking

you won't find source code on the Net to do this if thats what your looking for
If you plan to debug the application by changing the parameter values to the funtion
go to the watch window and change the values of the funtion parameters before
executing it .But you can't change the type of parameters.I think this case works only
if you have debug version of exe only.If you have the source code for exe please customize the DLL's exported from the windows dll.
Avatar of galkin

ASKER

No, there is nothing with debugging. I have EXE calling API function in one of the Windows DLL. I want to hook this call and modify parameters passed onto stack
There is no general-purpose solution to trapping Win32 API calls. If I understand what you're trying to do, you're trying to build something like a DOS TSR, MacOS extension, etc. that patches a piece of the API and adds to/changes its functionality.

There's no way to do that that's simple and general in Win32. If you mention which API you want to patch, I can be more specific. But here's some hints:

There are simple solutions in some cases. Some Win32 API calls are designed so they can be hooked--that is, they call certain functions before and/or after doing their own thing. In many cases the hooks are only application-wide, meaning that you'd have to modify each app (or somehow build a wrapper application). However, there are hooks that are system-wide--any app calling a certain API will trigger any registered hook. For example, if your app catches the CBT hooks (computer-based training), it will get every app's window messages before they get sent to the relevant app. Of course you'll probably also break all MFC apps; if you decide to go this way, try it, see what breaks, and come back with more specific questions. This will work in almost any version of Windows.

The shell extension documentation is probably the first place to look. If you're trying to convince the OS that it should execute your code whenever any app tries to, e.g., open a file, or pull up a context menu for a file, or list a file within a directory, then you want to write a shell extension. This will work in NT 4.0 and up, and Win95 and 98, but I don't think it'll work in NT 3.51 or earlier.

Look in the "Platform, SDK, and DDK Documentation | Platform SDK | User Interface Services | Shell" chapter in VC5's documentation for information on shell extensions and similar things. Also, some APIs can effectively be hooked by replacing device drivers.

If this doesn't work, there is a general-purpose solution (OK, I lied when I said there wasn't one), but it's a big ugly hack. You need to replace the system DLL. Microsoft does this all the time with new releases of IE and Office, but usually nobody else dares. Still, if you can plug in your own User.dll in place of the Win95 User.dll, you can do anything, right? The easiest way to do this is to build a wrapper for the DLL containing the API you want to hook. Wrap every API with a simple stub that calls the original function, except of course for the API you want to hook. Note that this solution is OS- and version-specific. This is why IE4 has different installers for NT and 95 (although the installer shell hides this from you).

Also note that any of these solutions will have to be installed by someone with administrator access on an NT system.


ASKER CERTIFIED SOLUTION
Avatar of kinkajou
kinkajou

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
here is the implement of system-wide hook api sdk

http://www.frussoft.com

 Hook Windows API SDK is SYSTEM-WIDE hooks.
You can read about features of the product, download a limited trial version of Hook Windows API SDK and read the manual online and order the program if you like the program and wish to use it after the evaluation period. The register version is include the full source code.

Who says it is impossible to setup SYSTEM-WIDE hooks for Win9x/Win2000/WinNT/WinXP

The only SYSTEM-WIDE API hook available for Windows Platform

Install your own hooks to monitor program starts or terminates
Install your own hooks to monitor file access
Install your own hooks to ... use your imagination.