Solved

API call hook

Posted on 1998-07-30
8
553 Views
Last Modified: 2013-11-19
How can I hook call from some EXE to the function exported from one of Windows common DLLs. I have to intercept this call and modify parameters passed to the function. I am looking for solution for both Windows NT and Windows 95.
0
Comment
Question by:galkin
8 Comments
 
LVL 2

Expert Comment

by:lucidity
ID: 1319929
There is a way to have your program open up the DLL get the function pointer, then place your own code at the function pointer location (after you have made a copy of the original code that was there). Then your code you replaced will receive calls destined for the DLL, then you can call the original function from your code and "manipulate" it before returning the results.

I have not had time to do this but I plan to, If anyone has done this I would like to get the source.

Thanks

0
 
LVL 7

Author Comment

by:galkin
ID: 1319930
You comment is to general, I need a tip pointing to solution.
0
 
LVL 2

Expert Comment

by:lucidity
ID: 1319931
that was a tip dumb ass.

key word search - DLL thunking

you won't find source code on the Net to do this if thats what your looking for
0
 

Expert Comment

by:nari
ID: 1319932
If you plan to debug the application by changing the parameter values to the funtion
go to the watch window and change the values of the funtion parameters before
executing it .But you can't change the type of parameters.I think this case works only
if you have debug version of exe only.If you have the source code for exe please customize the DLL's exported from the windows dll.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 7

Author Comment

by:galkin
ID: 1319933
No, there is nothing with debugging. I have EXE calling API function in one of the Windows DLL. I want to hook this call and modify parameters passed onto stack
0
 
LVL 1

Expert Comment

by:payn
ID: 1319934
There is no general-purpose solution to trapping Win32 API calls. If I understand what you're trying to do, you're trying to build something like a DOS TSR, MacOS extension, etc. that patches a piece of the API and adds to/changes its functionality.

There's no way to do that that's simple and general in Win32. If you mention which API you want to patch, I can be more specific. But here's some hints:

There are simple solutions in some cases. Some Win32 API calls are designed so they can be hooked--that is, they call certain functions before and/or after doing their own thing. In many cases the hooks are only application-wide, meaning that you'd have to modify each app (or somehow build a wrapper application). However, there are hooks that are system-wide--any app calling a certain API will trigger any registered hook. For example, if your app catches the CBT hooks (computer-based training), it will get every app's window messages before they get sent to the relevant app. Of course you'll probably also break all MFC apps; if you decide to go this way, try it, see what breaks, and come back with more specific questions. This will work in almost any version of Windows.

The shell extension documentation is probably the first place to look. If you're trying to convince the OS that it should execute your code whenever any app tries to, e.g., open a file, or pull up a context menu for a file, or list a file within a directory, then you want to write a shell extension. This will work in NT 4.0 and up, and Win95 and 98, but I don't think it'll work in NT 3.51 or earlier.

Look in the "Platform, SDK, and DDK Documentation | Platform SDK | User Interface Services | Shell" chapter in VC5's documentation for information on shell extensions and similar things. Also, some APIs can effectively be hooked by replacing device drivers.

If this doesn't work, there is a general-purpose solution (OK, I lied when I said there wasn't one), but it's a big ugly hack. You need to replace the system DLL. Microsoft does this all the time with new releases of IE and Office, but usually nobody else dares. Still, if you can plug in your own User.dll in place of the Win95 User.dll, you can do anything, right? The easiest way to do this is to build a wrapper for the DLL containing the API you want to hook. Wrap every API with a simple stub that calls the original function, except of course for the API you want to hook. Note that this solution is OS- and version-specific. This is why IE4 has different installers for NT and 95 (although the installer shell hides this from you).

Also note that any of these solutions will have to be installed by someone with administrator access on an NT system.


0
 
LVL 2

Accepted Solution

by:
kinkajou earned 200 total points
ID: 1319935
So you want to hook a Win API function that is called from an independent .EXE. Make an application that loads the API DLL using Loadlibrary(), get the address of the function you want to wrap using GetProcAddress(), save the address, go to the location of the function and exchange the address of your wrapper function for the API address (easier said than done), and wala, your wrapper function is now taking the place of the API function. Your wrapper function will need to get the params and do what ever you want with the params and then call the API function (unless you're going to emulate the API function). Then the .EXE mentioned earlier can be executed and your change the way the API function works with that .EXE. You'll need to have the hook application replace the API function after you're done unless you just want to leave the functionality or re-boot. Setting the procedure address is the most fun because it requires some creative memory management cludges using DPMI.

Good Luck.
0
 

Expert Comment

by:frussoft
ID: 7684710
here is the implement of system-wide hook api sdk

http://www.frussoft.com

 Hook Windows API SDK is SYSTEM-WIDE hooks.
You can read about features of the product, download a limited trial version of Hook Windows API SDK and read the manual online and order the program if you like the program and wish to use it after the evaluation period. The register version is include the full source code.

Who says it is impossible to setup SYSTEM-WIDE hooks for Win9x/Win2000/WinNT/WinXP

The only SYSTEM-WIDE API hook available for Windows Platform

Install your own hooks to monitor program starts or terminates
Install your own hooks to monitor file access
Install your own hooks to ... use your imagination.
 
 
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here is how to use MFC's automatic Radio Button handling in your dialog boxes and forms.  Beginner programmers usually start with a OnClick handler for each radio button and that's just not the right way to go.  MFC has a very cool system for handli…
Introduction: Database storage, where is the exe actually on the disc? Playing a game selected randomly (how to generate random numbers).  Error trapping with try..catch to help the code run even if something goes wrong. Continuing from the seve…
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

948 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now