Schuhschrank
asked on
API-Hooking
Hi!
I am looking for any kind of information on API-Hooking. I think I know how to inject code. Actually I believe Windows-Hooks to be the most sensible approach (correct me if I'm wrong). However, yet I don't know where to go from here. I can intercept window messages but I need APIs.
It would be great if anyone could provide some simple example as far as that is possible.
Suggestions regarding web sites or even books would be nice ,too.
Since I use Visual C++ I would appreciate according examples most. No clue about delphi, sorry.
I am looking for any kind of information on API-Hooking. I think I know how to inject code. Actually I believe Windows-Hooks to be the most sensible approach (correct me if I'm wrong). However, yet I don't know where to go from here. I can intercept window messages but I need APIs.
It would be great if anyone could provide some simple example as far as that is possible.
Suggestions regarding web sites or even books would be nice ,too.
Since I use Visual C++ I would appreciate according examples most. No clue about delphi, sorry.
The best treatment of this I've seen it in Jeffrey Richter's book, "Programming Applications for Windows", MS Press. There is an entire chapter on this topic and it goes into great detail about which technique works best for a particular situation and version of Windows.
>>I believe Windows-Hooks to be the most sensible approach
It isn't, as hooks are only useful for GUI applications.
See http://research.microsoft.com/sn/detours/
Quote:
"Detours is a library for instrumenting arbitrary Win32 functions on x86 machines. Detours intercepts Win32 functions by re-writing target function images."
It isn't, as hooks are only useful for GUI applications.
See http://research.microsoft.com/sn/detours/
Quote:
"Detours is a library for instrumenting arbitrary Win32 functions on x86 machines. Detours intercepts Win32 functions by re-writing target function images."
http://www.madshi.net/
If you can get it working properly it is the best hook I have found. I had made my own using a similar approach but gave up after using his because I am sure I could not improve on it. I use it in conjunction with SetWindowsHook and can capture any API call not made explicitly by the kernel.
If you can get it working properly it is the best hook I have found. I had made my own using a similar approach but gave up after using his because I am sure I could not improve on it. I use it in conjunction with SetWindowsHook and can capture any API call not made explicitly by the kernel.
mite51,
Askers can accept any comment made to their questions as the answer. Because of that, a lot of experts never answer a question, but post comments only.
I don't think you necessarily need to adhere to that. If an asker asks "what is 1 + 1" I can't blame the first person in when they lock the question with the answer "2". But most questions aren't as clear cut as that.
In the wonderful world of computing, there often are many different ways to "skin a cat" (as the saying goes).
A lot of times you cannot be *absolutely* sure that your suggestion is going to address the question.
Very often, other participants have already made suggestions.
If any of this is true, you should only post your suggestions as a comment.
Like any web community, Experts-Exchange has a netiquette that members adhere to. Some of this is in the form of "unwritten rules", but a lot of it is described in our member agreement. You can find that here:
https://www.experts-exchange.com/jsp/infoMemberAgreement.jsp
Please also read our tips on comments and answers:
https://www.experts-exchange.com/jsp/cmtyQuestAnswer.jsp
Thank you for your understanding, and I do expect you to be a bit less eager in the future.
To the asker:
It is in your own interest to reject a proposed answer as soon as possible if it doesn't fully address your problem. As long as a question is "locked" with a proposed answer, a lot of experts will not bother looking at it. Once you've rejected the question, it will become "open" again, which is like an invitation to experts to participate in your question.
Regards
modder
Community Support
Askers can accept any comment made to their questions as the answer. Because of that, a lot of experts never answer a question, but post comments only.
I don't think you necessarily need to adhere to that. If an asker asks "what is 1 + 1" I can't blame the first person in when they lock the question with the answer "2". But most questions aren't as clear cut as that.
In the wonderful world of computing, there often are many different ways to "skin a cat" (as the saying goes).
A lot of times you cannot be *absolutely* sure that your suggestion is going to address the question.
Very often, other participants have already made suggestions.
If any of this is true, you should only post your suggestions as a comment.
Like any web community, Experts-Exchange has a netiquette that members adhere to. Some of this is in the form of "unwritten rules", but a lot of it is described in our member agreement. You can find that here:
https://www.experts-exchange.com/jsp/infoMemberAgreement.jsp
Please also read our tips on comments and answers:
https://www.experts-exchange.com/jsp/cmtyQuestAnswer.jsp
Thank you for your understanding, and I do expect you to be a bit less eager in the future.
To the asker:
It is in your own interest to reject a proposed answer as soon as possible if it doesn't fully address your problem. As long as a question is "locked" with a proposed answer, a lot of experts will not bother looking at it. Once you've rejected the question, it will become "open" again, which is like an invitation to experts to participate in your question.
Regards
modder
Community Support
maybe you should just remove the answer radio button all together since it has no purpose anyway.
That has been argued by many people, and opinions differ.....
I can't give you an "official line" on this, although the fact that the option to post a proposed answer is still around says something about that. <smile>
Just my personal opinion though, there are some questions that *can* be answered directly. This just doesn't happen to be one of them. But for those simple questions that have only one correct answer the option to lock the question makes sense.
I can't give you an "official line" on this, although the fact that the option to post a proposed answer is still around says something about that. <smile>
Just my personal opinion though, there are some questions that *can* be answered directly. This just doesn't happen to be one of them. But for those simple questions that have only one correct answer the option to lock the question makes sense.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.