Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

API-Hooking

Posted on 2001-08-09
7
Medium Priority
?
312 Views
Last Modified: 2013-12-03
Hi!
I am looking for any kind of information on API-Hooking. I think I know how to inject code. Actually I believe Windows-Hooks to be the most sensible approach (correct me if I'm wrong). However, yet I don't know where to go from here. I can intercept window messages but I need APIs.
It would be great if anyone could provide some simple example as far as that is possible.
Suggestions regarding web sites or even books would be nice ,too.
Since I use Visual C++ I would appreciate according examples most. No clue about delphi, sorry.
0
Comment
Question by:Schuhschrank
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 32

Expert Comment

by:jhance
ID: 6369355
The best treatment of this I've seen it in Jeffrey Richter's book, "Programming Applications for Windows", MS Press.  There is an entire chapter on this topic and it goes into great detail about which technique works best for a particular situation and version of Windows.
0
 
LVL 86

Expert Comment

by:jkr
ID: 6369501
>>I believe Windows-Hooks to be the most sensible approach

It isn't, as hooks are only useful for GUI applications.

See http://research.microsoft.com/sn/detours/ 

Quote:

"Detours is a library for instrumenting arbitrary Win32 functions on x86 machines. Detours intercepts Win32 functions by re-writing target function images."
0
 
LVL 1

Expert Comment

by:mite51
ID: 6370162
http://www.madshi.net/

If you can get it working properly it is the best hook I have found. I had made my own using a similar approach but gave up after using his because I am sure I could not improve on it. I use it in conjunction with SetWindowsHook and can capture any API call not made explicitly by the kernel.
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 3

Expert Comment

by:modder
ID: 6373315
mite51,

Askers can accept any comment made to their questions as the answer. Because of that, a lot of experts never answer a question, but post comments only.

I don't think you necessarily need to adhere to that. If an asker asks "what is 1 + 1" I can't blame the first person in when they lock the question with the answer "2". But most questions aren't as clear cut as that.

In the wonderful world of computing, there often are many different ways to "skin a cat" (as the saying goes).

A lot of times you cannot be *absolutely* sure that your suggestion is going to address the question.

Very often, other participants have already made suggestions.

If any of this is true, you should only post your suggestions as a comment.



Like any web community, Experts-Exchange has a netiquette that members adhere to. Some of this is in the form of "unwritten rules", but a lot of it is described in our member agreement. You can find that here:
http://www.experts-exchange.com/jsp/infoMemberAgreement.jsp

Please also read our tips on comments and answers:
http://www.experts-exchange.com/jsp/cmtyQuestAnswer.jsp



Thank you for your understanding, and I do expect you to be a bit less eager in the future.



To the asker:
It is in your own interest to reject a proposed answer as soon as possible if it doesn't fully address your problem. As long as a question is "locked" with a proposed answer, a lot of experts will not bother looking at it. Once you've rejected the question, it will become "open" again, which is like an invitation to experts to participate in your question.

Regards

modder
Community Support
0
 
LVL 1

Expert Comment

by:mite51
ID: 6373459
maybe you should just remove the answer radio button all together since it has no purpose anyway.
0
 
LVL 3

Expert Comment

by:modder
ID: 6373489
That has been argued by many people, and opinions differ.....

I can't give you an "official line" on this, although the fact that the option to post a proposed answer is still around says something about that. <smile>

Just my personal opinion though, there are some questions that *can* be answered directly. This just doesn't happen to be one of them. But for those simple questions that have only one correct answer the option to lock the question makes sense.
0
 
LVL 20

Accepted Solution

by:
Madshi earned 400 total points
ID: 6374397
Hi guys...

Thanx, mite51 again for recommending my stuff...   :-)

Hi jhance, I've also read Jeff Richter's book, but IMHO the most important (because it is the best) API hooking method isn't even mentioned there!! It's the method that Detours is using (see jkr's link) and also the method (in slightly extended form) that my own API hooking package uses.

>> I believe Windows-Hooks to be the most sensible approach

As jkr already said, you can use Windows hooks only to inject your stuff into GUI processes. The better way is to use CreateRemoteThread - BTW, *this* is covered in Jeff Richter's book...  :-)  Normally CreateRemoteThread is available in NT only, but if you're using my package, CreateRemoteThread is also running perfectly fine in win9x based systems...

Here are some links, the documentation about my packages is for the Delphi version of my stuff. But the difference to the C++ version of my package is not very big.

http://help.madshi.net/Data/DllInjecting.htm
http://help.madshi.net/Data/ApiCodeHooking.htm
http://www.internals.com/articles/apispy/apispy.htm

Regards, Madshi.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have ever found yourself doing a repetitive action with the mouse and keyboard, and if you have even a little programming experience, there is a good chance that you can use a text editor to whip together a sort of macro to automate the proce…
zlib is a free compression library (a DLL) on which the popular gzip utility is built.  In this article, we'll see how to use the zlib functions to compress and decompress data in memory; that is, without needing to use a temporary file.  We'll be c…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question