magellanLS
asked on
SetDDIHook function in a 16bit dll?
Hello everyone!
I have the SetDDIHook function in a 16bit dll(from msaasdk) ,that I send a message from my program(32bit) with undocumented thunking functions.
When I send the message from my program to the dll to start hooking,It seems Like my program doesnt recieve nothing from the dll.
what am I doing wrong?
Thanks!
I have the SetDDIHook function in a 16bit dll(from msaasdk) ,that I send a message from my program(32bit) with undocumented thunking functions.
When I send the message from my program to the dll to start hooking,It seems Like my program doesnt recieve nothing from the dll.
what am I doing wrong?
Thanks!
ginsonic
Can you put here the function that send the message from your dll ?
We can't help much without seeing some code. Maybe if you send the dll to me together with the source, I can find something:
ddihook@madshi.net
What is msaasdk? Do you have the sources for the dll? If you have, please mail everything to me. I can't promise that I find the time to really look deep into that stuff (because I've not much time), but maybe I can, perhaps this kind of stuff is really interesting for me...
Regards, Madshi.
ddihook@madshi.net
What is msaasdk? Do you have the sources for the dll? If you have, please mail everything to me. I can't promise that I find the time to really look deep into that stuff (because I've not much time), but maybe I can, perhaps this kind of stuff is really interesting for me...
Regards, Madshi.
ASKER
To ginsonic:
The 16bit dll uses PostThreadMessage32 To send message to my program
To Madshi:
Is ddihook@madshi.net really your email?
If not, Can you please give your valid email address so I can send you what you asked
Thank you all for your time!
:-) All mails that end with @madshi.net reach me.
ASKER
madshi. email sent ;-)
ASKER
madshi. email sent ;-)
Received it. Unfortunately the weekend is over now, so I can't look at it right now. I'll try as soon as possible, will post my findings then here.
If another expert can jump in and check it out right now, that's fine for me.
elli, could you please post your Delphi code here? Because probably the dll is alright (after all it's directly from the SDK), so probably the problem is in your sources, I guess...
Regards, Madshi.
If another expert can jump in and check it out right now, that's fine for me.
elli, could you please post your Delphi code here? Because probably the dll is alright (after all it's directly from the SDK), so probably the problem is in your sources, I guess...
Regards, Madshi.
here is my source code to send the dll a message to start hooking:
void __fastcall TForm1::InstallHook()
{
char ThunkTrash[0x40];
ThunkTrash[0] = 0;
HWND han=Form1->Handle;
LOADLIB16 LL16;
GETPROC16 GP16;
FREELIB16 FL16;
HINSTANCE Inst;
DWORD Get;
HMODULE Kernel;
Kernel = GetModuleHandle("C:\\windo
QT_Thunk = GetProcAddress(Kernel, "QT_Thunk");
LL16 = (LOADLIB16) GetK32ProcAddress(35);//Lo
GP16 = (GETPROC16) GetK32ProcAddress(37);//Fr
FL16 = (FREELIB16) GetK32ProcAddress(36);//Ge
Inst = (*LL16)("C:\\dll_16bit\\pa
Get = (*GP16)(Inst,"PatchDdi");
DDITYPE ddiType;
ddiType = 2;
tmpResult = 0;
_asm
{
push han
push Inst
push ddiType
mov edx, [Get]
call QT_Thunk
mov [tmpResult], ax
}
hpatch=(tagPATCH *)tmpResult;
(*FL16)(Inst);
}
My GetK32ProcAddress function is like GetProcAddress ,but it takes the ORD instead to import undocumented kernel32.dll functions(LoadLibrary16,Fr
if you need the source code for GetK32ProcAddress function
or something is not clear,just ask me :-)
ASKER
oops... frogot to delete cookies.I share one computer with a few pals.
I'l post the code again:
here is my source code to send the dll a message to start hooking:
void __fastcall TForm1::InstallHook()
{
char ThunkTrash[0x40];
ThunkTrash[0] = 0;
HWND han=Form1->Handle;
LOADLIB16 LL16;
GETPROC16 GP16;
FREELIB16 FL16;
HINSTANCE Inst;
DWORD Get;
HMODULE Kernel;
Kernel = GetModuleHandle("C:\\windo
QT_Thunk = GetProcAddress(Kernel, "QT_Thunk");
LL16 = (LOADLIB16) GetK32ProcAddress(35);//Lo
GP16 = (GETPROC16) GetK32ProcAddress(37);//Fr
FL16 = (FREELIB16) GetK32ProcAddress(36);//Ge
Inst = (*LL16)("C:\\dll_16bit\\pa
Get = (*GP16)(Inst,"PatchDdi");
DDITYPE ddiType;
ddiType = 2;
tmpResult = 0;
_asm
{
push han
push Inst
push ddiType
mov edx, [Get]
call QT_Thunk
mov [tmpResult], ax
}
hpatch=(tagPATCH *)tmpResult;
(*FL16)(Inst);
}
My GetK32ProcAddress function is like GetProcAddress ,but it takes the ORD instead to import undocumented
kernel32.dll functions(LoadLibrary16,Fr
if you need the source code for GetK32ProcAddress function
or something is not clear,just ask me :-)
I'l post the code again:
here is my source code to send the dll a message to start hooking:
void __fastcall TForm1::InstallHook()
{
char ThunkTrash[0x40];
ThunkTrash[0] = 0;
HWND han=Form1->Handle;
LOADLIB16 LL16;
GETPROC16 GP16;
FREELIB16 FL16;
HINSTANCE Inst;
DWORD Get;
HMODULE Kernel;
Kernel = GetModuleHandle("C:\\windo
QT_Thunk = GetProcAddress(Kernel, "QT_Thunk");
LL16 = (LOADLIB16) GetK32ProcAddress(35);//Lo
GP16 = (GETPROC16) GetK32ProcAddress(37);//Fr
FL16 = (FREELIB16) GetK32ProcAddress(36);//Ge
Inst = (*LL16)("C:\\dll_16bit\\pa
Get = (*GP16)(Inst,"PatchDdi");
DDITYPE ddiType;
ddiType = 2;
tmpResult = 0;
_asm
{
push han
push Inst
push ddiType
mov edx, [Get]
call QT_Thunk
mov [tmpResult], ax
}
hpatch=(tagPATCH *)tmpResult;
(*FL16)(Inst);
}
My GetK32ProcAddress function is like GetProcAddress ,but it takes the ORD instead to import undocumented
kernel32.dll functions(LoadLibrary16,Fr
if you need the source code for GetK32ProcAddress function
or something is not clear,just ask me :-)
Hmmmm... Tried it, getting blue screens all the time... :-( I guess it is because the patch.dll from that SDK is written specifically to work together with a 16 bit application, not with a 32 bit application. E.g. as the middle parameter PatchDdi wants to have the 16 bit instance handle of the 16 bit application. The dll then uses this instance handle to allocate strings that the 16 bit application has to free again afterwards.
I think you have to rewrite the patch.dll to fit your 32 bit application. I'm also not sure whether messages are a good way to communicate. Don't know...
BTW, you don't need GetK32ProcAddress, you can statically link to the APIs, well, at least in Delphi. Probably for C++ you need a lib file, ha, I love Delphi... :-)
function LoadLibrary16 (libraryName: PChar) : dword; stdcall;
external kernel32 index 35;
function FreeLibrary16 (hInstance: dword) : integer; stdcall;
external kernel32 index 36;
function GetProcAddress16 (hinstance: dword; procName: PChar) : pointer; stdcall;
external kernel32 index 37;
This works beautifully in win9x, and doesn't hinder exes to run under NT based systems, either.
Regards, Madshi.
P.S: I know that it is possible to make DDI hooking work with 32 bit applications, because I know someone who has made it work. Unfortunately I don't have the source code.
I think you have to rewrite the patch.dll to fit your 32 bit application. I'm also not sure whether messages are a good way to communicate. Don't know...
BTW, you don't need GetK32ProcAddress, you can statically link to the APIs, well, at least in Delphi. Probably for C++ you need a lib file, ha, I love Delphi... :-)
function LoadLibrary16 (libraryName: PChar) : dword; stdcall;
external kernel32 index 35;
function FreeLibrary16 (hInstance: dword) : integer; stdcall;
external kernel32 index 36;
function GetProcAddress16 (hinstance: dword; procName: PChar) : pointer; stdcall;
external kernel32 index 37;
This works beautifully in win9x, and doesn't hinder exes to run under NT based systems, either.
Regards, Madshi.
P.S: I know that it is possible to make DDI hooking work with 32 bit applications, because I know someone who has made it work. Unfortunately I don't have the source code.
P.P.S: The one who made it work didn't use the patch.dll from the SDK, he wrote his own 16 bit dll with Delphi1.
Hello madshi :-),so how do I make the dll work with 32bit program?
Hah! :-) Well, if I would have to do this DDI hook stuff, I would first of all recompile that patch.dll and recompile the 16 bit application (keeping it in 16 bit for now). If you get that to work, try to change patch.dll in that way, that it doesn't need the middle parameter in PatchDdi. Of course you then have to find a different way of transporting the string to the application. Look for a way, that is 32 bit compatible (don't ask me, I didn't do 16 bit programming for ages). Then if that all works, try to talk to the 16 bit dll from a 32 bit application through thunking.
Sorry, I can't do all the dirty work for you, no time for that. If you have a bit of patience (maybe some months :-), you can get the solution from me, because I'm planning to add DDI hooking support to my API hooking package, anyway. But it's a future plan, have other important things to do first.
www.madshi.net
Sorry, I can't do all the dirty work for you, no time for that. If you have a bit of patience (maybe some months :-), you can get the solution from me, because I'm planning to add DDI hooking support to my API hooking package, anyway. But it's a future plan, have other important things to do first.
www.madshi.net
Hello,
Why did you request I send you the info , if you wernt decided on helping just a bit? None of your suggestions seem to give some new info I didnt already know of.But anytime you must have spent is appreciated :-).
Maybe I helped you in some way by giving you the msaasdk link? I guess I was used this time, instead of the other way around ;-)
Anyway. I would very appreciate to hear any future info on the Api package you will make :-)
I frogot to say why I need to hook DDI functions.The reason is becuase I want to make a program that monitors a computer thru network without sending the whole screen(which is very slow and processor intensive).
Why did you request I send you the info , if you wernt decided on helping just a bit? None of your suggestions seem to give some new info I didnt already know of.But anytime you must have spent is appreciated :-).
Maybe I helped you in some way by giving you the msaasdk link? I guess I was used this time, instead of the other way around ;-)
Anyway. I would very appreciate to hear any future info on the Api package you will make :-)
I frogot to say why I need to hook DDI functions.The reason is becuase I want to make a program that monitors a computer thru network without sending the whole screen(which is very slow and processor intensive).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello madshi!
Very sorry for my previous statements. I really appreciate your time you spent in trying to help .
This topic of DDI Hook, will be a rather tougher , since not much documentation on Microsofts side, and not many people seem to use it.
And here are all the points I have :-) .
Best Regards.
P.S
Im mainly need to this on Win9X, on Win2000/XP I know there are more documented API I could use, also many books avaible for win2000 gdi.
Very sorry for my previous statements. I really appreciate your time you spent in trying to help .
This topic of DDI Hook, will be a rather tougher , since not much documentation on Microsofts side, and not many people seem to use it.
And here are all the points I have :-) .
Best Regards.
P.S
Im mainly need to this on Win9X, on Win2000/XP I know there are more documented API I could use, also many books avaible for win2000 gdi.
>> Very sorry for my previous statements.
No problem, I did understand your feelings...
>> This topic of DDI Hook, will be a rather tougher, since not much documentation on Microsofts side, and not many people seem to use it.
Right.
>> And here are all the points I have :-) .
Oh, thank you very much, I really didn't expect this, because I didn't help much. Well, here are two links that might be very interesting for you:
https://www.experts-exchange.com/jsp/qShow.jsp?ta=delphi&qid=11622218
https://www.experts-exchange.com/jsp/qShow.jsp?ta=delphi&qid=10938141
The one I know who made DDIHook working commented there and showed some parts of his (Delphi) code.
>> Im mainly need to this on Win9X, on Win2000/XP I know there are more documented API I could use, also many books avaible for win2000 gdi.
Do you know the win9x book from Matt Pietrek? I think he was also the one who originally wrote that GetK32ProcAddress function. He has written a *very* good book about win9x deepest internals. Unfortunately the GDI part is quite small, because Matt is not that much of a GUI guy. But nevertheless it's a must read for every serious win9x low level system programmer. The book is completely out of print, but if you do a web search, you'll find some illegal pdf downloads... :-/
Regards, Madshi.
No problem, I did understand your feelings...
>> This topic of DDI Hook, will be a rather tougher, since not much documentation on Microsofts side, and not many people seem to use it.
Right.
>> And here are all the points I have :-) .
Oh, thank you very much, I really didn't expect this, because I didn't help much. Well, here are two links that might be very interesting for you:
https://www.experts-exchange.com/jsp/qShow.jsp?ta=delphi&qid=11622218
https://www.experts-exchange.com/jsp/qShow.jsp?ta=delphi&qid=10938141
The one I know who made DDIHook working commented there and showed some parts of his (Delphi) code.
>> Im mainly need to this on Win9X, on Win2000/XP I know there are more documented API I could use, also many books avaible for win2000 gdi.
Do you know the win9x book from Matt Pietrek? I think he was also the one who originally wrote that GetK32ProcAddress function. He has written a *very* good book about win9x deepest internals. Unfortunately the GDI part is quite small, because Matt is not that much of a GUI guy. But nevertheless it's a must read for every serious win9x low level system programmer. The book is completely out of print, but if you do a web search, you'll find some illegal pdf downloads... :-/
Regards, Madshi.