Solved

API Hooking, codecave, inputvalidation

Posted on 2006-11-16
2
390 Views
Last Modified: 2008-01-09
A rather uncommon question, or rather series of questions im sure

First a case

I have this application
Very annoying application
This annoying application does not support any form of validation on textfields, so once you press the "save" button, these fields a written to a database, and from there it pollutes a whole new magnitude of.. stuff.
So I want to add validation to this application! (its ok with the vendor)
Now i can iterate through the handles of the application and get the different hwnd's of controls, including the save button, so one solution would be use 'another' save button wich in turn validated data (either get handles of textfields, or readproccessmemory) and on success pressed the true save button.
I dont like that one very much, as the 'save button' would most likely reside outside of the original application.
I'd much rather 'hook' the true save button, do some inspection upon activation and from there either allow or deny the actual 'pressing' messages to the constrol.

So here goes; how would you go about 'hooking' a button like that?
API hook on SendMessage to that thread? how is that done (pointer to litterature) ?
Implement a codecave in the executable around the particular control(button) ? (i have a handle to the button, anyway to reveal an interresting address from that ? )

Other ideas welcome too:) Thanks!!
0
Comment
Question by:CyTG
2 Comments
 
LVL 86

Accepted Solution

by:
jkr earned 300 total points
ID: 17956902
Basically you can accomplish this task via both API hookin and a Windows hook, where the latterwould be the IMO preferred solution. See e.g.

http://www.codeproject.com/system/hooksys.asp ("API hooking revealed")
http://www.codeproject.com/dll/hooks.asp ("Hooks and DLLs")

and

http://www.codeproject.com/threads/winspy.asp ("Three Ways to Inject Your Code into Another Process")

for a broader view. MSDN also has an interesting article about that:

http://msdn.microsoft.com/library/en-us/dnwui/html/msdn_hooks32.asp ("Win32 Hooks")
0
 
LVL 1

Author Comment

by:CyTG
ID: 18001541
thanks .. good reads!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Errors will happen. It is a fact of life for the programmer. How and when errors are detected have a great impact on quality and cost of a product. It is better to detect errors at compile time, when possible and practical. Errors that make their wa…
IntroductionThis article is the second in a three part article series on the Visual Studio 2008 Debugger.  It provides tips in setting and using breakpoints. If not familiar with this debugger, you can find a basic introduction in the EE article loc…
The viewer will learn how to use the return statement in functions in C++. The video will also teach the user how to pass data to a function and have the function return data back for further processing.
The viewer will learn how to clear a vector as well as how to detect empty vectors in C++.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now