API Hooking, codecave, inputvalidation
Posted on 2006-11-16
A rather uncommon question, or rather series of questions im sure
First a case
I have this application
Very annoying application
This annoying application does not support any form of validation on textfields, so once you press the "save" button, these fields a written to a database, and from there it pollutes a whole new magnitude of.. stuff.
So I want to add validation to this application! (its ok with the vendor)
Now i can iterate through the handles of the application and get the different hwnd's of controls, including the save button, so one solution would be use 'another' save button wich in turn validated data (either get handles of textfields, or readproccessmemory) and on success pressed the true save button.
I dont like that one very much, as the 'save button' would most likely reside outside of the original application.
I'd much rather 'hook' the true save button, do some inspection upon activation and from there either allow or deny the actual 'pressing' messages to the constrol.
So here goes; how would you go about 'hooking' a button like that?
API hook on SendMessage to that thread? how is that done (pointer to litterature) ?
Implement a codecave in the executable around the particular control(button) ? (i have a handle to the button, anyway to reveal an interresting address from that ? )
Other ideas welcome too:) Thanks!!