| View previous topic :: View next topic |
| Author |
Message |
h4c0r-BG
Master Cheater
 Reputation: 0
Joined: 29 Nov 2006
Posts: 449
Location: The yogurt country
|
 Posted: Mon Aug 11, 2008 11:45 am Post subject: [Delphi] Help with API Hooking DLL |
 |
|
I have been browsing google and found this example. Which is supposed to hook a API and whenever Sleep is called to redirect to my own code.
This is the source:
| Quote: | library Project2;
uses
windows; //reduce size 
{$R *.res}
procedure hook(target, newfunc:pointer);
var
jmpto:dword;
begin
jmpto:=dword(newfunc)-dword(target)-5;
VirtualProtect(target, 5, PAGE_EXECUTE_READWRITE, nil);
pbyte(target)^:=$e9;
pdword(dword(target)+1)^:=jmpto;
end;
procedure MySleep(time:dword);
begin
MessageBox(0, 'You have called "Sleep!"', 'Good!', MB_OK);
end;
begin
hook(GetProcAddress(GetModuleHandle('kernel32.dll'), 'Sleep'), @MySleep);
end.
|
And i have the following problem when I inject it in absolutely any process with the same offsets and value (note that after the error the application does not crash but the redirection does not work):
What may be causing the problem and can anybody give me hint(s) or tell me what to fix? 
Thank you for spending time for reading my thread. Wish you everything good.
_________________
|
|
| Back to top |
|
 |
Renkokuken
GO Moderator
![]() Reputation: 4
Joined: 22 Oct 2006
Posts: 3249
|
| Posted: Mon Aug 11, 2008 12:37 pm Post subject: |
|
|
Look at your VirtualProtect call, then at MSDN's documentation on the final parameter.
| MSDN wrote: | | lpflOldProtect[out]: A pointer to a variable that receives the previous access protection value of the first page in the specified region of pages. If this parameter is NULL or does not point to a valid variable, the function fails. |
Also, it's smart to replace the old protection on the memory region you alter as well.
|
|
| Back to top |
|
|
&Vage
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Jul 2008
Posts: 1053
|
| Posted: Mon Aug 11, 2008 12:47 pm Post subject: |
|
|
| Code: |
DWORD dwOldProt;
VirtualProtect((LPVOID*)0x7C802442, 0x5, PAGE_EXECUTE_READWRITE, &dwOldProt);
|
|
|
| Back to top |
|
|
h4c0r-BG
Master Cheater
Reputation: 0
Joined: 29 Nov 2006
Posts: 449
Location: The yogurt country
|
| Posted: Mon Aug 11, 2008 1:44 pm Post subject: |
|
|
Renkokuken, thank you very much. The bold text really helped me.
Fix code:
| Quote: | //add
var
OldProtect: Cardinal;
//edit
VirtualProtect(target, 5, PAGE_EXECUTE_READWRITE, @OldProtect); |
Hope I helped somebody who likes Copy/Paste.
_________________
|
|
| Back to top |
|
|
Renkokuken
GO Moderator
![]() Reputation: 4
Joined: 22 Oct 2006
Posts: 3249
|
| Posted: Mon Aug 11, 2008 2:29 pm Post subject: |
|
|
| :) Glad to help.
|
|
| Back to top |
|
|
rapion124
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Mar 2007
Posts: 1095
|
| Posted: Tue Aug 12, 2008 8:15 am Post subject: |
|
|
| The code snippet is an incomplete example of API hooking. Normally, you must return execution control to the API via a trampoline. I assume this is only an example, because the thread that called Sleep() will throw an exception.
|
|
| Back to top |
|
|
lurc
Grandmaster Cheater Supreme
 Reputation: 2
Joined: 13 Nov 2006
Posts: 1900
|
| Posted: Tue Aug 12, 2008 10:21 am Post subject: |
|
|
| _void_ wrote: | | Code: |
DWORD dwOldProt;
VirtualProtect((LPVOID*)0x7C802442, 0x5, PAGE_EXECUTE_READWRITE, &dwOldProt);
|
|
You do know the first paramater is LPVOID (void*).
Using LPVOID* casts as a void** which will cause errors.
_________________
|
|
| Back to top |
|
|
h4c0r-BG
Master Cheater
Reputation: 0
Joined: 29 Nov 2006
Posts: 449
Location: The yogurt country
|
| Posted: Tue Aug 12, 2008 2:21 pm Post subject: |
|
|
| rapion124 wrote: | | The code snippet is an incomplete example of API hooking. Normally, you must return execution control to the API via a trampoline. I assume this is only an example, because the thread that called Sleep() will throw an exception. |
It is really an example and i am sure it wouldn't be complete, can you show me an example what were you trying to explain? Thank you.
_________________
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
