PureBasic Forums - English

NOTICE:
To prevent abuse, we are stopping development on CodeNapper... We may release it in the Microsoft Detours fashion (very expensive) to prevent hacker kiddies from getting ahold of it... If anybody is interested in API-Hooking or DLL-Injection for a legitmate use, contact me and I'll point you in the right direction

CodeNapper is a library I wrote to assist me in developing FreeStyle... Since there's been so many delays with FreeStyle, I've decided to release this library to the public. The examples are lacking right now, but it's fairly simple to understand what's going on.

Here's a Description:

CodeNapper is an API-Hooking / DLL-Injecting library. It's more-or-less an inexpensive form of Microsoft Detours.

The Free version allows you to simply replace one function with another. This can be used to replace an API call with something else, or for software protection schemes. A common use would be to modify the way Windows renders something. For example, one of the included examples replaces DrawFocusRect_() with an alpha-blended rectangle.

If you register, the capabilities are greatly expanded. Trampoline functions allow your 'Replacement' function to call the 'Original' function to expand its capabilities, or simply log it's use... This could be used to monitor packets with/without disturbing them. DLL Injection allows you to force any running application to load your dll and execute it. This can be used to write addons for existing applications such as Messengers or even your web browser... With these capabilities combined, you could write something that injects itself into all running programs and changes their behavior. The posibilites are endless.

Enjoy!
*Link Removed*

For questions or bug reports:
Visit the Skunksoft Forums!

Hi polyvector, as you know im a beta tester for you (hehe how would you
forget that ) and this is a very cool lib. I used it for some anti-disassembling etc. I voted that i would be interesting in paying, but
as i said, depends on price, very much.

Well I'm not sure what the going-rate is for this sort of lib since there aren't very many, and Microsoft Detours only has a "Contact us for Licensing" link...
I want to keep this low-cost... What do you think a fair price would be?

i dunno what price should be. I havent seen anything like this before, but as
you mention microsoft has one. But still it should be a purebasic library, as
i already said once on your irc chan.


btw: how did the dll get that big? I remember it to be very small. Anyway,
if its maked as a PB userlib with TailBite, i think exe size will be smaller
as it only includes needed code.

Sadly, TailBite won't compile it... and I've added many many things since you've tried it last... The size its fine for the power it has...

maybe, but still, say your app is a small shareware app. lets say 45 kb.
Now lets say author wants to program registration and protection himself,
and finds you lib to do a part of it. I would choose not to use it because its nearly 50% bigger than the app itself.

...WTH is API-Hooking and DLL-Injection???



BTW, went looking for clues with microsoft detours and as mentioned, the site says to contact them if wishing to use as a commercial product.

Megabucks?

If there is little "out there" it can mean great opportunity - or great disinterest.

I guess it's one of those things that's very powerful, if you know what to do with it

I think it's fairly straightforward once you see the examples... The idea is this: The main power here is the ability to change or extend already compiled code, such as the Windows API...

@thefool
The lib will shrink down to arround 20k-30k once DisASMCommand() can work inside DLLs... A lot of the size is due to an OpCode index...

Wow, that is powerful.

> The main power here is the ability to change or extend already compiled code

So this will work with ANY Win32 app -- not just our PureBasic apps? So if
we change MessageBox to something else, then every Win32 app that calls
MessageBox will use our code instead? Sounds dangerous... 8O

Dare2 wrote:...WTH is API-Hooking and DLL-Injection???

Maybe this is interesting for you http://help.madshi.net/ApiCodeHooking.htm

Hi Max.²

Thanks for the link.

So this will work with ANY Win32 app -- not just our PureBasic apps? So if
we change MessageBox to something else, then every Win32 app that calls
MessageBox will use our code instead? Sounds dangerous...

No, It will change MessageBox for your app... If you write your app in a DLL and use my injection function to inject it into other apps, you can effectivly change every app...

So I may be possible to remove the VB runtime library from vb applications,.. but replacing it with your own

Shannara wrote:So I may be possible to remove the VB runtime library from vb applications,.. but replacing it with your own

If you could somehow recreate 5 megs of undocumented code, you would simply replace the DLL with your own... This is not what my library is intended for...
A real-world use of my library would be, say, modifying file read-write API calls to access virtual encrypted files located in memory (In the same way that Thinstall works)


Notice:
I'm temperarily removing the file from our servers because of something that was recently brought to our attention... Apparently there's been a rash of people using this kind of library with a malicious intent! Even madCodeHook has experienced this...
The main threat lies in the ability to create programs that can't be terminated or applications that block Anti-Virus software from operating... The potential for mis-use is enormous, and this is why most companies charge such a high price for this type of library. They don't want the average hacker to be able to simply download it or buy it for $25... The danger is that you can bypass basicly any security and this is not something Skunksoft wants to have any part with...
I'll talk it over with the rest of the team and see what we come up with... But it's looking like we may have to drop this project...