PureBasic Forums - English

http://www.purebasic.com
https://www.purebasic.fr/english/

API Hooking for FreeStyle

https://www.purebasic.fr/english/viewtopic.php?t=12652

Page 1 of 1

API Hooking for FreeStyle

Posted: Sat Oct 02, 2004 11:45 pm
by PolyVector
I need to hook a shared API in Windows9x to continue development on FreeStyle. Without this capability FreeStyle can't function properly in 9x! Here's what I know so far:
  • VirtualProtect_() won't allow me to modify permissions on a shared API...
  • I can bypass VirtualProtect_() by using an undocumented API called VxDCall()
  • With VxDCall() I can call _PageModifyPermissions directly and make shared memory writable
If anybody thinks they can help, I have code to access VxDCall() and _PageModifyPermissions... Although I'd rather PM it than post it here...

Posted: Sun Oct 03, 2004 12:21 am
by Sparkie
Not sure if this helps but have you tried VirtualProtectEx
MSDN SDK wrote:The VirtualProtect function changes the protection on a region of committed pages in the virtual address space of the calling process.

To change the access protection of any process, use the VirtualProtectEx function.

Client: Included in Windows XP, Windows 2000 Professional, Windows NT Workstation, Windows Me, Windows 98, and Windows 95.

Posted: Sun Oct 03, 2004 11:50 am
by PolyVector
no form of VirtualProtect will allow you to modify permissions of Shared memory :(
Windows Me/98/95: You cannot use VirtualProtectEx on any memory region located in the shared virtual address space (from 0x80000000 through 0xBFFFFFFF).
If anybody could help me getting this asm to work w/ PB it would be great:
It uses INT 2Eh to copy shared memory (on win9x)... It's the lowlevel equivilent of CopyMemory() on win9x

Code: Select all

                        i2E_RtlCopyMemory     equ     0000010Ah

                        mov     eax, i2E_RtlCopyMemory
                        lea     edx, stk
                        int     2Eh
                        ...
stk:                    dd      0BFF7xxxxh      ; edi (destination)
                        dd      offset vir_code ; esi (source)
                        dd      vir_size        ; ecx (length in bytes)

EDIT: SOLVED!
Here's the function if anybody's interested... It can copy ANY MEMORY on 9x... this includes protected/shared/whatever...

Code: Select all

Procedure Win9x_RtlCopyMemory(SourceMemory.l,DestinationMemory.l,Length.l)
  stk=AllocateMemory(3*4)
  PokeL(stk+0,DestinationMemory)
  PokeL(stk+4,SourceMemory)
  PokeL(stk+8,Length)
  MOV     eax, #i2E_RtlCopyMemory
  MOV     edx, stk
  INT     2Eh
  FreeMemory(Buffer)
EndProcedure

Posted: Tue Oct 05, 2004 4:43 pm
by FloHimself
solved polyvector?

Posted: Tue Oct 05, 2004 5:50 pm
by Rings
yes, win89's memory-handling is very secure ;)

Posted: Tue Oct 05, 2004 8:19 pm
by PolyVector
solved polyvector?
Well I solved that one hurtle for 9x api hooking... Now I need to write a small code-generator to create functions in shared memory that check what the current process is and compare it with a list... And ever time i try code that fails I have to reboot :evil:
At least VMWare is my friend!
My work is never done! :o

Posted: Sun Oct 10, 2004 5:42 am
by PolyVector
Alright, this problem has been completely solved! Thanks for your help everyone!

Posted: Sun Oct 10, 2004 9:49 am
by blueznl
gotta' love vmware! although i managed to crash the host now one time by doing something within vmware, security is not a 100% tight it appears
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited