intercept API
Posted: Thu Jun 24, 2010 5:44 am
Hi all
program crashes...
What am I doing wrong?
Correctly find the address of the procedure, why it does not work??
Thanks for your help in advance!
Code: Select all
Procedure.s PutDirektorii(PutPapka); #CSIDL_SYSTEM
Put$=Space(#MAX_PATH):SHGetSpecialFolderLocation_(0,PutPapka,@Raz)
SHGetPathFromIDList_(Raz, @Put$):ProcedureReturn Trim(Put$)
EndProcedure
Procedure HookedProcedure(a,b)
; newmessagebox:
; Debug a
; Debug b
; Debug c
; Debug d
MessageRequester("!!!!", "+++++++++++++++++++++++")
ProcedureReturn
EndProcedure
Procedure Hook(process,library$,function$,HookedProcAddr)
dwAddr=GetProcAddress_(GetModuleHandle_(library$),function$)
Debug dwaddr
ReadProcessMemory_(process,dwAddr,@Backup(0),6,@readbytes)
Dim a.b(6) : a(0)=$68 : a(5)=$C3 : dwCalc=HookedProcAddr-dwAddr-5
CopyMemory(@dwCalc,@a(1),4)
; VirtualProtect_(dwAddr,8,#PAGE_EXECUTE_READWRITE,@oldP)
WriteProcessMemory_(process,dwAddr,@a(0),6,@written)
EndProcedure
Procedure OpenWindow_Window_0()
Protected res=0
If OpenWindow(0, 100, 100, 145, 260, "HookMe", #PB_Window_SystemMenu)
ButtonGadget(1, 40, 60, 60, 25, "Delete")
ButtonGadget(2, 40, 20, 60, 25, "Create")
ButtonGadget(3, 40, 100, 60, 25, "MSB")
StringGadget(4, 40, 140, 60, 25, Str(GetCurrentProcessId_()), #PB_String_ReadOnly)
ButtonGadget(5, 40, 180, 60, 25, "inject")
ButtonGadget(6, 40, 220, 60, 25, "Hook")
res=1
EndIf
ProcedureReturn res
EndProcedure
If OpenWindow_Window_0()
Repeat
Event = WaitWindowEvent()
Select Event
Case #PB_Event_Gadget
EventGadget = EventGadget()
Select EventGadget
Case 1 : f$="c:\test.txt" : DeleteFile_(f$)
Case 2 : f$="c:\test.txt" : CreateFile(0,f$) : WriteString(0,"hi") : CloseFile(0)
Case 3 : MessageBox_(0," О п а . ","В н и м а н и е !", #MB_ICONHAND)
; Case 5 : InjectDll("scan.dll")
Case 6
hProcess = OpenProcess_(#PROCESS_ALL_ACCESS, 0, Val(GetGadgetText(4)))
Hook(hProcess,"kernel32.dll","DeleteFileA",@HookedProcedure())
EndSelect
EndSelect
Until Event=#PB_Event_CloseWindow
EndIf
End
What am I doing wrong?
Correctly find the address of the procedure, why it does not work??
Thanks for your help in advance!