PureBasic Forums - English

Posted: **Wed Dec 11, 2013 12:36 pm**

Hi everyone.
I'm trying to hook GetProcAddress win api function. When i hooked it, it calls my function but when i tryed to call original one in procedurereturn, application crashing.

Code: Select all

Global Dim Backup.b(5)
Global *realGetProcAddress
OpenConsole()

Procedure HookLib(Libname.s,FuncName.s,NewFunctionAddress)
 
dwAddr = GetProcAddress_(GetModuleHandle_(LibName), FuncName)
OriginalAdress=dwAddr
Result=ReadProcessMemory_(GetCurrentProcess_(), dwAddr, @Backup(0), 6, @readbytes) ;save old Bytes
 
 
 Dim a.b(6)
 a(0)=$e9
 a(5)=$C3
 
 dwCalc = NewFunctionAddress - dwAddr - 5;   //((to)-(from)-5)
 
 CopyMemory(@dwCalc,@a(1),4)
 
 Result = WriteProcessMemory_(GetCurrentProcess_(), dwAddr, @a(0), 6, @written);
 ProcedureReturn OriginalAdress
EndProcedure
 
Procedure UnHookLib(Libname.s,FuncName.s)
 
dwAddr = GetProcAddress_(GetModuleHandle_(LibName), FuncName)
Result= WriteProcessMemory_(GetCurrentProcess_(), dwAddr, @Backup(0), 6, @written);

EndProcedure




ProcedureCDLL HookGetProcAddress(hModule, IpProcName)
  UnHookLib("kernel32.dll", "GetProcAddress")
  ProcedureReturn GetProcAddress_(hModule, IpProcName)
EndProcedure

ProcedureDLL AttachProcess(Instance)
  *realGetProcAddress = HookLib("kernel32.dll", "GetProcAddress", @HookGetProcAddress())
EndProcedure

I aslo tryed use

Code: Select all

;* This one probably will call self 
ProcedureCDLL HookGetProcAddress(hModule, IpProcName)
  ProcedureReturn CallCFunctionFast(*realGetProcAddress, hModule, IpProcName)
EndProcedure

;*aslo tryed this:

ProcedureCDLL HookGetProcAddress(hModule, IpProcName)
  UnHookLib("kernel32.dll", "GetProcAddress")
  Ret=CallCFunctionFast(*realGetProcAddress, hModule, IpProcName) ; And using GetProcAddress_() tryed too
  HookLib("kernel32.dll", "GetProcAddress", @HookGetProcAddress())  
  ProcedureReturn Ret
EndProcedure

but every attemp fails.
So how can i fix this? So it will call original GetProcAddress from my hooked function and will not crash app.

Posted: **Sun Dec 15, 2013 3:06 pm**

Guys, any ideas?

Posted: **Wed Dec 18, 2013 8:28 am**

This is a dirty fix, guessing how many bytes to copy and backup the original proc.
It would be safer to determine the size of the proc first, but I had to test it quickly.

Sidenote; Replace it with a stdcall chunk, not with cdecl.

Code: Select all

Global Dim Backup.b(6)
Global *realGetProcAddress
OpenConsole()

Global *original = VirtualAlloc_(#Null, 1024, #MEM_COMMIT, #PAGE_EXECUTE_READWRITE)

Procedure HookLib(Libname.s,FuncName.s,NewFunctionAddress)
  Protected dwAddr, Result, dwCalc
  Protected dwAddr = GetProcAddress_(GetModuleHandle_(LibName), FuncName)
  OriginalAdress   = dwAddr
  Result           = ReadProcessMemory_(GetCurrentProcess_(), dwAddr, @Backup(0), 6, @readbytes) ;save old Bytes
  
  ; backup the original procedure
  ReadProcessMemory_(GetCurrentProcess_(), dwAddr, *original, 1024, @readbytes2)
  
  Dim a.b(6)
  a(0)=$e9
  a(5)=$C3
  
  dwCalc = NewFunctionAddress - dwAddr - 5;   //((to)-(from)-5)
  
  CopyMemory(@dwCalc,@a(1),4)
  
  Result = WriteProcessMemory_(GetCurrentProcess_(), dwAddr, @a(0), 6, @written);
  ProcedureReturn OriginalAdress
EndProcedure
 
Procedure UnHookLib(Libname.s,FuncName.s)
  Protected dwAddr, Result
  dwAddr = GetProcAddress_(GetModuleHandle_(LibName), FuncName)
  Result = WriteProcessMemory_(GetCurrentProcess_(), dwAddr, @Backup(0), 6, @written);
EndProcedure

Procedure.i gpa(hmodule, szfunction.s)
  Debug "GetProcAddress called: hmodule; " + hmodule + ", szfunction: " + szfunction
  ProcedureReturn CallFunctionFast(*original, hmodule, @szfunction)
EndProcedure

dwOriginal  = HookLib("kernel32.dll", "GetProcAddress", @gpa())
loadLibrary = GetProcAddress_(GetModuleHandle_("kernel32.dll"), "LoadLibraryA")
user32      = CallFunctionFast(loadLibrary, @"user32.dll")

Debug "user32: " + user32

PureBasic Forums - English

Hooking GetProcAddress function

Hooking GetProcAddress function

Re: Hooking GetProcAddress function

Re: Hooking GetProcAddress function