Sign in to follow this  

API Hooking.

This topic is 4264 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hello everyone, I have a question about API Hooking on ventrilo( www.ventrilo.com ) That im want to do is this: 1. Hook the API Function that handle the "when a user connect" msg.¨ 2. I want to make a popup with the user name that just connected. I hope anyone understand what Im trying to do and can help me with this and can point me somewere. Thanks all.

Share this post


Link to post
Share on other sites
Well here is how I started:

First I get the ( HANDLE ) to the process:

HANDLE pProcess;


int FindProcess( char *pProcessName )
{
int count=0;
PROCESSENTRY32 ppe={0};
ppe.dwSize=sizeof(PROCESSENTRY32);
HANDLE hSnapShot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

if(Process32First(hSnapShot, &ppe))
{
while(Process32Next(hSnapShot, &ppe) && count<MAX_PROCESS-1)
{
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE, ppe.th32ProcessID );

if(!strcmpi(ppe.szExeFile,PROCESS_NAME))
{
pProcess = hProcess;
//hProcess[count].PID = ppe.th32ProcessID;
//strcpy(hProcess[count].szName,ppe.szExeFile);
count++;
}
}
}

CloseHandle(hSnapShot);
return count;
}



Useage:

FindProcess( "Ventrilo.exe" );

then I read the memory using the ReadProcessMemory command.

Address: A18E30 == Ping in ventrilo 2.1.0

int pPing=0;

ReadProcessMemory( pProcess, (LPVOID)0xA18E30, &pPing, sizeof( pPing ), NULL);

printf( "Ping: %i\n", pPing );


--------------------------------------


Well that I dont know is how to access the functions to see if someone connects
and then copy his name and display it.

Come on someone point me somewere :]

thanks.

Share this post


Link to post
Share on other sites
there are many ways to hook the WINSOCK apis.

1. you can make a dll injection which basicly inject a dll to any process and by that inject jmp instruction to your dll hook function. this basicly called trampolin function (jumping to your function and return back).

2. there is allways a possiblity to do a dispatch hooking or write a TDI kernel driver , I believe this is not one of your ideas incase you are up for a game.

3. I believe this will be the best way for you to do it, (remember, I do have no clue why are you trying to hook) search for google for "LSP". LSP is a service provider that basicly is part of the chain between the a winsock user (a user-application that try to establish a connection via winsock) and the TCP-IP stack. by writing a LSP provider you can basicly "hook" to every process that using winsock and legaily recieve every winsock call before the TCP stack.

in case you are still up for api hooking which I am aginst in commercial products you better look for "detours" on microsoft research home page ,"detour" is a hook api kit made by microsoft research guys which basicly hook by dll-injection. the idea for this product is to instrument an application performance.

hope somthing will be helpfull from this reply.
Nuno1

Share this post


Link to post
Share on other sites

This topic is 4264 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this