Sign in to follow this  
X5-Programmer

API Hooking.

Recommended Posts

X5-Programmer    100
Hello everyone, I have a question about API Hooking on ventrilo( www.ventrilo.com ) That im want to do is this: 1. Hook the API Function that handle the "when a user connect" msg.¨ 2. I want to make a popup with the user name that just connected. I hope anyone understand what Im trying to do and can help me with this and can point me somewere. Thanks all.

Share this post


Link to post
Share on other sites
X5-Programmer    100
Well here is how I started:

First I get the ( HANDLE ) to the process:

HANDLE pProcess;


int FindProcess( char *pProcessName )
{
int count=0;
PROCESSENTRY32 ppe={0};
ppe.dwSize=sizeof(PROCESSENTRY32);
HANDLE hSnapShot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

if(Process32First(hSnapShot, &ppe))
{
while(Process32Next(hSnapShot, &ppe) && count<MAX_PROCESS-1)
{
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE, ppe.th32ProcessID );

if(!strcmpi(ppe.szExeFile,PROCESS_NAME))
{
pProcess = hProcess;
//hProcess[count].PID = ppe.th32ProcessID;
//strcpy(hProcess[count].szName,ppe.szExeFile);
count++;
}
}
}

CloseHandle(hSnapShot);
return count;
}



Useage:

FindProcess( "Ventrilo.exe" );

then I read the memory using the ReadProcessMemory command.

Address: A18E30 == Ping in ventrilo 2.1.0

int pPing=0;

ReadProcessMemory( pProcess, (LPVOID)0xA18E30, &pPing, sizeof( pPing ), NULL);

printf( "Ping: %i\n", pPing );


--------------------------------------


Well that I dont know is how to access the functions to see if someone connects
and then copy his name and display it.

Come on someone point me somewere :]

thanks.

Share this post


Link to post
Share on other sites
Nuno1    161
there are many ways to hook the WINSOCK apis.

1. you can make a dll injection which basicly inject a dll to any process and by that inject jmp instruction to your dll hook function. this basicly called trampolin function (jumping to your function and return back).

2. there is allways a possiblity to do a dispatch hooking or write a TDI kernel driver , I believe this is not one of your ideas incase you are up for a game.

3. I believe this will be the best way for you to do it, (remember, I do have no clue why are you trying to hook) search for google for "LSP". LSP is a service provider that basicly is part of the chain between the a winsock user (a user-application that try to establish a connection via winsock) and the TCP-IP stack. by writing a LSP provider you can basicly "hook" to every process that using winsock and legaily recieve every winsock call before the TCP stack.

in case you are still up for api hooking which I am aginst in commercial products you better look for "detours" on microsoft research home page ,"detour" is a hook api kit made by microsoft research guys which basicly hook by dll-injection. the idea for this product is to instrument an application performance.

hope somthing will be helpfull from this reply.
Nuno1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this