API Hooking.
Author
Hello everyone, I have a question about API Hooking on ventrilo( www.ventrilo.com )
That im want to do is this:
1. Hook the API Function that handle the "when a user connect" msg.¨
2. I want to make a popup with the user name that just connected.
I hope anyone understand what Im trying to do and can help me with this and can point me somewere.
Thanks all.
Author
Well here is how I started:
First I get the ( HANDLE ) to the process:
HANDLE pProcess;
Useage:
FindProcess( "Ventrilo.exe" );
then I read the memory using the ReadProcessMemory command.
Address: A18E30 == Ping in ventrilo 2.1.0
int pPing=0;
ReadProcessMemory( pProcess, (LPVOID)0xA18E30, &pPing, sizeof( pPing ), NULL);
printf( "Ping: %i\n", pPing );
--------------------------------------
Well that I dont know is how to access the functions to see if someone connects
and then copy his name and display it.
Come on someone point me somewere :]
thanks.
First I get the ( HANDLE ) to the process:
HANDLE pProcess;
int FindProcess( char *pProcessName ) { int count=0; PROCESSENTRY32 ppe={0}; ppe.dwSize=sizeof(PROCESSENTRY32); HANDLE hSnapShot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if(Process32First(hSnapShot, &ppe)) { while(Process32Next(hSnapShot, &ppe) && count<MAX_PROCESS-1) { HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE, ppe.th32ProcessID ); if(!strcmpi(ppe.szExeFile,PROCESS_NAME)) { pProcess = hProcess; //hProcess[count].PID = ppe.th32ProcessID; //strcpy(hProcess[count].szName,ppe.szExeFile); count++; } } } CloseHandle(hSnapShot); return count; }Useage:
FindProcess( "Ventrilo.exe" );
then I read the memory using the ReadProcessMemory command.
Address: A18E30 == Ping in ventrilo 2.1.0
int pPing=0;
ReadProcessMemory( pProcess, (LPVOID)0xA18E30, &pPing, sizeof( pPing ), NULL);
printf( "Ping: %i\n", pPing );
--------------------------------------
Well that I dont know is how to access the functions to see if someone connects
and then copy his name and display it.
Come on someone point me somewere :]
thanks.
there are many ways to hook the WINSOCK apis.
1. you can make a dll injection which basicly inject a dll to any process and by that inject jmp instruction to your dll hook function. this basicly called trampolin function (jumping to your function and return back).
2. there is allways a possiblity to do a dispatch hooking or write a TDI kernel driver , I believe this is not one of your ideas incase you are up for a game.
3. I believe this will be the best way for you to do it, (remember, I do have no clue why are you trying to hook) search for google for "LSP". LSP is a service provider that basicly is part of the chain between the a winsock user (a user-application that try to establish a connection via winsock) and the TCP-IP stack. by writing a LSP provider you can basicly "hook" to every process that using winsock and legaily recieve every winsock call before the TCP stack.
in case you are still up for api hooking which I am aginst in commercial products you better look for "detours" on microsoft research home page ,"detour" is a hook api kit made by microsoft research guys which basicly hook by dll-injection. the idea for this product is to instrument an application performance.
hope somthing will be helpfull from this reply.
Nuno1
1. you can make a dll injection which basicly inject a dll to any process and by that inject jmp instruction to your dll hook function. this basicly called trampolin function (jumping to your function and return back).
2. there is allways a possiblity to do a dispatch hooking or write a TDI kernel driver , I believe this is not one of your ideas incase you are up for a game.
3. I believe this will be the best way for you to do it, (remember, I do have no clue why are you trying to hook) search for google for "LSP". LSP is a service provider that basicly is part of the chain between the a winsock user (a user-application that try to establish a connection via winsock) and the TCP-IP stack. by writing a LSP provider you can basicly "hook" to every process that using winsock and legaily recieve every winsock call before the TCP stack.
in case you are still up for api hooking which I am aginst in commercial products you better look for "detours" on microsoft research home page ,"detour" is a hook api kit made by microsoft research guys which basicly hook by dll-injection. the idea for this product is to instrument an application performance.
hope somthing will be helpfull from this reply.
Nuno1
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement