Having trouble with microsoft detours

Question

I'm trying to do some basic hooking with microsoft detours and I can't get it to work. I've used essentially the code that was posted in this thread:

How can I hook Windows functions in C/C++?

but no dice. I updated the send/receive functions in the DLL code to simply log the data to a file, and I tried having the main program hook into the "internet checkers" program, but a log file never gets created, so it appears that the dll wasn't injected.

I'm running Windows 7 64-bit, Visual Studio 10.0, Detours 3.0 (my environment appears to be set up correctly, no issues building or anything). I created a DLL project, pasted in the DLL code from the link above, with send/recv updated as such:

FILE * pSendLogFile;
fopen_s(&pSendLogFile, "C:\SendLog.txt", "a+");
fprintf(pSendLogFile, "%s
", buf);
fclose(pSendLogFile);

and compiled. Then created another project, pasted in the main code from the link above, set it to look for the chkrzm.exe program (checkers), and hardcoded the DLL path to:

fullPath = "C:\Users\PM\Documents\Programs\C Code\Test\DLLTester2\Debug\DLLTester2.dll";

and ran it, but no dice. Any idea why I can't get this to work?

Paavan M · Accepted Answer

FYI got this solved. To see which processes are 32-bit, just ctrl-alt-delete and go to the task manager; 32-bit processes are listed with *32 next to them. Also got my hook working; here is the code. I abandoned the CreateRemoteThread approach and just used a system-wide hook. I stitched the code together from:

How to hook external process with SetWindowsHookEx and WH_KEYBOARD http://www.codingthewheel.com/archives/how-i-built-a-working-online-poker-bot-4 http://www.codingthewheel.com/archives/how-i-built-a-working-online-poker-bot-7

This program simply reverses text in 32-bit processes (as shown in the last link above). Eg. open up textpad and hover over menus; their text should get reversed.

The dll:

#include 
#include 
#include 
#include 
using namespace std;


// Initial stuff
#ifdef _MANAGED
#pragma managed(push, off)
#endif

#pragma comment( lib, "Ws2_32.lib" )
#pragma comment( lib, "detours.lib" )

#pragma data_seg("Shared")
HHOOK   g_hHook  = NULL;
#pragma data_seg()


// Globals
HINSTANCE  g_hInstance = NULL;


// ExtTextOut - original
BOOL (WINAPI * Real_ExtTextOut)(HDC hdc, int X, int Y, UINT options, const RECT* lprc, LPCTSTR text, UINT cbCount, const INT* lpSpacingValues) = ExtTextOut;

// ExtTextOut - overridden
BOOL WINAPI Mine_ExtTextOut(HDC hdc, int X, int Y, UINT options, const RECT* lprc, LPCTSTR text, UINT cbCount, const INT* lpSpacingValues)
{
    if (!text)
        return TRUE;

    // Make a copy of the supplied string..safely
    LPWSTR szTemp = (LPWSTR)LocalAlloc(0, (cbCount+1) * 2);
    memcpy(szTemp, text, cbCount*2); // can't use strcpy here
    szTemp[cbCount] = L'\0'; // append terminating null

    // Reverse it..
    wcsrev(szTemp);

    // Pass it on to windows...
    BOOL rv = Real_ExtTextOut(hdc, X, Y, options, lprc, szTemp, cbCount, lpSpacingValues);

    // Cleanup
    LocalFree(szTemp);

    return TRUE;
}


// DLLMain
BOOL APIENTRY DllMain( HANDLE hModule, DWORD  ul_reason_for_call, LPVOID lpReserved  )
{
    switch (ul_reason_for_call)
    {
        case DLL_PROCESS_ATTACH:
            g_hInstance  = (HINSTANCE) hModule;

            DetourTransactionBegin(); 
            DetourUpdateThread(GetCurrentThread());
            DetourAttach(&(PVOID&)Real_ExtTextOut, Mine_ExtTextOut); // <- magic
            DetourTransactionCommit();
            break;

        case DLL_PROCESS_DETACH:
            DetourTransactionBegin(); 
            DetourUpdateThread(GetCurrentThread());
            DetourDetach(&(PVOID&)Real_ExtTextOut, Mine_ExtTextOut);
            DetourTransactionCommit();
            break;
    }

    return TRUE;
}


// CBT Hook - dll is hooked into all processes (only 32 bit processes on my machine)
LRESULT CALLBACK CBTProc(int nCode, WPARAM wParam, LPARAM lParam)
{
    if (nCode < 0)
        return CallNextHookEx(g_hHook, nCode, wParam, lParam);

    // Return 0 to allow window creation/destruction/activation to proceed as normal.
    return 0;
}


// Install hook
extern "C" __declspec(dllexport) bool install()
{
    g_hHook = SetWindowsHookEx(WH_CBT, (HOOKPROC) CBTProc, g_hInstance, 0);

    return g_hHook != NULL;
}


// Uninstall hook
extern "C" __declspec(dllexport) void uninstall()
{
    if (g_hHook)
    {
        UnhookWindowsHookEx(g_hHook);
        g_hHook = NULL;
    }
}

The main program:

#include 
#include 
#include 
#include 
using namespace std;


// Main
int _tmain(int argc, _TCHAR* argv[])
{
    // Load dll
    HINSTANCE hinst = LoadLibrary(_T("C:\Users\PM\Documents\Programs\C Code\Test\DLLTesterFinal\Debug\DLLTesterFinal.dll")); 

    if (hinst)
    {
        // Get functions
        typedef bool (*Install)();
        typedef void (*Uninstall)();
        Install install = (Install) GetProcAddress(hinst, "install");
        Uninstall uninstall = (Uninstall) GetProcAddress(hinst, "uninstall");
        cout << "GetLastError1: " << GetLastError () << endl << endl;

        // Install hook
        bool hookInstalledSuccessfully = install ();
        cout << "GetLastError2: " << GetLastError () << endl;
        cout << "Hook installed successfully? " << hookInstalledSuccessfully << endl << endl;

        // At this point, go to a 32-bit process (eg. textpad, chrome) and hover over menus; their text should get reversed
        cout << "Text should now be reversed in 32-bit processes" << endl;
        system ("Pause");

        // Uninstall hook
        uninstall();
        cout << endl << "GetLastError3: " << GetLastError () << endl;
        cout << "Done" << endl;
        system ("Pause");
    }

    return 0;
}

However upon trying to detour ExtTextOut in a java application, the java app crashes; need to investigate that.

Having trouble with microsoft detours

Answers (2)

Related Questions