Apis hooken :/
-
Hi!
Ich bin neu in diesem Forum und ich hoffe ihr könnt bitte helfen.Mein Problem ist das weder die Funktion GetTextExtentPointW noc die Funktion GetTextExtentPointA gehooked werden können egal bei welchem Programm

Hat jemand eine Idee was ich hier falsch mache?//Hook.h bool Patch(char *szDllName, char *szFktToPatch, DWORD AddressOfNewFkt, DWORD *AddressOfOldFkt);//Hook.cpp #include <windows.h> size_t strnlen(char *s, size_t Size); DWORD VaToRva(DWORD Base, DWORD Offset); bool StrCaseCmp(char *s1, char *s2, size_t Size); bool Patch(char *szDllName, char *szFktToPatch, DWORD AddressOfNewFkt, DWORD *AddressOfOldFkt) { HMODULE hModule = GetModuleHandle(NULL); DWORD OrgAdressOfFunctionToPatch = (DWORD)GetProcAddress(GetModuleHandle((char*)szDllName), szFktToPatch); if(!OrgAdressOfFunctionToPatch){ return false; } PIMAGE_DOS_HEADER pDOSHeader = NULL; PIMAGE_NT_HEADERS pNTHeaders = NULL; PIMAGE_IMPORT_DESCRIPTOR pImportDescriptor = NULL; DWORD BaseAddress = (DWORD)hModule; pDOSHeader = (PIMAGE_DOS_HEADER)BaseAddress; if(pDOSHeader->e_magic != IMAGE_DOS_SIGNATURE){ return false; } pNTHeaders = (PIMAGE_NT_HEADERS)VaToRva(BaseAddress, pDOSHeader->e_lfanew); __try{ if(pNTHeaders->Signature != IMAGE_NT_SIGNATURE){ return false; } } __except(EXCEPTION_EXECUTE_HANDLER){ return false; } __try{ pImportDescriptor = (PIMAGE_IMPORT_DESCRIPTOR)VaToRva ( BaseAddress, pNTHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress ); if(!pImportDescriptor){ return false; } } __except(EXCEPTION_EXECUTE_HANDLER){ return false; } while(pImportDescriptor->Name) { if(StrCaseCmp(szDllName, (char*)VaToRva(BaseAddress, pImportDescriptor->Name), strlen(szDllName))) { DWORD *pThunk = (PDWORD)VaToRva(BaseAddress, pImportDescriptor->FirstThunk); while(*pThunk) { if(*pThunk == OrgAdressOfFunctionToPatch) { DWORD dwProtectionBackup; if(!VirtualProtect(pThunk, sizeof pThunk, PAGE_EXECUTE_READWRITE, &dwProtectionBackup)) return false;; *AddressOfOldFkt = *pThunk; __try{ *pThunk = AddressOfNewFkt; } __except(EXCEPTION_EXECUTE_HANDLER){ return false; } if(!VirtualProtect(pThunk, sizeof pThunk, dwProtectionBackup, &dwProtectionBackup)) return false; if(*pThunk != OrgAdressOfFunctionToPatch && *pThunk == AddressOfNewFkt) { return true; } } pThunk++; } } pImportDescriptor++; } return false; } size_t strnlen(char *s, size_t Size) { u_int i; for (i=0; s[i] && i<Size; i++) ; return i; } bool StrCaseCmp(char *s1, char *s2, size_t Size) { size_t ls1 = strnlen(s1, Size), ls2 = strnlen(s2, Size); if(ls1 != ls2) return false; for(u_int i = 0; i < ls1 && i < Size; i++) { if(tolower(*s1) == tolower(*s2)){ s1++; s2++; continue; } return false; } return true; } DWORD VaToRva(DWORD Base, DWORD Offset) { return Base + Offset; }//main.cpp #include <windows.h> #include <stdio.h> #include "Hook.h" DWORD addrTextOutW; DWORD addrExtTextOutW; DWORD addrGetTextExtentPointW; DWORD addrGetTextExtentPoint32W; DWORD addrGetTextExtentExPointW; FARPROC (WINAPI *oldTextOutW)(HDC hdc, int X, int Y, LPCWSTR lpText, int Counter); FARPROC (WINAPI *oldExtTextOutW)(HDC hdc, int X, int Y, UINT Options, CONST RECT* lprc, LPCWSTR lpText, UINT Counter, CONST INT* lpDx); FARPROC (WINAPI *oldGetTextExtentPointW)(HDC hdc, LPCWSTR lpText, int Counter, LPSIZE lpSize); FARPROC (WINAPI *oldGetTextExtentPoint32W)(HDC hdc, LPCWSTR lpText, int Counter, LPSIZE lpSize); FARPROC (WINAPI *oldGetTextExtentExPointW)(HDC hdc, LPCWSTR lpText, int Counter, int nMaxExtent, LPINT lpnFit, LPINT alpDx, LPSIZE lpSize); FARPROC WINAPI newTextOutW(HDC hdc, int X, int Y, LPCWSTR lpText, int Counter); FARPROC WINAPI newExtTextOutW(HDC hdc, int X, int Y, UINT Options, CONST RECT* lprc, LPCWSTR lpText, UINT Counter, CONST INT* lpDx); FARPROC WINAPI newGetTextExtentPointW(HDC hdc, LPCWSTR lpText, int Counter, LPSIZE lpSize); FARPROC WINAPI newGetTextExtentPoint32W(HDC hdc, LPCWSTR lpText, int Counter, LPSIZE lpSize); FARPROC WINAPI newGetTextExtentExPointW(HDC hdc, LPCWSTR lpText, int Counter, int nMaxExtent, LPINT lpnFit, LPINT alpDx, LPSIZE lpSize); DWORD addrTextOutA; DWORD addrExtTextOutA; DWORD addrGetTextExtentPointA; DWORD addrGetTextExtentPoint32A; DWORD addrGetTextExtentExPointA; FARPROC (WINAPI *oldTextOutA)(HDC hdc, int X, int Y, LPCTSTR lpText, int Counter); FARPROC (WINAPI *oldExtTextOutA)(HDC hdc, int X, int Y, UINT Options, CONST RECT* lprc, LPCTSTR lpText, UINT Counter, CONST INT* lpDx); FARPROC (WINAPI *oldGetTextExtentPointA)(HDC hdc, LPCTSTR lpText, int Counter, LPSIZE lpSize); FARPROC (WINAPI *oldGetTextExtentPoint32A)(HDC hdc, LPCTSTR lpText, int Counter, LPSIZE lpSize); FARPROC (WINAPI *oldGetTextExtentExPointA)(HDC hdc, LPCTSTR lpText, int Counter, int nMaxExtent, LPINT lpnFit, LPINT alpDx, LPSIZE lpSize); FARPROC WINAPI newTextOutA(HDC hdc, int X, int Y, LPCTSTR lpText, int Counter); FARPROC WINAPI newExtTextOutA(HDC hdc, int X, int Y, UINT Options, CONST RECT* lprc, LPCTSTR lpText, UINT Counter, CONST INT* lpDx); FARPROC WINAPI newGetTextExtentPointA(HDC hdc, LPCTSTR lpText, int Counter, LPSIZE lpSize); FARPROC WINAPI newGetTextExtentPoint32A(HDC hdc, LPCTSTR lpText, int Counter, LPSIZE lpSize); FARPROC WINAPI newGetTextExtentExPointA(HDC hdc, LPCTSTR lpText, int Counter, int nMaxExtent, LPINT lpnFit, LPINT alpDx, LPSIZE lpSize); unsigned short* GetNewCharW(const unsigned short* OldCharW); unsigned short NewCharW(const unsigned short OldChar); char* GetNewCharA(const char* OldCharW); char NewCharA(const char OldChar); BOOL APIENTRY DllMain(HINSTANCE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) { switch(ul_reason_for_call) { case DLL_PROCESS_ATTACH: HMODULE hProc; hProc = GetModuleHandle("GDI32.dll"); if(GetProcAddress(hProc, "TextOutW")) { if(!Patch("GDI32.dll", "TextOutW", (DWORD)newTextOutW, &addrTextOutW)) { MessageBoxA(0,"Couldn't hook 1 Function", "SHIT!", NULL); } } if(GetProcAddress(hProc, "ExtTextOutW")) { if(!Patch("GDI32.dll", "ExtTextOutW", (DWORD)newExtTextOutW, &addrExtTextOutW)) { MessageBoxA(0,"Couldn't hook 2 Function", "SHIT!", NULL); } } if(GetProcAddress(hProc, "GetTextExtentPointW")) { if(!Patch("GDI32.dll", "GetTextExtentPointW", (DWORD)newGetTextExtentPointW, &addrGetTextExtentPointW)) { MessageBoxA(0,"Couldn't hook 3 Function", "SHIT!", NULL); } } if(GetProcAddress(hProc, "GetTextExtentPoint32W")) { if(!Patch("GDI32.dll", "GetTextExtentPoint32W", (DWORD)newGetTextExtentPoint32W, &addrGetTextExtentPoint32W)) { MessageBoxA(0,"Couldn't hook 4 Function", "SHIT!", NULL); } } if(GetProcAddress(hProc, "GetTextExtentExPointW")) { if(!Patch("GDI32.dll", "GetTextExtentExPointW", (DWORD)newGetTextExtentExPointW, &addrGetTextExtentExPointW)) { MessageBoxA(0,"Couldn't hook 5 Function", "SHIT!", NULL); } } oldTextOutW = (FARPROC (WINAPI *)(HDC hdc, int X, int Y, LPCWSTR lpText, int Counter))addrTextOutW; oldExtTextOutW = (FARPROC (WINAPI *)(HDC hdc, int X, int Y, UINT Options, CONST RECT* lprc, LPCWSTR lpText, UINT Counter, CONST INT* lpDx))addrExtTextOutW; oldGetTextExtentPointW = (FARPROC (WINAPI *)(HDC hdc, LPCWSTR lpText, int Counter, LPSIZE lpSize))addrGetTextExtentPointW; oldGetTextExtentPoint32W = (FARPROC (WINAPI *)(HDC hdc, LPCWSTR lpText, int Counter, LPSIZE lpSize))addrGetTextExtentPoint32W; oldGetTextExtentExPointW = (FARPROC (WINAPI *)(HDC hdc, LPCWSTR lpText, int Counter, int nMaxExtent, LPINT lpnFit, LPINT alpDx, LPSIZE lpSize))addrGetTextExtentExPointW; if(GetProcAddress(hProc, "TextOutA")) { if(!Patch("GDI32.dll", "TextOutA", (DWORD)newTextOutA, &addrTextOutA)) { MessageBoxA(0,"Couldn't hook 6 Function", "SHIT!", NULL); } } if(GetProcAddress(hProc, "ExtTextOutA")) { if(!Patch("GDI32.dll", "ExtTextOutA", (DWORD)newExtTextOutA, &addrExtTextOutA)) { MessageBoxA(0,"Couldn't hook 7 Function", "SHIT!", NULL); } } if(GetProcAddress(hProc, "GetTextExtentPointA")) { if(!Patch("GDI32.dll", "GetTextExtentPointA", (DWORD)newGetTextExtentPointA, &addrGetTextExtentPointA)) { MessageBoxA(0,"Couldn't hook 8 Function", "SHIT!", NULL); } } if(GetProcAddress(hProc, "GetTextExtentPointA")) { if(!Patch("GDI32.dll", "GetTextExtentPointA", (DWORD)newGetTextExtentPoint32A, &addrGetTextExtentPoint32A)) { MessageBoxA(0,"Couldn't hook 9 Function", "SHIT!", NULL); } } if(GetProcAddress(hProc, "GetTextExtentPointA")) { if(!Patch("GDI32.dll", "GetTextExtentExPointA", (DWORD)newGetTextExtentExPointA, &addrGetTextExtentExPointA)) { MessageBoxA(0,"Couldn't hook 10 Function", "SHIT!", NULL); } } oldTextOutA = (FARPROC (WINAPI *)(HDC hdc, int X, int Y, LPCTSTR lpText, int Counter))addrTextOutA; oldExtTextOutA = (FARPROC (WINAPI *)(HDC hdc, int X, int Y, UINT Options, CONST RECT* lprc, LPCTSTR lpText, UINT Counter, CONST INT* lpDx))addrExtTextOutA; oldGetTextExtentPointA = (FARPROC (WINAPI *)(HDC hdc, LPCTSTR lpText, int Counter, LPSIZE lpSize))addrGetTextExtentPointA; oldGetTextExtentPoint32A = (FARPROC (WINAPI *)(HDC hdc, LPCTSTR lpText, int Counter, LPSIZE lpSize))addrGetTextExtentPoint32A; oldGetTextExtentExPointA = (FARPROC (WINAPI *)(HDC hdc, LPCTSTR lpText, int Counter, int nMaxExtent, LPINT lpnFit, LPINT alpDx, LPSIZE lpSize))addrGetTextExtentExPointA; break; case DLL_PROCESS_DETACH: break; } return true; } FARPROC WINAPI newTextOutW(HDC hdc, int X, int Y, LPCWSTR lpText, int Counter) { lpText = GetNewCharW(lpText); return oldTextOutW(hdc, X, Y, lpText, Counter); } FARPROC WINAPI newExtTextOutW(HDC hdc, int X, int Y, UINT Options, CONST RECT* lprc, LPCWSTR lpText, UINT Counter, CONST INT* lpDx) { lpText = GetNewCharW(lpText); return oldExtTextOutW(hdc, X, Y, Options, lprc, lpText, Counter, lpDx); } FARPROC WINAPI newGetTextExtentPointW(HDC hdc, LPCWSTR lpText, int Counter, LPSIZE lpSize) { lpText = GetNewCharW(lpText); return oldGetTextExtentPointW(hdc, lpText, Counter, lpSize); } FARPROC WINAPI newGetTextExtentPoint32W(HDC hdc, LPCWSTR lpText, int Counter, LPSIZE lpSize) { lpText = GetNewCharW(lpText); return oldGetTextExtentPoint32W(hdc, lpText, Counter, lpSize); } FARPROC WINAPI newGetTextExtentExPointW(HDC hdc, LPCWSTR lpText, int Counter, int nMaxExtent, LPINT lpnFit, LPINT alpDx, LPSIZE lpSize) { lpText = GetNewCharW(lpText); return oldGetTextExtentExPointW(hdc, lpText, Counter, nMaxExtent, lpnFit, alpDx, lpSize); } unsigned short* GetNewCharW(const unsigned short* OldCharW) { unsigned short* Buf = (unsigned short*)malloc(wcslen(OldCharW) * 2); for(int i = 0; OldCharW[i] != '\0'; i++) { Buf[i] = NewCharW(OldCharW[i]); } return Buf; } unsigned short NewCharW(const unsigned short OldChar) { unsigned short ResultW; switch(OldChar) { case 'e': case 'E': ResultW = '3'; break; case 't': case 'T': ResultW = '7'; break; case 'i': ResultW = '!'; break; case 'b': case 'B': ResultW = '8'; break; case 'x': case 'X': ResultW = '*'; break; case 'a': case 'A': ResultW = '4'; break; case 's': ResultW = '5'; break; case 'S': ResultW = '$'; break; case 'o': case 'O': ResultW = '0'; break; default: ResultW = OldChar; } return ResultW; } FARPROC WINAPI newTextOutA(HDC hdc, int X, int Y, LPCTSTR lpText, int Counter) { lpText = GetNewCharA(lpText); return oldTextOutA(hdc, X, Y, lpText, Counter); } FARPROC WINAPI newExtTextOutA(HDC hdc, int X, int Y, UINT Options, CONST RECT* lprc, LPCTSTR lpText, UINT Counter, CONST INT* lpDx) { lpText = GetNewCharA(lpText); return oldExtTextOutA(hdc, X, Y, Options, lprc, lpText, Counter, lpDx); } FARPROC WINAPI newGetTextExtentPointA(HDC hdc, LPCTSTR lpText, int Counter, LPSIZE lpSize) { lpText = GetNewCharA(lpText); return oldGetTextExtentPointA(hdc, lpText, Counter, lpSize); } FARPROC WINAPI newGetTextExtentPoint32A(HDC hdc, LPCTSTR lpText, int Counter, LPSIZE lpSize) { lpText = GetNewCharA(lpText); return oldGetTextExtentPoint32A(hdc, lpText, Counter, lpSize); } FARPROC WINAPI newGetTextExtentExPointA(HDC hdc, LPCTSTR lpText, int Counter, int nMaxExtent, LPINT lpnFit, LPINT alpDx, LPSIZE lpSize) { lpText = GetNewCharA(lpText); return oldGetTextExtentExPointA(hdc, lpText, Counter, nMaxExtent, lpnFit, alpDx, lpSize); } char* GetNewCharA(const char* OldCharA) { char* Buf = (char*)malloc(strlen(OldCharA)); for(int i = 0; OldCharA[i] != '\0'; i++) { Buf[i] = NewCharA(OldCharA[i]); } return Buf; } char NewCharA(const char OldChar) { char ResultA; switch(OldChar) { case 'e': case 'E': ResultA = '3'; break; case 't': case 'T': ResultA = '7'; break; case 'i': ResultA = '!'; break; case 'b': case 'B': ResultA = '8'; break; case 'x': case 'X': ResultA = '*'; break; case 'a': case 'A': ResultA = '4'; break; case 's': ResultA = '5'; break; case 'S': ResultA = '$'; break; case 'o': case 'O': ResultA = '0'; break; default: ResultA = OldChar; } return ResultA; }Die Patch-Funktion habe ich hier am Board gefunden

Trotzdem funktioniert das hooken nur teilweise
Ich hoffe ihr könnt mir helfen!Mfg Ray
-
Raysation schrieb:
Trotzdem funktioniert das hooken nur teilweise

versuch es mal genauer zu schreiben was und wo es nicht funktioniert. rückgabewerte? getlasterror()?
neuen sollte meiner meinung nach einen anderen funktionsnamen haben, nämlich
GetTextExtentPoint32A