Cherry
Anmeldungsdatum: 20.06.2007
Beiträge: 249
|
 Verfasst am: 14.09.2010, 22:36 Titel: API Hooking: Microsoft Detours Library + Header |
 |
|
Ich hab es endlich geschafft, die Microsoft Detours Library für FreeBasic nutzbar zu machen!
Damit kann man mit einer eigenen DLL, welche in ein Programm "injiziert" wird, neue Funktion einfügen oder vorhandene ändern, indem man beliebige Funktionen ersetzen kann.
Auf CodeProject gibts z.B. ein Beispiel, wie man damit die Gruppenrichtlinien, welche cmd oder regedit verbieten, umgeht.
Ich schreib das jetzt nicht alles nochmal auf Deutsch, daher hier der Inhalt der englischen Readme:
==== MICROSOFT DETOURS LIBRARY FOR FREEBASIC ====
============ by David "Cherry" Trapp ============
Detours is a library for instrumenting arbitrary Win32 functions on x86, x64, and IA64 machines (note: The FreeBasic package does only work with x86!). Detours intercepts Win32 functions by re-writing the in-memory code for target functions. The Detours package also contains utilities to attach arbitrary DLLs and data segments (called payloads) to any Win32 binary.
More information: http://research.microsoft.com/en-us/projects/detours/
INSTALLING
----------
To install the library copy the folders "inc", "lib" and "docs" to your FreeBasic folder (this way merging the directories).
USING
-----
To use the library, you have to #include "detours.bi" and copy "detours.dll" to the directory where your program is located.
DOCUMENTATION
-------------
You can find the official documentation in the "docs" folder.
EXAMPLE
-------
The example "simple" is included. This example is further explained in the help file.
In this example, the WinAPI function "Sleep" is replaced with a function which counts, how much time has been "slept".
To try this example...
- Run "fbc -dll -m foobar -x simple.dll simple.bas"
This will create "simple.dll", the hook which replaces the Sleep function
- Run "fbc -s console sleep5.bas"
This will create "sleep5.exe", which will just sleep for 5 seconds (or for a variable amount, if called like "sleep5 -t <number of seconds>")
After that, run "withdll /d:simple.dll sleep5.exe", which will start sleep5.exe and inject simple.dll.
You can then see that the replacement worked.
NOTE
----
If you want to use a custom "DllMain" in your DLL, you have to declare it with Alias "DllMain", and compile it with "-m foobar" and "-x <output filename>". "-m foobar" will make fbc believe that this is not the main module (because it's the nonexistent foobar), so fbc won't add its own DllMain function. "-x" is necessary - you have to specify the output filename explicitly -, otherwise, fbc will try to create a "foobar.dll" file.
Download: http://share.cherrytree.at/showfile-1712/detours_for_fb.rar
mfG Cherry |
|
FAQ
Suchen
Mitgliederliste
Benutzergruppen
Registrieren
Profil
Einloggen, um private Nachrichten zu lesen
Login
