How to change function pointers?

[philkr]

This is not directly linked with assembler, but I thought I post it here, because you seem to know the most of 'internal' things.
Problem: I have a DLL loaded into my address space and I want to change the pointers of the exported functions, so that when I call an exported function not the normal function is called, but another function which I specify doing the change. I hope I said it clear enough. Can you help me?

[Hobson]

Look at this article:
http://www.codeguru.com/Cpp/W-P/dll/...icle.php/c127/

[philkr]

Thanks for the link. It's rather a bit of source code than an article, but something to start with. However, I need something like a tutorial. I want to know what I'm doing and not only copy & paste other people's code.

[NoHero]

This is not directly linked with assembler, but I thought I post it here, because you seem to know the most of 'internal' things.
Problem: I have a DLL loaded into my address space and I want to change the pointers of the exported functions, so that when I call an exported function not the normal function is called, but another function which I specify doing the change. I hope I said it clear enough. Can you help me?

Is the function specifing the change an application defined or DLL defined function?

[philkr]

I think it is the best to use an example:
I have a hook DLL which is in the address space of mspaint.exe for example. If you open a file in mspaint GetOpenFileNameW() function from COMDLG32.DLL will be called. Instead I want now to call my OpenFileName() function which is in my hook DLL, in order to show my custom open dialog with preview functionality. I only know I need to change the import address table. But I don't know in which memory location it is.

[NoHero]

I think it is the best to use an example:
I have a hook DLL which is in the address space of mspaint.exe for example. If you open a file in mspaint GetOpenFileNameW() function from COMDLG32.DLL will be called. Instead I want now to call my OpenFileName() function which is in my hook DLL, in order to show my custom open dialog with preview functionality. I only know I need to change the import address table. But I don't know in which memory location it is.

This is your article...

[philkr]

Thank you very much! Given the above article and a description of the Windows PE format I managed to write my own functions for changing the import address table. Almost everything works. My function which overwrites the API address returns a pointer to the old function and it is the right GetOpenFileNameW pointer (I checked it with Dependency Walker). Now the problem: Notepad.exe does not seem to get my new function pointer right. It seems to point to garbage, at least notepad now crashes when clicking open. It was given in this way: &MyFunction. Why does it not work? Do I have to export my override function?

[NoHero]

Thank you very much! Given the above article and a description of the Windows PE format I managed to write my own functions for changing the import address table. Almost everything works. My function which overwrites the API address returns a pointer to the old function and it is the right GetOpenFileNameW pointer (I checked it with Dependency Walker). Now the problem: Notepad.exe does not seem to get my new function pointer right. It seems to point to garbage, at least notepad now crashes when clicking open. It was given in this way: &MyFunction. Why does it not work? Do I have to export my override function?

Yes you have to export via the DEF way. Otherwise the function will not converted correctly to the destinations address space, and you might not have enough rights to access it.