Hi all. I am using the MS Detours to intercept 4 API functions, DrawText, DrawTextEx, TextOut and ExtTextOut. This is all occurring in a small Unmanaged C++ Dll that I put together (after much Google time, C++ not my forte). From the intercepted functions I call a function that puts together a small COPYDATASTRUCT and ships it off the my main, originating VB.Net app. In the VB.Net app I am retrieving the struct, interpreting and obtaining all text that passes through the target app.
Everything seems to work like a charm for the two DrawText APIs but not for the two TextOut APIs. First off, whenever I close the VB.Net app (WinForm exe) the target app (ANY app, I have tested on countless programs) crashes whenever I hook the TextOut functions. Secondly, all text retrieved from these functions is completely jumbled. Text is perfect from the DrawText functions, and they do not cause errors or crashes (with the TextOut hooks commented out.
Can anybody please direct me to what I may be doing wrong? Any help/advice is greatly appreciated as I have spent weeks scouring Google and the web for an answer.
Code snippets below. Please ask and I will happily provide more info/code.
Public Structure COPYDATASTRUCT
Public dwData As Integer
Public cbData As Integer
Public lpData As IntPtr
Friend Enum Win32API
API_TextOut = 1
API_ExtTextOut = 2
API_DrawText = 3
API_DrawTextEx = 4
<System.Security.Permissions.PermissionSetAttribute(System.Security.Permissions.SecurityAction.Demand, Name:="FullTrust")> _
Protected Overrides Sub WndProc(ByRef m As Message)
Select Case (m.Msg)
Case WM_HOTKEY '// hotkey detected, install hook
Case WM_COPYDATA '// data coming from [API] hook(s)
Private Sub DataReceived(ByRef m As Message)
'// marshal and extract COPYDATASTRUCT from pointer
Dim cds As New COPYDATASTRUCT()
cds = DirectCast(Marshal.PtrToStructure(m.LParam, GetType(COPYDATASTRUCT)), COPYDATASTRUCT)
'// if our call, process data
If ((cds.dwData >= 1) AndAlso (cds.dwData <= 4)) Then
'// marshal and extract string from pointer
Dim tms As String = Marshal.PtrToStringAuto(cds.lpData, cds.cbData)
'// display text (if present)
If (tms.Replace(" ", String.Empty).Length > 0) Then
If ((cds.dwData = 1) OrElse (cds.dwData = 2)) Then
ListBox1.Items.Add([Enum].GetName(GetType(Win32API), cds.dwData) & ": " & tms)
ListBox1.SelectedIndex = ListBox1.Items.Count - 1
ListBox2.Items.Add([Enum].GetName(GetType(Win32API), cds.dwData) & ": " & tms)
ListBox2.SelectedIndex = ListBox2.Items.Count - 1
Catch ex As Exception
Last edited by ovidiucucu; January 14th, 2011 at 05:49 AM.
Reason: Corrected [CODE] tags
Forgive my less than ideal knowledge of C++, but what is the best way to handle these various situations?
If I test for -1 in the drawtext methods then I know if it is zero terminated, but then how to I get the length in the VB side to pull string from ptr?
As far as the textout, I can understand how this can cause errors, but will this have something to do with the garbled text as well? I was reading about unicode and glyph tables, but I am getting symbols and characters on every textout and exttextout call from every target app I test. Seems unlikely that the entire system is using glyphs? Or is that likely?
I'm also having the problem that the hooked ExtTextOutW function produces garbled text. I'm on Windows 7 with Microsoft Detours 2.1 and Visual Studio C++ 2010 Express.
Did you manage to solve the problem, msfiend? The only observation I was able to make is that there seems to be a mapping from the garbled characters to the real ones. In my case for example, what should be a lower case "i" is always displayed as "L" and "e" is displayed as "H". I tried using WideCharToMultiByte but without any luck.
I think the "problem" is that the string passed to ExtTextOut is not a string of characters but a string of glyphs, as per the ETO_GLYPH_INDEX parameter to ExtTextOut.
Does anybody have an idea where the glyphs that are passed to ExtTextOut are computed? The documentation for ExtTextOut mentions GetCharacterPlacement but in my case that doesn't seem to be it (I hooked GetCharacterPlacement and it's never called).