Re: The hooking stops at memcpy step "2" (see program attached)
I'm not sure what this code is trying to achieve, but note that memcpy() only deals with memory within the current process. It can't copy across process boundary. If you need to write to memory locations within a different process then you need to use WriteProcessMemory(). See https://msdn.microsoft.com/en-us/lib...(v=vs.85).aspx
All advice is offered in good faith only. All my code is tested (unless stated explicitly otherwise) with the latest version of Microsoft Visual Studio (using the supported features of the latest standard) and is offered as examples only - not as production quality. I cannot offer advice regarding any other c/c++ compiler/IDE or incompatibilities with VS. You are ultimately responsible for the effects of your programs and the integrity of the machines they run on. Anything I post, code snippets, advice, etc is licensed as Public Domain https://creativecommons.org/publicdomain/zero/1.0/ and can be used without reference or acknowledgement. Also note that I only provide advice and guidance via the forums - and not via private messages!
Re: The hooking stops at memcpy step "2" (see program attached)
Code:
hook_t Hook;
...
cout << "In Start Routine..." << endl;
pDeleteFile = (pDeleteFileA)Hook.OriginalFunction;
// this is using the 32-bit version, 64-bit kernel32.dll won't work
bool status = InitializeHook(&Hook, "Kernel32.dll", "DeleteFileA", HookDeleteFileA);
Where is Hook initialised before it is used?
All advice is offered in good faith only. All my code is tested (unless stated explicitly otherwise) with the latest version of Microsoft Visual Studio (using the supported features of the latest standard) and is offered as examples only - not as production quality. I cannot offer advice regarding any other c/c++ compiler/IDE or incompatibilities with VS. You are ultimately responsible for the effects of your programs and the integrity of the machines they run on. Anything I post, code snippets, advice, etc is licensed as Public Domain https://creativecommons.org/publicdomain/zero/1.0/ and can be used without reference or acknowledgement. Also note that I only provide advice and guidance via the forums - and not via private messages!
Re: The hooking stops at memcpy step "2" (see program attached)
Sorry, 2kaud, I gave up on that because I just spent too much time on the issue.
Now, I am resorted to this article. But I don't get how to retrieve the Import table by GetImportTable(HMODULE)
Re: The hooking stops at memcpy step "2" (see program attached)
BTW, if you're interested in the original program, I think the author was missing
a GetProcAddress call or something in the InitializeHook function which gets the address of
the original function of DeleteFileA, but the program I can't gain access to the injected program itself
because the hooking dll can't access the exe process space.
So the solution might be attaching the hooking dll with read/write access but I don't know how.
Thanks
Jack
Last edited by lucky6969b; June 28th, 2016 at 04:09 AM.
Re: The hooking stops at memcpy step "2" (see program attached)
Originally Posted by lucky6969b
BTW, if you're interested in the original program, I think the author was missing
a GetProcAddress call or something in the InitializeHook function which gets the address of
the original function of DeleteFileA, but the program I can't gain access to the injected program itself
because the hooking dll can't access the exe process space.
So the solution might be attaching the hooking dll with read/write access but I don't know how.
Thanks
Jack
What version of Windows was the article written for (I didn't bother looking)? If an older version of Windows, the program may have actually worked as written. Security keeps getting locked down with each newer Windows version, so code that used to work may no longer work.
* The Best Reasons to Target Windows 8
Learn some of the best reasons why you should seriously consider bringing your Android mobile development expertise to bear on the Windows 8 platform.