Printable View
My friend made MATH.ddl in which has a function named SUM(int x, int y) (I just khow the function and its parameters, I don't know the entails code in it). On a nice day, I want to override the function SUM(x,y) of my friend (not make a new dll), just to hide my friend function by my function SUM(x,y) ver 2.0 (^ ^).How can I do that?
[email protected]
Once exported function never can be hidden in dll. To override it you must place between app and dll an additional proxy dll, which would passthrough every call to target dll except particular ones to be overridden. Your app must be linked with proxy dll rather than with target dll made by friend.Quote:
Originally Posted by ngoctrongda
Another way is to change app to call different function (SUM_ instead of SUM) implemented somewhere else.
The best way is to design application properly and never get stable and to-be-overridden functions assembled into solid module. Use plugins.
You could use one of the methods outlines here:
http://www.devx.com/Intel/Article/21023/2046
Persoinally, I have used the InterceptApi, which can be used for any type of DLL not just system ones.
To override it you must place between app and dll an additional proxy dll, which would passthrough every call to target dll except particular ones to be overridden. Your app must be linked with proxy dll rather than with target dll made by friend.
Another way is to change app to call different function (SUM_ instead of SUM) implemented somewhere else.
The best way is to design application properly and never get stable and to-be-overridden functions assembled into solid module. Use plugins.[/QUOTE]
I'm grateful to you but can you tell me more about that. It's good if you send me the source and demo project to descibe how to "Override ...DLL".Quote:
Originally Posted by Igor Vartanov
Thank you very much.
my@: [email protected]
OK, I describe the most complex method - masking export with proxy.Quote:
Originally Posted by ngoctrongda
In archive you can find six source files:
target.cpp and target.def make target.dll with four export entries - Func1, Func2, Func3 and Func4. All of them pop up the message box reading "Target DLL" in caption. When you see such caption you can be aware function was called from target.dll.
proxy.cpp and proxy.def make proxy.dll, which exports four functions but implements only a single Func3 overridden one. All the rest are passthrown to original target.dll (see three pragmas with "/export").
Both clients (clnt_target.cpp and clnt_proxy.cpp) demonstrate difference in usage between original dll and proxy dll. Target client links to target.dll directly, hence you'll see "Target DLL" in all message captions. But proxy client will show "Target DLL" in first, second and the last messages, but "Proxy DLL" in third one.
There's one subtle thing to be comprehended absolutely: why proxy dll exports _Func1, _Func2 and _Func4 names instead of Func1, Func2 and Func4.
The reason of this is hidden in the fact that all those exports are made artificially, therefore exported names must be corresponded to internal compiler names, which are anticipated by linker when it looks into .lib to resolve func names used in client module. Since Func1 was declared as
it looks for symbol _Func1. If Func1 would be declared asCode:extern "C" void Func1();
linker would search symbol ?Func1@@YAXXZ, therefore proxy dll should export ?Func1@@YAXXZ symbol - exactly what linker is searching for.Code:void Func1();
As you can understand, there would be too many combinations in export conditions in real project - so you have to resolve them yourself.
Thank to Igor Vartanov
I've just follow your guide
But I think I'm not intelligent enough to do that. So I still have not solve the problem.
By the way, thanks very much
I had one: Ma.dll
In Ma.dll, I have 4 func:
int Func1() // good func
int Func2() // normal func
int Func3() // bad func
==> I want to override Func3(). If you can override func3 , show me your source and demo project.
PS: I poss Ma.dll for you to override
Well, then you can use function interception technique suggested by Roger.Quote:
Originally Posted by ngoctrongda
Thank Igor. I've done it when I follow your guide.
But I still have a problem:
InterceptAPI() method must have the TARGET.OBJ. It's unreal because all I have is TARGET.DLL (sonmeone give me) and I must override Func3() in TARGET.DLL.
Do you have any way to solve this problem?
Remember: You only have a TARGET.DLL.
Target import library (target.lib), you mean. :)Quote:
Originally Posted by ngoctrongda
Well, how are you going to use it? Who biulds final exe, which uses that dll? Ain't it you? Solution will depend on method dll functions are finally linked - implicitely or explicitly.Quote:
It's unreal because all I have is TARGET.DLL (sonmeone give me) and I must override Func3() in TARGET.DLL.
And I've got some doubts - what is your end task? To use dll with some function substituted? Or modify that dll for further usage by another person?
Yeah,...I did it .Thank to Roger Allen's link
Oke, I'll tell you my end task.
I'm do my project in my university. It's all.
Now, everything seems OK.
Thank to Igor.
One thing, I don't know how you to optimize the code in the Roger's Link. It's fantastic. From now, I myself will research the code in that link.
PS: I will ask you when I'm not enough IQ.(^_^)
I tried your guide for my project but it not work.
Can you look at it for a moment?
In OverrideMa3.cpp you have to declareinstead of extern "C" int Func3();. Function declaration shoud absolutely correspond one in ma.dll. after that all works fine.Code:int Func3();
Oke. I get it.Thank you.
Why don't you need these following codes in your BOOL INTERCEPTAPI(..)? They say we must know the offset before we use INTERCEPT method. Why???
// Change the protection of the trampoline region
// so that we can overwrite the first 5 + offset bytes.
VirtualProtect((void *) dwTrampoline, 5+offset, PAGE_WRITECOPY, &dwOldProtect);
for (i=0;i<offset;i++)
*pbTrampoline++ = *pbTargetCode++;
pbTargetCode = (BYTE *) dwAddressToIntercept;
// Insert unconditional jump in the trampoline.
*pbTrampoline++ = 0xE9; // jump rel32
*((signed int *)(pbTrampoline)) = (pbTargetCode+offset) - (pbTrampoline + 4);
VirtualProtect((void *) dwTrampoline, 5+offset, PAGE_EXECUTE, &dwOldProtect);
Feel the difference between function interception and substitution.
First is used for intrvention into target function call - it requires both original and intercepting code execution. And exactly this case requires trampoline code.
Second is used for redirection of code instruction flow, therefore it never needs trampoline, 'cause it just modifies target code the very beginning with jump to new code and forgets about original code. This is your case, isn't it?
Oh, I Understood..Thank you!
You showed me how to use Intercept().
I knew how to use Substitution()
So I knew 2 methods in Roger's link
And the last method in Roger's link (use Inject.h and Inject.cpp), can you guide me? (Give me the demo and source code ?^_^)
OK, I'll give some backgrounds for this method understanding and some advice.Quote:
Originally Posted by ngoctrongda
Imagine you have some process running you wish to intrude to for certain function interception (doesn't matter why). You write dll which is able to intercept that target function, but how to force your dll to be loaded into target process? Exactly for this purpose inject.cpp & inject.h serve. This code gives you ability to inject your dll into running process.
The code is absolutely transparent and straightforward - if you cannot get it you have way much things to learn yet before starting use it. I suggest you to read Richter's "Programming Applications for MS Windows" thoroughly.
Frankly saying I don't think I have to. First, the article (together with my sample) gives you almost all sufficient code fragments to assemble demo by yourself and gives you all-about bla-bla-bla for methods background understanding. Second, I've been told you are university student - so why don't you do your own study efforts. Third, our conversation now is pretty far from topic you started, and, hence fourth, I'm getting pretty bored of those call interception samples, sorry.Quote:
(Give me the demo and source code ?^_^)
The main reason of that why I asked you so much because I didn't have any document talking about that.
I got the ""Programming Applications for MS Windows" just a few day. It's hard to find it.
Thanks a lot.
PS: do you know any document talk about Syringre method and Decours method?
Use web search. :)Quote:
Originally Posted by ngoctrongda
Hope it will be easy to understand it.Quote:
I got the ""Programming Applications for MS Windows" just a few day. It's hard to find it.
Before practicing in some techniques you have to get solid understanding of processes, threads, module loading and IPC methods. Been not aquainted with all these things you'll never comprehend the essence of those techniques and their inner logic.
Never heard of them, but have a couple of thoughts:Quote:
PS: do you know any document talk about Syringre method and Decours method?
1. It's well known a syringe is a tool for injections. :)
2. "Decours" might appear to be Detours.
Why don't I creat and compile these file?
/***************************************************************************
Module: MyLib.h
***************************************************************************/
#ifdef MYLIBAPI
// MYLIBAPI should be defined in all of the DLL's source
// code modules before this header file is included.
// All functions/variables are being exported.
#else
// This header file is included by an EXE source code module.
// Indicate that all functions/variables are being imported.
#define MYLIBAPI extern "C" _ _declspec(dllimport)
#endif
////////////////////////////////////////////////////////////////////////////
// Define any data structures and symbols here.
////////////////////////////////////////////////////////////////////////////
// Define exported variables here. (NOTE: Avoid exporting variables.)
MYLIBAPI int g_nResult;
////////////////////////////////////////////////////////////////////////////
// Define exported function prototypes here.
MYLIBAPI int Add(int nLeft, int nRight);
////////////////////////////// End of File /////////////////////////////////
In each of your DLL's source code files, you should include the header file as follows:
/***************************************************************************
Module: MyLibFile1.cpp
***************************************************************************/
// Include the standard Windows and C-Runtime header files here.
#include <windows.h>
4
// This DLL source code file exports functions and variables.
#define MYLIBAPI extern "C" _ _declspec(dllexport)
// Include the exported data structures, symbols, functions, and variables.
#include "MyLib.h"
////////////////////////////////////////////////////////////////////////////
// Place the code for this DLL source code file here.
int g_nResult;
int Add(int nLeft, int nRight) {
g_nResult = nLeft + nRight;
return(g_nResult);
}
////////////////////////////// End of File /////////////////////////////////
Help me Igor!!!
There're errors in sources: instead of _ _declspec it should be __declspec (no space between underscores)
Besides, symbol 4 after #include <windows.h> is meaningless - kill it.
Hope it'd help. :)
It's still doesn't work.
There are 2 error
1/" d:\baitap\mylib\mylib.h(18) : error C2144: syntax error : missing ';' before type 'int' " at line " MYLIBAPI int g_nResult; "
2/" d:\baitap\mylib\mylib.h(18) : fatal error C1004: unexpected end of file found "
I'm using MS VC++6.0 . Does the source code not compatible to VC++?
Need help???
That _ _declspec is met twice - in .h and in .cpp. Fix them both.Quote:
Originally Posted by ngoctrongda
Absolutely compatible. Don't you see it with your eyes?Quote:
I'm using MS VC++6.0 . Does the source code not compatible to VC++?
Hi, Igor
I need a CD companion with that book.
Would you like to up it on some host free?
Or you can show me where to download it.
Thanks
Sorry, I have no that book (though I read it a long time ago :) ), and I don't know web resource which has it for free download.