|
-
March 7th, 2007, 04:56 PM
#1
ASCII versions of injected WIN32 API call hooks are not called
but their W-pedants are called.
Could this happen ? Under what circumstances ?
(PIMAGE_IMPORT_DESCRIPTOR method is used, as provided by J. Richter, so that the hook injecting itself is correct)
- Alexander
-
March 7th, 2007, 05:49 PM
#2
Re: ASCII versions of injected WIN32 API call hooks are not called
I'm not sure if I understand your question, but internally (NT, 2K, XP and above) everything is UNICODE. The ANSI versions are just wrappers converting ANSI to UNICODE - and back again.
- petter
-
March 7th, 2007, 06:27 PM
#3
Re: ASCII versions of injected WIN32 API call hooks are not called
i install a DrawTextA-hook into the app which do call the
DrawTextA (verified with API Monitor).
But my hook function is not called. 
Instead the real DrawTextA is called as if no any hook is installed.
On the contrarily, the DrawTextW hook is getting called but this does
not help my because the app calls DrawTextW on data i am not
interested in.
Same picture this other A-hooks - they are not triggered...
But W-hooks are do getting called.
What could be the problem ?!
-
March 14th, 2007, 06:40 AM
#4
Re: ASCII versions of injected WIN32 API call hooks are not called
Maybe it's using LoadLibrary and GetProcAddress?
Best Api Monitor tool.
Trace the target program automatically and monitor the parameters of all API and COM interfaces.
Auto Debug for Windows 4.0
Auto Debug for .Net
http://www.autodebug.com/
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
