Search
 
 

Display results as :
 


Rechercher Advanced Search

Latest topics
» ~=?{The future is here, TastyExploit officially open to the public}?=~
Tue Mar 02, 2010 11:00 pm by Dami

» My first aa script
Tue Mar 02, 2010 7:00 am by wafflemaster

» the real story behind Maverin
Tue Mar 02, 2010 1:33 am by SoundOfDeat

» Random spam
Mon Mar 01, 2010 11:52 pm by Danny1994

» [Request] EMS v56 Exe
Mon Mar 01, 2010 12:39 am by Dami

» [Blacklist] NX-Trading Blacklist.
Mon Mar 01, 2010 12:38 am by Danny1994

» I have a question regarding the meso farmer
Sat Feb 27, 2010 10:30 pm by Dami

» What are you listening to now?
Sat Feb 27, 2010 7:57 pm by Noname111111

» Video(s) Of The Day
Sat Feb 27, 2010 7:37 pm by Noname111111

Navigation
 Portal
 Index
 Memberlist
 Profile
 FAQ
 Search
Affiliates
free forum
 



[C++] PostMessageA hooking using Detours 1.5

Go down

[C++] PostMessageA hooking using Detours 1.5

Post by Dami on Fri Oct 30, 2009 4:22 am

By 4ng3licDew


Hi everyone,

Just want to share this info on how I use Detours 1.5 to hook PostMessageA.

The example I am going to show you is a simple auto click program for MapleStory. This program generates T keydown events.

The softwares you need are:

1. Microsoft Visual Studio C++ 6

2. Microsoft Detours Library 1.5


References and credits:
1. [TUT] DirectX9.0 Hooking via Detours + Custom Wrapper
by Wiccaan
http://forum.cheatengine.org/viewtopic.php?t=161045

2. Trampoline Documentation
by Ferocious
http://theoklibrary.org/showthread.php?t=449

3. Detours 1.5
from Microsoft
http://research.microsoft.com/Resear...1/Details.aspx

4. Detours 1.5
from Wiccaan's above tut. This rar file only has detours.h and detour.lib files
http://home.comcast.net/~wiccaan/downloads/Detours.rar


Coding:
I will Skip all the win32 coding details and concentrate only on the hooking codes.

1. Open MS Visual Studio C++ and create a new empty win32 project.

2. Create a sub folder "Detours" in your project folder and copy the files detours.h and detour.lib into it.

3. Create your main.cpp file and put in these lines at the top.
Code:

#include <windows.h>
#pragma comment(lib, "Detours/detours.lib")
#include "Detours/detours.h"

4. Declare the function pointers for the target function (In this example it is PostMessageA), and the trampoline function.

Code:

// Function pointer type for PostMessageA in user32 DLL
typedef BOOL (__stdcall *PMAPtr) (HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam);

PMAPtr pTargetPMA = NULL; // Target function pointer
PMAPtr pTrampolinePMA = NULL; // Trampoline function pointer

5. Create the detour function.

Code:

// This Detour function does nothing new. It just calls the trampoline function
BOOL WINAPI DetourPMA(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam) {
    return pTrampolinePMA(hWnd, Msg, wParam, lParam);
}


6. You create the hook at start up.

Code:

HINSTANCE huInst; // Instance of user32 DLL
.
.
.
    case WM_CREATE:
.
.
.
        // Load user32 DLL
        huInst = LoadLibrary("user32.dll");

        // Get function pointer address of PostMessageA
        pTargetPMA = (PMAPtr) GetProcAddress(huInst, "PostMessageA");

        // Hook PostMessageA with the detour function DetourPMA
        pTrampolinePMA = (PMAPtr) DetourFunction((PBYTE) pTargetPMA, (PBYTE) DetourPMA);

        break;


After the hook is created, every time PostMessageA is called, it will call your function DetourPMA instead.
In this example, I only use the trampoline function pointer to jump back to the target function.

7. To send a key down event to Maplestory.

Code:
HWND cHandle; // Windows handle to MapleStory
UINT scancode;
LPARAM lparam;
.
.
.
    // Get window handle on MapleStory
    cHandle = FindWindow("MapleStoryClass", NULL);
   
    // map virtual key code to scan code
    scancode = MapVirtualKey(VK_T, 0);

    // Format of lparam needs the scancode value
    // to be at bit 16 to 23.
    // + 1 is the repeat count
    lparam = (scancode << 16) + 1;

    pTrampolinePMA(cHandle, WM_KEYDOWN, NULL, lparam);



To remove to hook when the program terminates.


Code:

    // If the user wants to close the application
    case WM_DESTROY:
.
.
.
        // Remove hook
        DetourRemove((PBYTE) pTrampolinePMA, (PBYTE) DetourPMA);


That's all there is to it. No more inline asm to worry about
avatar
Dami
Dragon
Dragon

Posts : 1414
Join date : 2009-08-10
Age : 29
Location : Finland

Back to top Go down

Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum