Display results as :

Rechercher Advanced Search

Latest topics
» ~=?{The future is here, TastyExploit officially open to the public}?=~
Tue Mar 02, 2010 11:00 pm by Dami

» My first aa script
Tue Mar 02, 2010 7:00 am by wafflemaster

» the real story behind Maverin
Tue Mar 02, 2010 1:33 am by SoundOfDeat

» Random spam
Mon Mar 01, 2010 11:52 pm by Danny1994

» [Request] EMS v56 Exe
Mon Mar 01, 2010 12:39 am by Dami

» [Blacklist] NX-Trading Blacklist.
Mon Mar 01, 2010 12:38 am by Danny1994

» I have a question regarding the meso farmer
Sat Feb 27, 2010 10:30 pm by Dami

» What are you listening to now?
Sat Feb 27, 2010 7:57 pm by Noname111111

» Video(s) Of The Day
Sat Feb 27, 2010 7:37 pm by Noname111111

free forum

[C++] PostMessageA hooking using Detours 1.5

Go down

[C++] PostMessageA hooking using Detours 1.5

Post by Dami on Fri Oct 30, 2009 4:22 am

By 4ng3licDew

Hi everyone,

Just want to share this info on how I use Detours 1.5 to hook PostMessageA.

The example I am going to show you is a simple auto click program for MapleStory. This program generates T keydown events.

The softwares you need are:

1. Microsoft Visual Studio C++ 6

2. Microsoft Detours Library 1.5

References and credits:
1. [TUT] DirectX9.0 Hooking via Detours + Custom Wrapper
by Wiccaan

2. Trampoline Documentation
by Ferocious

3. Detours 1.5
from Microsoft

4. Detours 1.5
from Wiccaan's above tut. This rar file only has detours.h and detour.lib files

I will Skip all the win32 coding details and concentrate only on the hooking codes.

1. Open MS Visual Studio C++ and create a new empty win32 project.

2. Create a sub folder "Detours" in your project folder and copy the files detours.h and detour.lib into it.

3. Create your main.cpp file and put in these lines at the top.

#include <windows.h>
#pragma comment(lib, "Detours/detours.lib")
#include "Detours/detours.h"

4. Declare the function pointers for the target function (In this example it is PostMessageA), and the trampoline function.


// Function pointer type for PostMessageA in user32 DLL
typedef BOOL (__stdcall *PMAPtr) (HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam);

PMAPtr pTargetPMA = NULL; // Target function pointer
PMAPtr pTrampolinePMA = NULL; // Trampoline function pointer

5. Create the detour function.


// This Detour function does nothing new. It just calls the trampoline function
    return pTrampolinePMA(hWnd, Msg, wParam, lParam);

6. You create the hook at start up.


HINSTANCE huInst; // Instance of user32 DLL
    case WM_CREATE:
        // Load user32 DLL
        huInst = LoadLibrary("user32.dll");

        // Get function pointer address of PostMessageA
        pTargetPMA = (PMAPtr) GetProcAddress(huInst, "PostMessageA");

        // Hook PostMessageA with the detour function DetourPMA
        pTrampolinePMA = (PMAPtr) DetourFunction((PBYTE) pTargetPMA, (PBYTE) DetourPMA);


After the hook is created, every time PostMessageA is called, it will call your function DetourPMA instead.
In this example, I only use the trampoline function pointer to jump back to the target function.

7. To send a key down event to Maplestory.

HWND cHandle; // Windows handle to MapleStory
UINT scancode;
LPARAM lparam;
    // Get window handle on MapleStory
    cHandle = FindWindow("MapleStoryClass", NULL);
    // map virtual key code to scan code
    scancode = MapVirtualKey(VK_T, 0);

    // Format of lparam needs the scancode value
    // to be at bit 16 to 23.
    // + 1 is the repeat count
    lparam = (scancode << 16) + 1;

    pTrampolinePMA(cHandle, WM_KEYDOWN, NULL, lparam);

To remove to hook when the program terminates.


    // If the user wants to close the application
    case WM_DESTROY:
        // Remove hook
        DetourRemove((PBYTE) pTrampolinePMA, (PBYTE) DetourPMA);

That's all there is to it. No more inline asm to worry about

Posts : 1414
Join date : 2009-08-10
Age : 29
Location : Finland

Back to top Go down

Back to top

Permissions in this forum:
You cannot reply to topics in this forum