delphi - CreateFile Hook -


i trying create hook createfile, when process tryies create file hookdll created notify user that: "this process xx.exe trying create xx.exe, want proceceed?"

so far here, need modify in code:

library createfilehook;  uses  windows, dialogs, sysutils;  type oldcode = packed record  one: dword;  two: word; end;  far_jmp = packed record  puhsop: byte;  pusharg: pointer;  retop: byte; end;  var   jmpcfw, jmpcfa: far_jmp;   oldcfw, oldcfa: oldcode;   cfwadr, cfaadr: pointer;  function newcreatefilea(lpfilename: pchar;                        dwdesiredaccess: dword;                        dwsharemode: dword;                        lpsecurityattributes: psecurityattributes;                        dwcreationdisposition: dword;                        dwflagsandattributes: dword;                        htemplatefile: thandle): thandle; stdcall; var   file_name: pwidechar;   name_len: dword; begin   name_len := lstrlen(lpfilename) * sizeof(widechar) + 2;   getmem(file_name, name_len);   stringtowidechar(lpfilename, file_name, name_len);    createfilew(file_name, dwdesiredaccess, dwsharemode, lpsecurityattributes,               dwcreationdisposition, dwflagsandattributes, htemplatefile);    freemem(file_name); end;  function truecreatefilew(lpfilename: pwidechar;                         dwdesiredaccess: dword;                         dwsharemode: dword;                         lpsecurityattributes: psecurityattributes;                         dwcreationdisposition: dword;                         dwflagsandattributes: dword;                         htemplatefile: thandle): thandle; stdcall; var written: dword; begin  writeprocessmemory(invalid_handle_value, cfwadr,                     @oldcfw, sizeof(oldcode), written);   createfilew(lpfilename,              dwdesiredaccess,              dwsharemode,              lpsecurityattributes,              dwcreationdisposition,              dwflagsandattributes,              htemplatefile);   writeprocessmemory(invalid_handle_value, cfwadr,                     @jmpcfw, sizeof(far_jmp), written); end;  function newcreatefilew(lpfilename: pwidechar;                        dwdesiredaccess: dword;                        dwsharemode: dword;                        lpsecurityattributes: psecurityattributes;                        dwcreationdisposition: dword;                        dwflagsandattributes: dword;                        htemplatefile: thandle): thandle; stdcall; begin  truecreatefilew(lpfilename,                  dwdesiredaccess,                  dwsharemode,                  lpsecurityattributes,                  dwcreationdisposition,                  dwflagsandattributes,                  htemplatefile); end;  procedure sethook(); var   kernel32: dword;   bytes: dword; begin   kernel32 := getmodulehandle('kernel32.dll');   cfwadr  := getprocaddress(kernel32, 'createfilew');   cfaadr  := getprocaddress(kernel32, 'createfilea');   readprocessmemory(invalid_handle_value, cfwadr, @oldcfw, sizeof(oldcode), bytes);   readprocessmemory(invalid_handle_value, cfaadr, @oldcfa, sizeof(oldcode), bytes);   jmpcfw.puhsop  := $68;   jmpcfw.pusharg := @newcreatefilew;   jmpcfw.retop   := $c3;   jmpcfa.puhsop  := $68;   jmpcfa.pusharg := @newcreatefilea;   jmpcfa.retop   := $c3;   writeprocessmemory(invalid_handle_value, cfwadr, @jmpcfw, sizeof(far_jmp), bytes);   writeprocessmemory(invalid_handle_value, cfaadr, @jmpcfa, sizeof(far_jmp), bytes); end;  procedure unhook(); var bytes: dword; begin  writeprocessmemory(invalid_handle_value, cfaadr, @oldcfa, sizeof(oldcode), bytes);  writeprocessmemory(invalid_handle_value, cfwadr, @oldcfw, sizeof(oldcode), bytes); end;  function messageproc(code : integer; wparam : word;                    lparam : longint) : longint; stdcall; begin   callnexthookex(0, code, wparam, lparam);   result := 0; end;  procedure setglobalhookproc(); begin   setwindowshookex(wh_getmessage, @messageproc, hinstance, 0);   sleep(infinite); end;  procedure setglobalhook(); var   hmutex: dword;   trid: dword; begin   hmutex := createmutex(nil, false, 'createfilehook');   if getlasterror = 0   createthread(nil, 0, @setglobalhookproc, nil, 0, trid) else   closehandle(hmutex); end;  procedure dllentrypoint(dwreason: dword); begin  case dwreason of    dll_process_attach: begin                          setglobalhook();                          randomize();                          sethook()                        end;    dll_process_detach: unhook();  end; end;  begin   dllproc := @dllentrypoint;   dllentrypoint(dll_process_attach); end.

at quick glance, see several problems code. did from? don't have reference handy i'm pretty sure can find working examples of you're trying on web.

you shouldn't have use read/writeprocessmemory since you're inside process you're trying modify - windows copy-on-write you.

if want/need use read/writeprocessmemory way handle use openprocess.

this hook code not reentrant - 1 thread may exiting readfile, restoring redirect code right before thread attempt call after second thread thinks it's 'repaired' it.

a cleaner way save pointer in import address table points function wish hook, modify call hook routine. can use saved pointer call original routine within hook.

once (if) working, prepared see lot of calls createfile. createfile used creating/opening lots of stuff besides physical files, e.g. com ports, pipes, console buffers, whatnot.


Comments

Post a Comment

Popular posts from this blog

c# - SharpSVN - How to get the previous revision? -

i trying find efficient way previous revision of file text comparison using sharpsvn. using (svnclient c = new svnclient()) { c.authentication.defaultcredentials = new networkcredential( configurationmanager.appsettings.get("svnserviceusername") , configurationmanager.appsettings.get("svnservicepassword") , configurationmanager.appsettings.get("svnservicedomain") ); c.authentication.sslservertrusthandlers += new eventhandler<svnsslservertrusteventargs>(authentication_sslservertrusthandlers); collection<svnfileversioneventargs> fileversioncollection = new collection<svnfileversioneventargs>(); svnrevisionrange range = new svnrevisionrange(0, this.hooks.revision); svnfileversionsargs args = new svnfileversionsargs(); args.retrieveproperties = true; args.range = range; foreach (svnchangeitem item in log.changedpaths) { string path = this.repositorypath + it...
Read more

c++ - Is it possible to compile a VST on linux? -

for class project i'm attempting write vst plugin backed cuda. current cuda workflow on linux box, i'd prefer compile , link there. according wikipedia , should possible (i couldn't find steinberg documentation relevant linux) can't find makefile or instructions on how build if aren't using xcode or visual studio. i'm vst 3 sdk doesn't support linux. when try compile plugin under linux, error: ./base/source/fatomic.cpp:39:30: fatal error: libkern/osatomic.h: no such file or directory this issue caused following code in "vst3 sdk/base/source/fatomic.cpp" #if mac #include <libkern/osatomic.h> #if mac_os_x_version_min_required > mac_os_x_version_10_4 #define native_atomic_type (volatile int32_t*) #else #define native_atomic_type (int32_t*) #endif #elif windows #include <windows.h> #endif but hope compiling under linux work vst sdk 2.4. reading. jvstwrapper seems run on lin...
Read more

url - Querystring manipulation of email Address in PHP -

i using third party application (email2http) send me emailid, body , message. unable retrieve email id due name appended on , enclosed < , >. here querystring getting. test.php?from=ajay+reddy &subject=cx&body=somebody when print variable in php returns name , not email id. $from = $_get['from']; echo $from; //output ajay reddy please suggest me how can emailid also. i dont want use post method due testing , debugging. it's working fine. forgot use htmlentities() in debugging.
Read more