I'm using WinInet and InternetOpenUrl to download a file... which is working. But I want to monitor the progress so I tried to add a Callback function but for some reason it's never called...
The code:
void CALLBACK DownloadProgress(HINTERNET hInternet, DWORD_PTR dwContext, DWORD dwInternetStatus, LPVOID lpvStatusInformation, DWORD dwStatusInformationLength)
{
// this function never gets called
MessageBox(NULL, L"test", L"test", MB_OK);
}
void Download()
{
HINTERNET hOpen = InternetOpen(0, INTERNET_OPEN_TYPE_DIRECT, 0, 0, 0);
InternetSetStatusCallback(hOpen, DownloadProgress);
HINTERNET hOpenUrl = InternetOpenUrl(hOpen, L"http://www.website.com/test.txt", 0, 0, 0, 0);
// small edit
InternetReadFile(hOpenUrl, data, SIZE, &size);
}
What am I doing wrong here?
From the MSDN:
INTERNET_STATUS_CALLBACK InternetSetStatusCallback(
_In_ HINTERNET hInternet,
_In_ INTERNET_STATUS_CALLBACK lpfnInternetCallback
);
Note The callback function specified in the lpfnInternetCallback
parameter will not be called on asynchronous operations for the
request handle when the dwContext parameter of HttpOpenRequest is set
to zero (INTERNET_NO_CALLBACK), or the connection handle when the
dwContext handle of InternetConnect is set to zero
(INTERNET_NO_CALLBACK).
In your case, you are using InternetOpenUrl (after calling InternetOpen) which is an easy alternative to work with URLs when you not need to access the particulars of the protocol. Syntax:
HINTERNET InternetOpenUrl(
_In_ HINTERNET hInternet,
_In_ LPCTSTR lpszUrl,
_In_ LPCTSTR lpszHeaders,
_In_ DWORD dwHeadersLength,
_In_ DWORD dwFlags,
_In_ DWORD_PTR dwContext
);
dwContext is an application-defined value that's passed to the callback function registered with InternetSetStatusCallback. Is used to identify the application context.
Now, note that you are passing dwContext=0 to this function in your code. If you change that, your code will work as you expect.
Related
When i run my program it successfully createfile but when I tried to inject my CreateFile API into my program it shows exception
Exception thrown: read access violation.
pbCode was nullptr.
I have search from various sites but still unable to locate the problem
This is the code for hooked CreateFile
_CreateFile TrueCreateFile =
(_CreateFile)GetProcAddress(GetModuleHandle(L"kernel32"), "CreateFile");
HANDLE WINAPI HookCreateFile(
_In_ LPCTSTR lpFileName,
_In_ DWORD dwDesiredAccess,
_In_ DWORD dwShareMode,
_In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes,
_In_ DWORD dwCreationDisposition,
_In_ DWORD dwFlagsAndAttributes,
_In_opt_ HANDLE hTemplateFile)
{
HANDLE out = TrueCreateFile((LPCTSTR)"C:\\Users\\abc\\bar.txt",
dwDesiredAccess,
dwShareMode,
lpSecurityAttributes,
dwCreationDisposition,
dwFlagsAndAttributes,
hTemplateFile);
return out;
}
To Hook CreateFile
void hook_CreateFile()
{
HANDLE hProc = NULL;
if (Mhook_SetHook((PVOID*)&TrueCreateFile, HookCreateFile)) {
// Now call OpenProcess and observe NtOpenProcess being redirected
// under the hood.
hProc = OpenProcess(PROCESS_ALL_ACCESS,
FALSE, GetCurrentProcessId());
if (hProc) {
printf("Successfully opened CreateFile: %p\n", hProc);
CloseHandle(hProc);
}
else {
printf("Could not open CreateFile: %d\n", GetLastError());
}
}
}
TrueCreateFile is a pointer to the function's address.
You're passing &TrueCreateFile which is the address of the pointer.
You're hooking the pointer instead of the function.
Just pass (void*)TrueCreateFile
I am using visual studio 2015 and I want to write C++ static library that I can use in Unicode projects and in Multi-Byte projects, how I doing it right?
For example I have this code:
namespace Reg
{
LONG WINAPI CreateKey(
_In_ HKEY hKey,
_In_ LPCTSTR lpSubKey,
_In_ REGSAM samDesired,
_Out_ PHKEY phkResult
)
{
return RegCreateKeyEx(hKey,
lpSubKey,
0, NULL,
REG_OPTION_NON_VOLATILE,
samDesired,
NULL,
phkResult,
NULL);
}
}
Like Raymond Chen suggested in a comment, you can use two separate overloaded functions - one for Ansi, one for Unicode:
namespace Reg
{
LONG WINAPI CreateKey(
_In_ HKEY hKey,
_In_ LPCSTR lpSubKey,
_In_ REGSAM samDesired,
_Out_ PHKEY phkResult
)
{
return RegCreateKeyExA(hKey,
lpSubKey,
0, NULL,
REG_OPTION_NON_VOLATILE,
samDesired,
NULL,
phkResult,
NULL);
}
LONG WINAPI CreateKey(
_In_ HKEY hKey,
_In_ LPCWSTR lpSubKey,
_In_ REGSAM samDesired,
_Out_ PHKEY phkResult
)
{
return RegCreateKeyExW(hKey,
lpSubKey,
0, NULL,
REG_OPTION_NON_VOLATILE,
samDesired,
NULL,
phkResult,
NULL);
}
}
Or, like rubenvb suggested, just forget about the Ansi function altogether, focus on just Unicode by itself:
namespace Reg
{
LONG WINAPI CreateKey(
_In_ HKEY hKey,
_In_ LPCWSTR lpSubKey,
_In_ REGSAM samDesired,
_Out_ PHKEY phkResult
)
{
return RegCreateKeyExW(hKey,
lpSubKey,
0, NULL,
REG_OPTION_NON_VOLATILE,
samDesired,
NULL,
phkResult,
NULL);
}
}
you could do it same way as is usually used for Win32 functions:
CreateKeyW(..) { unicode implementation }
CreateKeyA(..) { byte string implementation }
#ifdef UNICODE
#define CreateKey CreateKeyW
#else
#define CreateKey CreateKeyA
#endif
Do you know why I can't run the program when hooking one of kernel32 functions? I'm writing anti cheat and want to optimize it more because currently it's in thread, but something is wrong...
There's written OpenProcess because I've tried before to hook it and the same problem.
typedef HANDLE ( WINAPI * pOpenProcess )( _In_ HANDLE hProcess,
_In_ LPSECURITY_ATTRIBUTES lpThreadAttributes,
_In_ SIZE_T dwStackSize,
_In_ LPTHREAD_START_ROUTINE lpStartAddress,
_In_ LPVOID lpParameter,
_In_ DWORD dwCreationFlags,
_Out_ LPDWORD lpThreadId );
pOpenProcess original;
__declspec(naked) void hOpenProcess()
{
__asm PUSHAD
__asm PUSHFD
//my actions here
__asm POPFD
__asm POPAD
__asm JMP[original]
};
void ZPerformHook()
{
DWORD Address = ( DWORD )GetProcAddress( GetModuleHandle( TEXT( "kernel32.dll" ) ), "CreateRemoteThread" );
original = ( pOpenProcess )DetourFunction( (PBYTE)Address, (PBYTE)hOpenProcess );
}
"//my actions here" would be interesting, maybe you are corrupting the stack.
or maybe the error is in your DetourFunction.
how does your program fail? maybe with a access violation?
also you don´t have to use a naked function. you can just hook to a function that has the exact same signature as your target.
no asm needed.
HANDLE __stdcall hOpenProcess( HANDLE hProcess,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
SIZE_T dwStackSize,
LPTHREAD_START_ROUTINE lpStartAddress,
LPVOID lpParameter,
DWORD dwCreationFlags,
LPDWORD lpThreadId )
{
// do your stuff here
std::cout << "From hook" << std::endl;
return original( hProcess, lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpThreadId);
}
if that doesn´t work, check the return value of GetProcAddress, if that´s correct, something in your DetourFunction may be going wrong.
you could also use a disassembler like beaengine and dump your target function after detouring to see if the hook was applied correctly
I created a dll with form in it, and when we inject the dll the form open.
But the problem it when I do it, the process that I injected to, stuck and I can't with him noting.
here what I did.
DWORD WINAPI MessageLoop(HINSTANCE hInstance)
{
hWindow = CreateDialog(hInstance, MAKEINTRESOURCE(IDD_DIALOG1), NULL, DLGPROC(WindowProc));
MSG Msg;
while(GetMessage(&Msg, 0, 0, 0))
{
TranslateMessage(&Msg);
DispatchMessage(&Msg);
}
return 0;
}
and the injection:
DWORD WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPSTR lpszReserved)
{
if(dwReason == DLL_PROCESS_ATTACH)
{
CreateThread(0, 0, (LPTHREAD_START_ROUTINE)MessageLoop(hInstance), 0, 0, 0);
}
return 0;
}
#Remy Lebeau :
DWORD WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPSTR lpszReserved)
{
if(dwReason == DLL_PROCESS_ATTACH)
{
CreateThread(0, 0, &MessageLoop, hInstance, 0, 0);
}
return 0;
}
Your call to CreateThread() is wrong. You are not passing the address of MessageLoop() to it, you are actually calling MessageLoop() instead. Try this:
DWORD WINAPI MessageLoop(LPVOID lpParameter)
{
HINSTANCE hInstance = (HINSTANCE) lpParameter;
...
}
CreateThread(0, 0, &MessageLoop, hInstance, 0, 0);
BTW, CreateThread() is not safe to call in DllMain(). This is clearly stated in various MSDN documentation. You will have to move it out of DllMain(), such as by having the DLL export a separate function that calls CreateThread() internally, and then have your injection code call the exported function after the DLL has been loaded into memory.
Shell Execute has the following signature :
HINSTANCE ShellExecute(
__in_opt HWND hwnd,
__in_opt LPCTSTR lpOperation,
__in LPCTSTR lpFile,
__in_opt LPCTSTR lpParameters,
__in_opt LPCTSTR lpDirectory,
__in INT nShowCmd
);
How can we use lpParameters , Can we handle the parameter in my application. I am executing my app as below:
HINSTANCE hShellExecuteStatus = ShellExecute(NULL, "open", "MyPath/MyApp.EXE", NULL, NULL, SW_SHOWNORMAL);
Can I pass something in the 4th parameter i.e: lpParameters , so that I can handle this with MyApp.Exe , let's say if I am passing "Hi: in the 4th param:
HINSTANCE hShellExecuteStatus = ShellExecute(NULL, "open", "MyPath/MyApp.EXE", "Hi", NULL, SW_SHOWNORMAL);
Can I check in my application whether it is hi and display a message high.
I tried with POSTMESSAGE , but is not helpful with shellexecute
lpParameters will come through in the command line. Use GetCommandLine() to see it.