Results 1 to 3 of 3

Thread: Hooking with detours, DrawText ExtTextOut etc.

  1. #1

    Hooking with detours, DrawText ExtTextOut etc.

    1. What is the problem....
    - Hook injected successfully but not picking up all text
    2. What is the protection....
    - none,
    3. What tools are you using....
    - Olly
    4. What tutorials have you read....
    - All over, alot from the codeproject, reading books like "secrets of reverse engineering", "the ida pro book","subverting the windows kernel rootkits" (in that order)
    5. Show your output listing WITH comments....
    - listed below
    6. NOW ask your question....
    - here goes :

    This is a little "detour" (hoho) from this thread
    What i want to do is to snoop on OllyDbg's LOG window, and i do this by hooking with detours. (Ollys log window can be directed to a file but Olly uses a write buffer wich is too large for my needs, i need as close to realtime as possible)
    I create my hook with this;

    DetourCreateProcessWithDll(OllyPath, NULL, NULL, NULL, TRUE,
    &si, &pi, "detoured.dll", "hook.dll", NULL);

    these are the api's I hook
    and i get output from all api's (in the hook i write intercepted texts to files), but not ALL of it, i get like this ;

    -CPU - main thread, module notepad
    -Executable modules
    -Log data
    -Memory map
    -CPU - main thread, module notepad
    -Executable modules
    -Log data
    -Log data

    What it looks like to me is that i get the texts of different titlebars but not the actual content of these containers. Pretty damned weird to me!
    So, any idea as to what i am hooking/doing wrong?
    The "-Log data" is the title of the window i want to snoop on, according to spy++ it's a "AList" with caption (surprise) Log data.

    Do i need to be hooking something else as well, or is this 'snooping on olly' a dead end?

  2. #2
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Blog Entries
    Take a look at the Olly plugin development kit. Log window text can be written through the internal commands message() and Addtolist(), which use *printf() functions.

    Similarly, plugins use a standard Painttable() function callback to individually add text to each column in their windows, again you can simply use printf() within that callback. Look at the default Bookmark example or any plugin with source.

    Chances are Olly uses some internal variation of this, thunking down to printf() or some variant, rather than the DrawText functions.

  3. #3
    Ok thanks, ill look into that.

    In a little desperate twist i tried to 'log to file' and then hook WriteFile. This works. With the little catch that the 'buffer delay' is still present. I sorta hoped that Olly would call WriteFile instantly and the delay-to-file was an internal windows buffer. It is not! hehe.

    While this is getting on my gdamned nerves it's also kinda fun

Similar Threads

  1. ApiMapSet Hooking
    By deroko in forum Blogs Forum
    Replies: 1
    Last Post: November 3rd, 2011, 12:37
  2. Hooking with Java?
    By AttonRand in forum The Newbie Forum
    Replies: 7
    Last Post: October 8th, 2009, 09:29
  3. API Hooking
    By bedrock in forum Advanced Reversing and Programming
    Replies: 18
    Last Post: April 7th, 2008, 15:57
  4. Hooking DLL functions
    By Hero in forum The Newbie Forum
    Replies: 1
    Last Post: July 28th, 2004, 08:41
  5. Hooking serialport
    By Rattle in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: April 3rd, 2002, 14:38


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts