Clever Geek Handbook

DrawText stroke

I downloaded and compiled the Microsoft workaround library. Inside my project, I have included a header file and added a .lib file as a dependency. Everything compiles without errors. Now I am trying to concatenate the DrawText, but for some reason the function to be disabled is not called at all. Likewise, I tried to combine the Sleep function and it worked as intended and called the function I deferred.

I am not very good at API programming as well as other low level activities. I suspect it might have something to do with the fact that I am trying to do this in a console application instead of traversing inside the DLL. It just seems strange to me that in this case he can bypass the Dream.

Is there something wrong with my approach or is the error in the code?

#include <windows.h>
#include <stdio.h>
#include "detours.h"

int ( WINAPI *Real_DrawText )(HDC a0, LPCSTR a1, int a2, LPRECT a3, UINT a4) = DrawTextA;

int Mine_DrawText(HDC hdc, LPCSTR text,  int nCount, LPRECT lpRect, UINT uOptions)
{
   printf("TEST");
   return Real_DrawText(hdc, text, nCount, lpRect, uOptions);
}

int main(int argc, char **argv)
{
    DetourTransactionBegin();
    DetourUpdateThread(GetCurrentThread());
    DetourAttach(&(PVOID&)Real_DrawText, Mine_DrawText);
    DetourTransactionCommit();
    printf("Calling Sleep\n");
    Sleep(1000);
    printf("Second callout");
    Sleep(5000);

    DetourTransactionBegin();
    DetourUpdateThread(GetCurrentThread());
    DetourDetach(&(PVOID&)Real_DrawText, Mine_DrawText);
    DetourTransactionCommit();
    return 0;
}
+2


source to share


3 answers


Based on your example code, it seems like you are only bypassing your own process. So traversing DrawText doesn't output anything. Perhaps you need to inject your code into the desired memory of the target process and concatenate the API call from there. For example, you can create a CBT system hook that acts as a trigger point. Something like this to point you in the direction:



LRESULT CALLBACK CBTProcedure (int nCode, WPARAM wParam, LPARAM lParam)
{
        if (nCode <0)
                return CallNextHookEx (g_hHook, nCode, wParam, lParam);
        else if (! g_pClient)
                return 0;

        HWND hWnd = (HWND) wParam;

        if (! hWnd)
                return 0;

        switch (nCode) {
                case HCBT_ACTIVATE:
                        / ** Here, you can check up against the handle to see,
                          * if the target window is the one you're looking for ...
                          *
                          * /
                        if (! g_pClient-> IsRegisteredWindow (hWnd))
                                if (g_pClient-> RegisterWindow (hWnd)) {
                                }

                break;

                case HCBT_DESTROYWND:
                        if (g_pClient-> IsRegisteredWindow (hWnd))
                                g_pClient-> UnregisterWindow (hWnd);

                break;
        }

        return 0;
}

bool __0XYOUROWN_API InstallHook ()
{
        // Call this one from your main process; set up the system-wide hook.

        g_hHook = SetWindowsHookEx (WH_CBT, (HOOKPROC) CBTProcedure, g_hInstance, 0);

        / ** #pragma data_seg ("Shared")
          * HHOOK g_hHook = NULL;
          * #pragma data_seg ()
          * /

        return g_hHook! = NULL;
}

/ ** The actual DLL ...
  *
  *
  * /
BOOL APIENTRY DllMain (HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
        switch (ul_reason_for_call) {
                case DLL_PROCESS_ATTACH:
                        g_hInstance = (HINSTANCE) hModule;

                        if (:: GetModuleHandle (_T ("THEDESIREDMODULE.EXE"))! = NULL) {
                                g_pClient = new Client ();

                                if (g_pClient) {
                                        InitializeCriticalSection (& g_CriticalSection); // You can setup a critic. sec. for later synchronization ...
                                        DetourTransactionBegin ();
                                        DetourUpdateThread (GetCurrentThread ());
                                        DetourAttach (& (PVOID &) Real_DrawTextW, Mine_DrawTextW);
                                        DetourTransactionCommit ();
                                }
                        }

                break;

                case DLL_THREAD_ATTACH: break;

                case DLL_THREAD_DETACH: break;

                case DLL_PROCESS_DETACH:
                        if (:: GetModuleHandle (_T ("THEDESIREDMODULE.EXE"))! = NULL) {
                                if (g_pClient) {
                                        DetourTransactionBegin (); 
                                        DetourUpdateThread (GetCurrentThread ());
                                        DetourDetach (& (PVOID &) Real_DrawTextW, Mine_DrawTextW);
                                        DetourTransactionCommit ();

                                        delete g_pClient;

                                        g_pClient = NULL;
                                }
                        }

                break;
        }
}
+1


source


You seem to be assuming that printf () will call DrawText (). This is not true. DrawText () is a GDI function. printf () goes to WriteConsole (). They don't mix. "Console windows" are not at all like all other windows. This distinction is fundamental architectural; it is even managed by individual kernel components.



+1


source


Side note only: EasyHook - Reimagining the API Hooking API is an open source ( LGPL ) development project for Detours' successor . He's already mature enough.

+1


source






More articles:


All Articles