0

I'm trying to hook the MessageBoxA function with MS Detours 3.0 but when I try it my program crashes. I'm not sure what is causing the program to crash. When i run the test program and hit shift the message box appears, but when I inject the dll and hit shift my program crashes.

TEST PROGRAM

#include <Windows.h>

int main()
{
    for(;;)
    {
        if(GetAsyncKeyState(VK_SHIFT))
        {
            MessageBoxA(0,"NOT HOOKED","HOOK STATUS",0);
        }
    }
}

HOOK DLL

#include <Windows.h>
#include <detours.h>
#pragma comment(lib,"detours.lib")

BOOL (WINAPI* oMessageBoxA)(HWND,LPCTSTR,LPCTSTR,UINT);

BOOL WINAPI hMessageBoxA( HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption,UINT uType) 
{ 
        return oMessageBoxA(hWnd,"HOOKED",lpCaption,uType);
} 

void patch()
{
    HMODULE user32 = GetModuleHandle("user32.dll");
    if(user32 != NULL)
    {
        DWORD MessageBoxAddress = (DWORD)GetProcAddress(user32,"MessageBoxA");
        oMessageBoxA = (BOOL (WINAPI*)(HWND, LPCTSTR, LPCTSTR, UINT))MessageBoxAddress;
        DetourTransactionBegin();
        DetourUpdateThread(GetCurrentThread());
        DetourAttach(&(PVOID&)oMessageBoxA, hMessageBoxA);
        DetourTransactionCommit();
    }
}

BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved)
{
    if(fdwReason==DLL_PROCESS_ATTACH)
    {
        patch();
    }
}
user3196467
  • 1
  • 1
  • That `DetourAttach` call looks awfully sketchy. I think you wanted `reinterpret_cast(&oMessageBoxA)`. – chris Jan 15 '14 at 03:10
  • thanks for the response, but my program still crashes. – user3196467 Jan 15 '14 at 03:26
  • Please be less vague. Provide details of the crash. – Raymond Chen Jan 15 '14 at 06:18
  • @chris: the `&(LPVOID&)` syntax is what is used in most examples. – Remy Lebeau Jan 15 '14 at 07:14
  • @RemyLebeau, Really? I looked up the first example or two I could find and found `(PVOID*)(&foo)`. I guess I'm not used to seeing references used like that, but come to think of it, both should do the same. My mistake then. – chris Jan 15 '14 at 07:20
  • @chris: I like `(PVOID*)(&foo)` and `reinterpret_cast(&foo)` instead of `&(PVOID&)foo`. Just looks cleaner. Thanks. – Remy Lebeau Jan 15 '14 at 07:28
  • @user3196467 I know this is old, but I was wondering if you got it to work. I'm having the same problem as you and it's really imprtant for me to solve this. – Elyasaf755 Dec 29 '19 at 04:04

1 Answers1

3

You have declared the signature of MessageBoxA() incorrectly, and your use of DWORD MessageBoxAddress will not work in a 64bit DLL.

Try this DLL code instead:

#include <Windows.h>
#include <detours.h>
#pragma comment(lib,"detours.lib")

typedef int (WINAPI* LPFN_MBA)(HWND, LPCSTR, LPCSTR, UINT);
LPFN_MBA oMessageBoxA = NULL;

int WINAPI hMessageBoxA( HWND hWnd, LPCSTR lpText, LPCSTR lpCaption,UINT uType) 
{ 
    return oMessageBoxA(hWnd,"HOOKED",lpCaption,uType);
} 

void patch()
{
    HMODULE user32 = GetModuleHandle(TEXT("user32.dll"));
    if (user32 != NULL)
    {
        oMessageBoxA = (LPFN_MBA) GetProcAddress(user32, "MessageBoxA");
        if (oMessageBoxA != NULL)
        { 
            DetourTransactionBegin();
            DetourUpdateThread(GetCurrentThread());
            DetourAttach((PVOID*)&oMessageBoxA, hMessageBoxA);
            DetourTransactionCommit();
        } 
    }
}

void unpatch()
{
    if (oMessageBoxA != NULL)
    {
        DetourTransactionBegin();
        DetourUpdateThread(GetCurrentThread());
        DetourDetach((PVOID*)&oMessageBoxA, hMessageBoxA);
        DetourTransactionCommit();
    }
}


BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
    if (fdwReason == DLL_PROCESS_ATTACH)
    {
        DisableThreadLibraryCalls(hinstDLL);
        patch();
    }
    else if (fdwReason == DLL_PROCESS_DETACH)
    {
        unpatch();
    }
}

Read the following for more details:

API Hooking with MS Detours

Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770