0

Good morning !

I have recently read articles quite interesting about hooking functions, I have followed one or two tutorials but it never seems to work, I am using Detoured and here is the full code which seems to me perfectly normal :(

#include <stdio.h>
#include <windows.h>

#include "stdafx.h"
#include "detours.h"

#pragma comment(lib, "detours.lib")

int(__stdcall* realFunc)(int) = (int(__stdcall*)(int))(0x004157B0);

void hookedFunc(int num)
{
    printf("Test : %d\n", num + 100);
}

BOOL APIENTRY DllMain(HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
    switch (ul_reason_for_call)
    {
    case DLL_PROCESS_ATTACH:
        DetourAttach((PVOID*)(&realFunc), (PVOID)hookedFunc);
        break;
    case DLL_THREAD_ATTACH:
        DetourTransactionBegin();
        DetourUpdateThread(GetCurrentThread());
        DetourAttach((PVOID*)(&realFunc), (PVOID)hookedFunc);
        DetourTransactionCommit();
        hookedFunc(100);
        break;
    case DLL_THREAD_DETACH:
        break;
    case DLL_PROCESS_DETACH:
        DetourDetach((PVOID*)0x004157B0, hookedFunc);
        break;
    }
    return TRUE;
}

When using RemoteDLL and a simple console application as dummy to hook the function, all steps are completed successfully (running as administrator), the memory address to the function I want to be hooked matches, however the code line "printf("Test : %d\n", num + 100);" is not executed, the result does not appears at screen...

If anyone would have an idea about what's going on I would be really happy to hear it !

Thanks in advance !

coldZou
  • 1
  • 1

1 Answers1

0

First, hookedFunc must have the same signature: int __stdcall hookedFunc(int x).

I suppose the following effect of your code: hookedFunc is called each time somebody calls the function at address 0x004157B0. Is it what you expect?

For testing, you call this address. Let me change the code a little to clarify:

extern int __stdcall FunctionIWantToHook(int);
int(__stdcall* realFunc)(int) = FunctionIWantToHook;

...
DetourAttach((PVOID*)(&realFunc), (PVOID)hookedFunc);
FunctionIWantToHook(100); // hookedFunc will be called here
Nikerboker
  • 764
  • 7
  • 14
  • Thank you for your reply ! All I wanted is to hook on the function at address 0x004157B0 where this function only displays a message, I wanted to alter it by displaying a new message to try out, but I may have misunderstood the concept, or forgot something, plus when I use theses next lines to detach : DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourDetach(&(PVOID&)realFunc, hookedFunc); DetourTransactionCommit(); The injection is just not working anymore and fails at step 4 in RemoteDLL :( – coldZou Feb 07 '15 at 10:10