Windows Printer API Hooking using Easyhook

Asked Aug 08 '18 at 14:42

Active Aug 08 '18 at 14:42

Viewed 782 times

I'm trying to Hook the WritePrinter function present in winspool.drv using Easyhook RhInstallLibrary.

Injector.cpp

NTSTATUS nt = RhInjectLibrary(
    processId,   // The process to inject into
    0,           // ThreadId to wake up upon injection
    EASYHOOK_INJECT_DEFAULT,
    NULL, // 32-bit
    dllToInject,         // hook.dll
    NULL, // data to send to injected DLL entry point
    0// size of data to send
);

In hook.ddl, following function is created to hook printer function

BOOL MyWritePrinter(HANDLE hPrinter, LPVOID pBuf, DWORD cbBuf, LPDWORD pcWritten)

{

//Some Code

return  WritePrinter(hPrinter, pBuf, cbBuf, pcWritten);//

}

Data stream passed to printer is present in pBuf. But I'm not able to get that data. How can I read data from pBuf

WritePrinter Function Reference : https://msdn.microsoft.com/en-us/library/windows/desktop/dd145226(v=vs.85).aspx

asked Aug 08 '18 at 14:42

Kartikeya Rana

What have you tried and what/how did it fail? pBuf is a pointer to an array of bytes, the length of which is in cbBuf – Justin Stenning Aug 08 '18 at 21:46
@JustinStenning I have tried almost every type casting but no result. Yes, you are right about pBuf and cbBuf. Can you tell me how to get data from pBuf and convert it into string ? – Kartikeya Rana Aug 09 '18 at 08:42

Windows Printer API Hooking using Easyhook

0 Answers0

Linked