0

I am developing a win32 API hook program. Accordingly to my understanding, when a program calls ReadFile for a particular file, the content of that file is copied to lpBuffer(see the definition below),

ReadFile definition:

BOOL ReadFile(
  HANDLE       hFile,
  LPVOID       lpBuffer,
  DWORD        nNumberOfBytesToRead,
  LPDWORD      lpNumberOfBytesRead,
  LPOVERLAPPED lpOverlapped
);

Now, my target is to alter this lpBuffer and fill it with provided content by me! I am using EasyHook to hook ReadFile. I am not familiar with LPVOID type. I was able to alter the content for GetCurrentDirectory using the following code.

 string b = "C:\\my\\altered\\directory";
 DWORD returnLength  = b.length();
 int i;
 for (i = 0; i<b.length(); i++)
 {
    lpBuffer[i] = b[i];
 }
 lpBuffer[i++] = '\0';

GetCurrentDirectory definition:

DWORD GetCurrentDirectory(
  DWORD  nBufferLength,
  LPTSTR lpBuffer
);

How to do similar value assignment for ReadFile (LPVOID lpBuffer)?

Md Sajid
  • 131
  • 1
  • 1
  • 13
  • Treat it as a pointer to the first element of an array of bytes, at least `nNumberOfBytesToRead` bytes in length. Just like you do for the `GetCurrentDirectory` override. You need to cast the pointer though. – Some programmer dude Dec 22 '20 at 19:46
  • `LPVOID` is a pointer to `void`. `void` is nothing. You can't make a `void`, but you can cast ANYTHING to a pointer to `void`, so you don't have to do anything other than get the pointer to the `string`'s character buffer: `ReadFile(handle, b.data(), ...)`. Unfortunately that doesn't make any sense logically. – user4581301 Dec 22 '20 at 19:46

1 Answers1

0

Here's the LPVOID typedef:

#define far
typedef void far *LPVOID;

The far macro is defined as nothing, I guess it's because of some historical reasons (baggage). So you can almost directly treat the LPVOID as void*.

And now, suppose you have a std::vector<uint8_t> named FakeData, just:

if (nNumberOfBytesToRead < FakeData.size()) {
    SetLastError(ERROR_INSUFFICIENT_BUFFER);
    return FALSE;
}

memcpy(lpBuffer, FakeData.data(), FakeData.size());
*lpNumberOfBytesRead = FakeData.size();

SetLastError(ERROR_SUCCESS);
return TRUE;
Sprite
  • 3,222
  • 1
  • 12
  • 29
  • I think you're headed in the right direction here, but if I'm not 100% sure, you're probably you're not giving the asker enough of an explanation. – user4581301 Dec 22 '20 at 19:48
  • @user4581301 Yes, I edited the answer for further explanation. – Sprite Dec 22 '20 at 19:53
  • `string content = "altered content"; memcpy(lpBuffer, content, content.length()); ` Can I do something like this? Need to case content to const void, I guess – Md Sajid Dec 22 '20 at 19:57
  • @MdSajid You can do this for text files, not recommended for binary files. And it should be `memcpy(lpBuffer, content.c_str(), content.length());` – Sprite Dec 22 '20 at 20:01
  • I only perform this action on file type like "txt" – Md Sajid Dec 22 '20 at 20:02
  • @MdSajid That's no problem. – Sprite Dec 22 '20 at 20:03
  • @MdSajid Oops, don't forget to assign the size to `lpNumberOfBytesRead`, I have edited the answer. – Sprite Dec 22 '20 at 20:09