heres my code
Code:
#include "stdafx.h"
#include <stdio.h>
DWORD HookFunction(LPCSTR lpModule, LPCSTR lpFuncName, LPVOID lpFunction, unsigned char *lpBackup);
BOOL UnHookFunction(LPCSTR lpModule, LPCSTR lpFuncName, unsigned char *lpBackup);
int MyMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType);
BYTE hook[6];
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
LoadLibrary("user32.dll");
HookFunction("user32.dll", "MessageBoxA", MyMessageBoxA, hook);
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
int MyMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
{
UnHookFunction("user32.dll", "MessageBoxA", hook);
char msg[32];
sprintf(msg, "HOOKED!!\n\n%s", lpText);
int x = MessageBox(hWnd, msg, lpCaption, uType);
HookFunction("user32.dll", "MessageBoxA", MyMessageBoxA, hook);
return x;
}
DWORD HookFunction(LPCSTR lpModule, LPCSTR lpFuncName, LPVOID lpFunction, unsigned char *lpBackup)
{
DWORD dwAddr = (DWORD)GetProcAddress(GetModuleHandle(lpModule), lpFuncName);
BYTE jmp[6] = { 0xe9, //jmp
0x00,
0x00,
0x00,
0x00, //address
0xc3
}; //retn
ReadProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, lpBackup, 6, 0); //GetCurrentProcess()
DWORD dwCalc = ((DWORD)lpFunction - dwAddr - 5); //((to)-(from)-5)
memcpy(&jmp[1], &dwCalc, 4); //build the jmp
WriteProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, jmp, 6, 0); //GetCurrentProcess()
return dwAddr;
}
BOOL UnHookFunction(LPCSTR lpModule, LPCSTR lpFuncName, unsigned char *lpBackup)
{
DWORD dwAddr = (DWORD)GetProcAddress(GetModuleHandle(lpModule), lpFuncName);
if (WriteProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, lpBackup, 6, 0))
return TRUE;
return FALSE;
}
this is in a dll which is injected in to my msgbox app , it hooks it once then crashs , does anyone know why?, i have another 1 which hooks by imports but was hopeing to get this version fixed to work in a injected dll
thanks