Stack Overflow
Stack Overflow

Questions tagged [api-hook]

Api hooking is the technique of altering the behaviour of operating systems or applications by intercepting function calls in order to run alternative or additional code instead.

57 questions
24
votes
1 answer

How does SysInternal's ProcessMonitor work?

Could someone please give me a high level explanation how they are able to monitor every single registry access? http://technet.microsoft.com/en-us/sysinternals/bb896645 Enough detail so that i could google around the various sub-topics and try to…
Tom
  • 419
  • 1
  • 5
  • 7
10
votes
2 answers

How can I create a window (HWND) without using CreateWindow(Ex)?

I'm using a proxy DLL to intercept calls to CreateWindowExA/CreateWindowExW. This works quit nicely, except that some applications (most notably some Visual Basic 6 applications) seem to be able to create windows without going through either of the…
Frerich Raabe
  • 90,689
  • 19
  • 115
  • 207
7
votes
2 answers

Registry monitoring, including kernel-mode registry accesses?

I remember for my final year university project i wrote a C# registry monitor, however, when i compared it with the Microsoft ProcessMonitor application (i cant remember its exact name, but was a company bought by MSoft), i wasnt capturing as many…
Tom
  • 419
  • 1
  • 5
  • 7
6
votes
1 answer

API Hook on a COM object function?

Greetings StackOverflowians, As discovered here, Windows 7 features a bug in which the DISPID_BEFORENAVIGATE2 event does not fire for Windows Explorer instances. This event allows shell extensions to be notified when a navigation is about to take…
Paul Accisano
  • 1,416
  • 1
  • 14
  • 25
4
votes
2 answers

Read on-screen text from external app. API Hooking?

I have a Java background so have limited knowledge when it comes to C# and C++. Basically I am trying to "read" text from another application which is displayed on screen... To be specific, I want to read the dealer chat message from Pokerstars...…
p_mcp
  • 2,643
  • 8
  • 36
  • 75
4
votes
1 answer

API Hooking, unexpected handle found on TerminateProcess function

PROBLEM I've hooked the TerminateProcess calls to identify the process which is being terminated, but I'm getting an unexpected handle from TerminateProcess that does not match with the real process handle that I try to intercept. I'm using Deviare…
ElektroStudios
  • 19,105
  • 33
  • 200
  • 417
4
votes
2 answers

How to intercept/overwrite function calls in a .net executable?

I would like to intercept CLR function calls in a .net executable (3rd party executable which i do not have access to the source code) for debugging purposes. I have been looking at some hooking apis (deviare, easyhook, mhook) etc but i think they…
james123
  • 137
  • 1
  • 5
4
votes
1 answer

CopyItems and MoveItems Crashes on windows-7 64 bit

I am hooking the function i.e IFileOperation::CopyItems to implement File Copy Monitoring. my Code works perfect on windows-7 32 bit machine but it is getting crash on windows-7 64 bit machine please help me , My Code is as below. PVOID…
Kantesh N
  • 133
  • 1
  • 12
3
votes
0 answers

WSARecv ways to know if operation completes

In my app (not a malware) I inspect browsers' network traffic by hooking Windows API calls. Works fine in all browsers in all Windows versions... Except Internet Explorer 11 under Windows 10. The problem is that WSARecv returns WSA_IO_PENDING, but…
Alexander Dyagilev
  • 1,139
  • 1
  • 15
  • 43
3
votes
1 answer

how to hide folder using ntquerydirectoryfile function hook

I am hooking the function 'NtQueryDirectoryFile' to hide folder in the system , my code as below. #include "stdafx.h" #include #include #include "MinHook.h" #include #include #if defined _M_X64 …
nagaradderKantesh
  • 1,672
  • 4
  • 18
  • 30
2
votes
1 answer

Hooking methods in another process with Moles

I have a C# application compiled with visual studio. I want to intercept and log calls and serialized method parameters to some specific methods in that app. Is it possible to intercept method calls in another process (maybe by using App…
Davita
  • 8,928
  • 14
  • 67
  • 119
2
votes
0 answers

hooking DoDragDrop() function from Ole32.dll library using EasyHook

"Ole32","DoDragDrop" function Hooking to the explorer is successful but whenever i drag a file in explorer my DoDragDropHook function is not calling, am new to the hooking concepts and i trying for this from last 3 months but till now no proper…
Dilip
  • 21
  • 2
2
votes
0 answers

IAT hook using C++ dll by inject not intercepts api

I'm trying make a hook in MessageBoxA api in a remote process made by me using IAT hook tecnique. I'm using Process Hacker software for inject my dll file into my process and until here works fine. My unique trouble is that MessageBoxA never is…
user3812497
2
votes
1 answer

How to detect if computer is shutting down to save session

I am making an RPG game with C++/x86 asm. My question is related to the C++ component. In C++/win32 how would I detect if the computer is shutting down or turning off, or whatever else - so that I can save the game session. My game has a 'save'…
user3491746
2
votes
1 answer

Hooked NtOpenFile fails when std::wstring is defined on the stack

I have written a hooking dll using the mhook library. In a spezial case the NtOpenFile() fails when a std::wstring is defined as stack var. Defining it on the heap the code is working. The code is working without problems except when a certain win32…
marsh-wiggle
  • 2,508
  • 3
  • 35
  • 52
1
2 3 4