Armenian Knowledge Base  

Go Back   Armenian Knowledge Base > Technical sections > Languages, Compilers, Interpreters
Register

Reply
 
LinkBack Thread Tools
Old 02.02.2004, 23:38   #1
Moderator
 
acid's Avatar
 
Join Date: 09 2001
Location: South Korea, Gumi
Posts: 7,699
Downloads: 102
Uploads: 34
Blog Entries: 16
Reputation: 561 | 6
Default GDI Hooking

Any sample code or article for systemwide GDI hooking ? It seems to me the techniques are kept in secret since all Remote Controlling softwares are using them in commercial purposes
Reply With Quote
Old 03.02.2004, 08:09   #2
Дошкольник
 
BlackMoon's Avatar
 
Join Date: 05 2002
Location: The Dark Side of The Moon
Posts: 102
Downloads: 0
Uploads: 0
Reputation: 0 | 0
Post

mojesh utochnit?
u menia koechto est napisanoe
Reply With Quote
Old 03.02.2004, 08:16   #3
Moderator
 
acid's Avatar
 
Join Date: 09 2001
Location: South Korea, Gumi
Posts: 7,699
Downloads: 102
Uploads: 34
Blog Entries: 16
Reputation: 561 | 6
Default

I have an application executable, which is not developed by myself, simply - I don't have the source code of that application. It has some GDI text output which I need to capture with my application whenever text output funtion is called.
Reply With Quote
Old 03.02.2004, 08:31   #4
Дошкольник
 
BlackMoon's Avatar
 
Join Date: 05 2002
Location: The Dark Side of The Moon
Posts: 102
Downloads: 0
Uploads: 0
Reputation: 0 | 0
Post

At home I have sources of keyboard hook by myself
I will post them today evening or tomorrow morning
if it can help you in VC 6.0 or 7.0
with GDI shold be tha same
Reply With Quote
Old 03.02.2004, 09:21   #5
Moderator
 
acid's Avatar
 
Join Date: 09 2001
Location: South Korea, Gumi
Posts: 7,699
Downloads: 102
Uploads: 34
Blog Entries: 16
Reputation: 561 | 6
Default

Thanks, but I can have many sources with keyboard hooking myself it's not same at all. Win32 API provides keyboard hooking mechanism.

Thanks anyway.
Reply With Quote
Old 07.02.2004, 14:02   #6
Академик
 
greka's Avatar
 
Join Date: 09 2001
Location: inside myself
Posts: 5,369
Downloads: 0
Uploads: 0
Reputation: 18 | 5
Default

is windows messaging used during console input/output ?

What about tracing system-wide all WM_SETTEXT/WM_GETTEXT messages?

The most suitable decision I see in a system-wide hook set on every "CreateFont()"+"WM_SETTEXT" pair.

I.e. somehow (?) traced CreateFont API, then upon appearance - started to trace EVERY WM_SETTEXT sent by specified application untill "DeleteObject" called.

h-m..?
__________________
И повешенные могут качаться в неположенную сторону. /С.Е.Лец/
Reply With Quote
Old 08.02.2004, 09:50   #7
Грустно...
 
Agregat's Avatar
 
Join Date: 08 2002
Location: Там, где всегда идут дожди
Age: 35
Posts: 21,717
Downloads: 2
Uploads: 0
Reputation: 250 | 7
Default

Касательно консольного ввода/вывода - то ReadConsole позволяет отслеживать keyboard, mouse events.
Reply With Quote
Old 08.02.2004, 10:12   #8
Moderator
 
acid's Avatar
 
Join Date: 09 2001
Location: South Korea, Gumi
Posts: 7,699
Downloads: 102
Uploads: 34
Blog Entries: 16
Reputation: 561 | 6
Default

Quote:
Originally Posted by greka
is windows messaging used during console input/output ?

What about tracing system-wide all WM_SETTEXT/WM_GETTEXT messages?

The most suitable decision I see in a system-wide hook set on every "CreateFont()"+"WM_SETTEXT" pair.

I.e. somehow (?) traced CreateFont API, then upon appearance - started to trace EVERY WM_SETTEXT sent by specified application untill "DeleteObject" called.

h-m..?
What console input/output has to do with my question ?

As well as I am concerned WS_SET/GETTEXT are not GDI functions.

Can you tell me in details how to set system-wide hook on CreateFont? If yes the problem is solved !

GDI text output is performed using *TextOut functions. I want to capture exactly that one.

Thank you.
Reply With Quote
Old 09.02.2004, 15:26   #9
Дошкольник
 
Join Date: 03 2003
Location: 2A
Age: 49
Posts: 104
Downloads: 0
Uploads: 0
Reputation: 0 | 0
Default

Quote:
Originally Posted by acid
What console input/output has to do with my question ?
GDI text output is performed using *TextOut functions. I want to capture exactly that one.
Меняешь ExtTextOut, ExtTextOutA, ExtTextOutW функции в gdi32.dll на свои.
Как реализовать это? Ищи в интернете "DLL Injection API Hooking".
Reply With Quote
Old 09.02.2004, 15:29   #10
Дошкольник
 
Join Date: 03 2003
Location: 2A
Age: 49
Posts: 104
Downloads: 0
Uploads: 0
Reputation: 0 | 0
Default

Но учти что эти ф-и будут вызываться при каждой WM_PAINT.
Reply With Quote
Old 09.02.2004, 15:32   #11
Грустно...
 
Agregat's Avatar
 
Join Date: 08 2002
Location: Там, где всегда идут дожди
Age: 35
Posts: 21,717
Downloads: 2
Uploads: 0
Reputation: 250 | 7
Default

Джеффри Рихтер, если что
Reply With Quote
Old 09.02.2004, 16:41   #12
Moderator
 
acid's Avatar
 
Join Date: 09 2001
Location: South Korea, Gumi
Posts: 7,699
Downloads: 102
Uploads: 34
Blog Entries: 16
Reputation: 561 | 6
Default

Quote:
Originally Posted by armeng
Меняешь ExtTextOut, ExtTextOutA, ExtTextOutW функции в gdi32.dll на свои.
Как реализовать это? Ищи в интернете "DLL Injection API Hooking".
Это уже поближе к делу! Гоогле мне в руки и вперед.

П.С.
Неужели заразы типа Remote Control applcations тоже меняют gdi32.dll... больше не буду такие гадости ставить(PCAnywhere, Remote Admin...)

Спасибо.
Reply With Quote
Old 10.02.2004, 07:59   #13
Дошкольник
 
Join Date: 03 2003
Location: 2A
Age: 49
Posts: 104
Downloads: 0
Uploads: 0
Reputation: 0 | 0
Default

Quote:
Originally Posted by acid
Неужели заразы типа Remote Control applcations тоже меняют gdi32.dll...
Почти они все (которые я знаю RemoteAdmin, VNC...) передают разницы screenshot-ов, а вот родной Window Terminal Server делает настоящий перехват всей API + Messages. Отсюда вывод (может ошибаюсь), что скорей всего механизм перехвата ф-й API реализована где то в недрах Windows-a и спрятана так глубоко, что качественый Remote Control осуществляет только Terminal Server.

Кстати не объязательно на диске менять gdi32.dll. Можно его менять в ОЗУ (CreateRemoteThread?, OpenProcess, ReadProcessMemory ....). Рихтера тоже смотри, там есть хорошие примеры.
Reply With Quote
Old 22.07.2005, 22:02   #14
Младенец
 
Join Date: 07 2005
Location: q
Age: 97
Posts: 1
Downloads: 0
Uploads: 0
Reputation: 0 | 0
Default

Quote:
Originally Posted by armeng
а вот родной Window Terminal Server делает настоящий перехват всей API + Messages.
Мы (DemoForge) тоже это умеем, что именно интересует?
Reply With Quote
Sponsored Links
Reply

Thread Tools


На правах рекламы:
реклама

All times are GMT. The time now is 01:55.


Powered by vBulletin® Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.