Armenian Knowledge Base

Armenian Knowledge Base (https://forum.armkb.com/)
-   Languages, Compilers, Interpreters (https://forum.armkb.com/languages-compilers-interpreters/)
-   -   GDI Hooking (https://forum.armkb.com/languages-compilers-interpreters/9780-gdi-hooking.html)

acid 02.02.2004 23:38

GDI Hooking
 
Any sample code or article for systemwide GDI hooking ? It seems to me the techniques are kept in secret since all Remote Controlling softwares are using them in commercial purposes :)

BlackMoon 03.02.2004 08:09

mojesh utochnit?
u menia koechto est napisanoe

acid 03.02.2004 08:16

I have an application executable, which is not developed by myself, simply - I don't have the source code of that application. It has some GDI text output which I need to capture with my application whenever text output funtion is called.

BlackMoon 03.02.2004 08:31

At home I have sources of keyboard hook by myself
I will post them today evening or tomorrow morning
if it can help you in VC 6.0 or 7.0
with GDI shold be tha same

acid 03.02.2004 09:21

Thanks, but I can have many sources with keyboard hooking myself :) it's not same at all. Win32 API provides keyboard hooking mechanism.

Thanks anyway.

greka 07.02.2004 14:02

is windows messaging used during console input/output ?

What about tracing system-wide all WM_SETTEXT/WM_GETTEXT messages?

The most suitable decision I see in a system-wide hook set on every "CreateFont()"+"WM_SETTEXT" pair.

I.e. somehow (?) traced CreateFont API, then upon appearance - started to trace EVERY WM_SETTEXT sent by specified application untill "DeleteObject" called.

h-m..?

Agregat 08.02.2004 09:50

Касательно консольного ввода/вывода - то ReadConsole позволяет отслеживать keyboard, mouse events.

acid 08.02.2004 10:12

Quote:

Originally Posted by greka
is windows messaging used during console input/output ?

What about tracing system-wide all WM_SETTEXT/WM_GETTEXT messages?

The most suitable decision I see in a system-wide hook set on every "CreateFont()"+"WM_SETTEXT" pair.

I.e. somehow (?) traced CreateFont API, then upon appearance - started to trace EVERY WM_SETTEXT sent by specified application untill "DeleteObject" called.

h-m..?

What console input/output has to do with my question ?

As well as I am concerned WS_SET/GETTEXT are not GDI functions.

Can you tell me in details how to set system-wide hook on CreateFont? If yes the problem is solved !

GDI text output is performed using *TextOut functions. I want to capture exactly that one.

Thank you.

armeng 09.02.2004 15:26

Quote:

Originally Posted by acid
What console input/output has to do with my question ?
GDI text output is performed using *TextOut functions. I want to capture exactly that one.

Меняешь ExtTextOut, ExtTextOutA, ExtTextOutW функции в gdi32.dll на свои.
Как реализовать это? Ищи в интернете "DLL Injection API Hooking".

armeng 09.02.2004 15:29

Но учти что эти ф-и будут вызываться при каждой WM_PAINT.

Agregat 09.02.2004 15:32

Джеффри Рихтер, если что :)

acid 09.02.2004 16:41

Quote:

Originally Posted by armeng
Меняешь ExtTextOut, ExtTextOutA, ExtTextOutW функции в gdi32.dll на свои.
Как реализовать это? Ищи в интернете "DLL Injection API Hooking".

Это уже поближе к делу! Гоогле мне в руки и вперед.

П.С.
Неужели заразы типа Remote Control applcations тоже меняют gdi32.dll... больше не буду такие гадости ставить(PCAnywhere, Remote Admin...) :)

Спасибо.

armeng 10.02.2004 07:59

Quote:

Originally Posted by acid
Неужели заразы типа Remote Control applcations тоже меняют gdi32.dll...

Почти они все (которые я знаю RemoteAdmin, VNC...) передают разницы screenshot-ов, а вот родной Window Terminal Server делает настоящий перехват всей API + Messages. Отсюда вывод (может ошибаюсь), что скорей всего механизм перехвата ф-й API реализована где то в недрах Windows-a и спрятана так глубоко, что качественый Remote Control осуществляет только Terminal Server.

Кстати не объязательно на диске менять gdi32.dll. Можно его менять в ОЗУ (CreateRemoteThread?, OpenProcess, ReadProcessMemory ....). Рихтера тоже смотри, там есть хорошие примеры.

sukhodolin 22.07.2005 22:02

Quote:

Originally Posted by armeng
а вот родной Window Terminal Server делает настоящий перехват всей API + Messages.

Мы (DemoForge) тоже это умеем, что именно интересует?


All times are GMT. The time now is 13:50.

Powered by vBulletin® Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.