Programming Hookin(?) Question
 

Hello friends here is what i want to do...

There's an app(.exe) say notepad I want to be able to call another program/procedure or function when I click the Bold Button.

In plain terms I think I'm asking how to reprogrammed a button that's in an .exe


I think this is called Hooking or something along those lines.

Thank you for any help

SOLAR

Hooking usually involves intercepting a programs function and redirecting it to your own function. Often used to redirect functions that cannot be patched. ex: kernel32.dll or a program with internal integrity checks.

If your program is not protected or integral to windows. You should be able to simply redirect to a code cave and execute your functions from there. This of course depends on how your program manages user input. But often times you can find your programs window message handler.

Basicaly the message handler handles all messages; keydown, keypress, mousemove. Stuff like that. You can usually find it by simply choosing the about dialog and working backwards.

For example. I chose the about dialog in Notepad. I pause execution in Olly and then look at the call stack:
Looking at the call stack we see that Notepad called USER32.DispatchMessageW from here: NOTEPAD.01002A5E. Go there in Olly and we see that we are in a loop.
This loop runs continuosly when the program is running monitoring for input. Once input is recieved it translates it and dispatches it.

DispatchMessageW processed the input and returns execution to Notepad here: NOTEPAD.0100248F.

Looking up the call stack further we find that the about dialog is called from NOTEPAD.01001EF2. Go there in Olly and you find yourself in a switch case.

Simply our input is monitored by a loop.
The input (or lack thereof) is then translated and sent to another function that determines what kind of input it was keydown, mousedown, etc...
Once the input type is determined the program takes the value of the input. (Each menu item has a value assigned, mouse moves have coordinates assigned, etc...)
Notepad then calls a function according to the input values, to do so it uses a switch with a case for each value. Like the one we are in right now. :)

Now that we know where our messages are handled we can easily redirect the case for the "About" value to become something else. I decided to change it to be the Save command.

Now whenever we press the ABOUT menu item it will jump back up to the SAVE case.

In your case you could instead redirect the case to your own cave and execute whatever code you desire.

In this example I "reprogrammed" the "C"-Button of Microsofts Calculator:

http://home.scarlet.be/~il095280/hijacking_ms-calc.zip

(Should start in scientific mode, otherwise it will not work, has to be improved)


This works completely without hooks (as hooks are quite ugly) and WITHOUT touching the orignal app, so you are even legally allowed to "extend" other apps like this. It just creates a form, sets the other app (calc.exe) as the parent, and draws its button over the original one.

You can even automatically get its position, window-style, caption, etc, anyway, in this example i did it manually.

Hello:

Interesting this Thread. It is just the one I was needing.

I am trying to execute some code that it is in a process loaded in memory, from an application that loads that process.

Big or what: Is it possible to get a tutorial of the way you have developped your calculator patch?
As it is made without hooks it shows an alternative point of view of the scenary.

gabri3l: Your explanation is brilliant! Many thanks for the info.


Cheers :cool:

Nacho_dj