WinApI Hooking MessageBox()Lazarus

[shonay]

Good morning everyone,

I have been battling with a simple MessageBox() hook in lazarus Delphi, code compiles without problems, but it doesn't show if its hooked or not, so I decided to paste source here, pls I do need help of some sort.

My source code 

Code: [Select]

program MessageBoxHookNew;

{$mode delphi}{$H+}

uses
  {$IFDEF UNIX}{$IFDEF UseCThreads}
  cthreads,
  {$ENDIF}{$ENDIF}
  Classes , Windows
  { you can add units after this };
var
      data: String;
      procedure hook(tFunc,nFunc:Pointer);
      var
            jumpTo:DWord;
            oldProtect:Cardinal;
var
         MainMessageBox : Function(hWnd:HWND; lpText,lpCaption:PAnsiChar; uType:UINT):Integer; stdcall;
         HookMessageBox: Function (hWnd:HWND; lpText,lpCaption:PAnsiChar; uType:UINT):Integer; stdcall;
         begin
           jumpTo:=DWord(nFunc)-DWord(tFunc)-5;
           VirtualProtect(tFunc,5,PAGE_EXECUTE_READWRITE,@oldProtect);
           pbyte(tFunc)^:=$e9;
           pdword(DWord(tFunc)+1)^:=jumpTo;
         end;
   function MainMessageBox(hWnd:HWND; lpText,lpCaption:PAnsiChar; uType:UINT):Integer;assembler;stdcall;
   asm
   push ebp
   push esp
   push ebx
   push esi
   push edi
   end;
      function HookMessageBox(hWnd:HWND; lpText,lpCaption:PAnsiChar; uType:UINT):Integer; stdcall;
       begin
            //MessageBox(0,'test','Hooked',MB_OK);
            Result:= MainMessageBox(hWnd,lpText,lpCaption,uType);
       end;

begin
  data:=Pointer(DWord(GetProcAddress(GetModuleHandle('user32.dll'),MessageBoxW))+5);
  hook(GetProcAddress(GetModuleHandle('user32.dll'),'MessageBoxW'),@HookMessageBox);
end.

Pls I need Help, and some form of explanation

[engkin]

code compiles without problems

It does not compile.

[shonay]

Ok, I tried again, when I added the GetModuleHandle(GetProcessAddress('user32.dll'),'MessageBoxW')+5

For the Data, yes I saw just now it doesn't compile and when I tried removing it, it did compile, gives me an error for Pchar, for this area

Code: [Select]

Data:= GetModuleHandle(GetProcessAddress('user32.dll'),'MessageBoxW')+5

Please what could possibly be the Problem?

[marcov]

And to test you call windows.messageboxw() ?

[shonay]

Nah, I don't understand ur Question @Marcov, soRry

[engkin]

Please what could possibly be the Problem?

Maybe because data is:

Code: [Select]

  data: String;
?

[shonay]

Um, Let's say, I don't have an Idea, what am I supposed to include, the pointer I used threw back an Initial error, so I got confused along the line.

[engkin]

From what I can see, data is not used, so it is not needed. Simply delete both lines:

Code: [Select]

var
  Data: pointer;

and

Code: [Select]

data:=Pointer(DWord(GetProcAddress(GetModuleHandle('user32.dll'),MessageBoxW))+5);

You asked similar questions before about hooking. What is your goal/target?

[marcov]

Nah, I don't understand ur Question @Marcov, soRry

Your code hooks Windows.MessageboxW.  So how do you test if the hook works?

[shonay]

Understanding Win32 and its behaviours, patching and the rest, mainly educational purposes.

[shonay]

Nah, I don't understand ur Question @Marcov, soRry

Your code hooks Windows.MessageboxW.  So how do you test if the hook works?

It should pop out a messageBox, and it should show Hooked.

[engkin]

Understanding Win32 and its behaviours, patching and the rest, mainly educational purposes.

Don't you need to understand basics of the language you are using to patch, Pascal in this case?
For instance, the variable data is of type string and you can not assign a number/handle to it.

Code: [Select]

program MessageBoxHookNew;

{$mode delphi}{$H+}

uses
  Windows;

procedure hook(tFunc, nFunc: Pointer);
var
  jumpTo: DWord;
  oldProtect: cardinal;

  MainMessageBox: function(hWnd: HWND; lpText, lpCaption: PAnsiChar;
    uType: UINT): integer; stdcall;
  HookMessageBox: function(hWnd: HWND; lpText, lpCaption: PAnsiChar;
    uType: UINT): integer; stdcall;
begin
  jumpTo := DWord(nFunc) - DWord(tFunc) - 5;
  VirtualProtect(tFunc, 5, PAGE_EXECUTE_READWRITE, @oldProtect);
  pbyte(tFunc)^ := $e9;
  pdword(DWord(tFunc) + 1)^ := jumpTo;
end;

function HookMessageBox(hWnd: HWND; lpText, lpCaption: PAnsiChar; uType: UINT): integer; stdcall;
begin
  Result := MessageBox(0,'test','Hooked',MB_OK);
end;

begin
  hook(GetProcAddress(GetModuleHandle('user32.dll'), 'MessageBoxW'), @HookMessageBox);

  MessageBoxW(0,'A','B',0);//<--- Test
end.


[shonay]

Understanding Win32 and its behaviours, patching and the rest, mainly educational purposes.

Don't you need to understand basics of the language you are using to patch, Pascal in this case?
For instance, the variable data is of type string and you can not assign a number/handle to it.

Code: [Select]

program MessageBoxHookNew;

{$mode delphi}{$H+}

uses
  Windows;

procedure hook(tFunc, nFunc: Pointer);
var
  jumpTo: DWord;
  oldProtect: cardinal;

  MainMessageBox: function(hWnd: HWND; lpText, lpCaption: PAnsiChar;
    uType: UINT): integer; stdcall;
  HookMessageBox: function(hWnd: HWND; lpText, lpCaption: PAnsiChar;
    uType: UINT): integer; stdcall;
begin
  jumpTo := DWord(nFunc) - DWord(tFunc) - 5;
  VirtualProtect(tFunc, 5, PAGE_EXECUTE_READWRITE, @oldProtect);
  pbyte(tFunc)^ := $e9;
  pdword(DWord(tFunc) + 1)^ := jumpTo;
end;

function HookMessageBox(hWnd: HWND; lpText, lpCaption: PAnsiChar; uType: UINT): integer; stdcall;
begin
  Result := MessageBox(0,'test','Hooked',MB_OK);
end;

begin
  hook(GetProcAddress(GetModuleHandle('user32.dll'), 'MessageBoxW'), @HookMessageBox);

  MessageBoxW(0,'A','B',0);//<--- Test
end.


I know some of the basics as I use Lazarus for Delphi.I know some ReadLn, Writeln, and how to connect to databse mysql. Just wanted to switch to win32 to study some behavior. About it. That's what. Think I have to study this well. Thanks again.

[engkin]

Just wanted to switch to win32 to study some behavior. About it. That's what. Think I have to study this well. Thanks again.

To switch to Win32 you don't need to hook functions.

Do you know what this line does:

Code: [Select]

  pbyte(tFunc)^ := $e9;


[shonay]

Jmp, used mainly or trampoline if I am correct. Trampolines are used in creating hooks (redirecting a function to your own already created function)

Am I correct?