By 4ng3licDew
Hi everyone,
Just want to share this info on how I use Detours 1.5 to hook PostMessageA.
The example I am going to show you is a simple auto click program for MapleStory. This program generates T keydown events.
The softwares you need are:
1. Microsoft Visual Studio C++ 6
2. Microsoft Detours Library 1.5
References and credits:
1. [TUT] DirectX9.0 Hooking via Detours + Custom Wrapper
by Wiccaan
http://forum.cheatengine.org/viewtopic.php?t=161045
2. Trampoline Documentation
by Ferocious
http://theoklibrary.org/showthread.php?t=449
3. Detours 1.5
from Microsoft
http://research.microsoft.com/Resear...1/Details.aspx
4. Detours 1.5
from Wiccaan's above tut. This rar file only has detours.h and detour.lib files
http://home.comcast.net/~wiccaan/downloads/Detours.rar
Coding:
I will Skip all the win32 coding details and concentrate only on the hooking codes.
1. Open MS Visual Studio C++ and create a new empty win32 project.
2. Create a sub folder "Detours" in your project folder and copy the files detours.h and detour.lib into it.
3. Create your main.cpp file and put in these lines at the top.
- Code:
#include#pragma comment(lib, "Detours/detours.lib") #include "Detours/detours.h"
4. Declare the function pointers for the target function (In this example it is PostMessageA), and the trampoline function.
- Code:
// Function pointer type for PostMessageA in user32 DLL typedef BOOL (__stdcall *PMAPtr) (HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam); PMAPtr pTargetPMA = NULL; // Target function pointer PMAPtr pTrampolinePMA = NULL; // Trampoline function pointer
5. Create the detour function.
- Code:
// This Detour function does nothing new. It just calls the trampoline function BOOL WINAPI DetourPMA(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam) { return pTrampolinePMA(hWnd, Msg, wParam, lParam); }
6. You create the hook at start up.
- Code:
HINSTANCE huInst; // Instance of user32 DLL . . . case WM_CREATE: . . . // Load user32 DLL huInst = LoadLibrary("user32.dll"); // Get function pointer address of PostMessageA pTargetPMA = (PMAPtr) GetProcAddress(huInst, "PostMessageA"); // Hook PostMessageA with the detour function DetourPMA pTrampolinePMA = (PMAPtr) DetourFunction((PBYTE) pTargetPMA, (PBYTE) DetourPMA); break;
After the hook is created, every time PostMessageA is called, it will call your function DetourPMA instead.
In this example, I only use the trampoline function pointer to jump back to the target function.
7. To send a key down event to Maplestory.
- Code:
HWND cHandle; // Windows handle to MapleStory UINT scancode; LPARAM lparam; . . . // Get window handle on MapleStory cHandle = FindWindow("MapleStoryClass", NULL); // map virtual key code to scan code scancode = MapVirtualKey(VK_T, 0); // Format of lparam needs the scancode value // to be at bit 16 to 23. // + 1 is the repeat count lparam = (scancode << 16) + 1; pTrampolinePMA(cHandle, WM_KEYDOWN, NULL, lparam);
To remove to hook when the program terminates.
- Code:
// If the user wants to close the application case WM_DESTROY: . . . // Remove hook DetourRemove((PBYTE) pTrampolinePMA, (PBYTE) DetourPMA);
That's all there is to it. No more inline asm to worry about
0 comentarios:
Publicar un comentario