API Hooking Using delta offset,just tried to get printed the current date & time to a file like follow.
Where as API hooking was successful.But.....
But even Date function operands are showing error messages,where as there is no problem for others to declare and initialize as .
Please help
Where as API hooking was successful.But.....
pushfd ;preserve regs and flags...
pushad
call get_delta_1
get_delta_1:
pop ebp
sub ebp,offset get_delta_1 ;ebp = delta offset
; ------------------- SOME STUFFS to get pointer to functions-------------------------------
;create the log file, if not created yet...
lea ebx,[ ebp + log_file_name ] ;ebx -> file name
mov eax,[ ebp + lpCreateFile ] ;eax = offset of CreateFile API
push NULL ;ugly long list of push'es, refer
push FILE_ATTRIBUTE_NORMAL ; to API reference...
push OPEN_ALWAYS
push NULL
push FILE_SHARE_READ or FILE_SHARE_WRITE
push GENERIC_READ or GENERIC_WRITE
push ebx
call eax
mov [ ebp + hLogFile ],eax ;save hLogFile
xchg ecx,eax ;ecx = hLogFile
push ecx ;save hLogFile
;set file pointer to end of file
mov eax,[ ebp + lpSetFilePointer ]
push FILE_END
push NULL
push NULL
push ecx ;hLogFile
call eax ;Call SetFilePointer
;SOME STUFFS to get pointer of string to write
pushad ;save ALL regs...
;############# Added NEWLY ############
lea esi,[ ebp + date_buff ] ;Buffer to store date.
lea edx,[ebp + date] ;date format string.it all described earlier
mov eax,[ ebp + lpGDATE ]
int 3
push 32 ;Buffer length.
push esi ;buffer address.
push edx ;format string
push NULL
push NULL
push NULL
call eax
DEC EAX
ADD [ ebp + date_len ], EAX
popad
pushad
;#################### ##################
;write the to log file
push NULL
push edx ;num bytes written
push ecx ;num bytes to write -> len(SiteName)
push ebx ;address of string to write
push esi ;hLogFile
call eax
popad get back all regs
;#############################################
lea ebx,[ ebp + date_buff ]
push esi
push NULL
push edx ;num bytes written
push [ ebp + date_len ] ;write how many bytes:
push ebx ;address
push esi ;hLogFile
call eax
;###############################################
lea ebx,[ ebp + Cr_Lf ] ;what to write (cr & lf)
pop esi ;HERE CHANGED from push to pop ;save hLogFile
;write cr,lf,0
push NULL
push edx ;num bytes written
push 2 ;write 2 bytes: cr & lf
push ebx ;address
push esi ;hLogFile
call eax
pop esi ;get back hLogFile
mov eax,[ebp + lpCloseHandle] ;eax = offset of CloseHandle API
;close file handle
push esi
call eax
But even Date function operands are showing error messages,where as there is no problem for others to declare and initialize as .
Please help
Care to explain the problems?
Where do you clean this handle from the stack?
When does ESI first equal the file handle?
Put NULL in a register to save some bytes.
push ecx ;save hLogFileWhen does ESI first equal the file handle?
Put NULL in a register to save some bytes.