Basicly i want to write a little program that replaces the generic windows message box with my own that'll add 'dont show this again' messagebox to all however ive encounted some problems

My first method was VERY program specific:Replacing the calls/thunks inside the progam to a library I force loaded into the program
Problem: Since this modifies the programs code it is legally dubious and likley to fail on protected apps that dont like code tampering
Conclusion : not a good idea! I need to go higher up the pecking order.

2nd Method:Replace the Api functions first code bytes to point to my own function loaded via a VXD.
Problem: ive been told this wont work in nt due to it not using a shared code section in the user32.dll.Therefore and hack like this would still be program specific in spite of the fact i've modified a system dll (albiet in memory!)

3 Tried using the windows Hook api funtions but they seem to only deal with message processing.Although i can use this method to ensure my dll is loaded into all progams (for messing with thunks etc). I still have the same problems exitibited in the 1st method! :sad:

I know this questions prob. been asked a million times before but 3 days of banging my head on my desk has broken me just a little bit inside and i need your help to rebuild the shatted remains of my self-confidence!  ;)

Thx in advance........
Posted on 2006-07-01 19:20:20 by asmrixstar
State whether the functions you wish to hook are within the context of the local process, a child process, or some remote process.. then explain why you want to hook functions, and depending apon your response, I'll help you to achieve your goals.



Posted on 2006-07-02 02:09:28 by Homer
Basiclly the idea of the program is to replace/redirect the standard MessageBox api function within windows to my own function that would ask the question AND remember the answer to the questions regardless of the original programs code.
AKA. (Badly drawn ascii messagebox :D)
------------------------------
Are you sure you want to Quit?
        -YES-      -NO-

v"Dont ask this Question Again"
------------------------------
This answer would be rembered on request and the user would not be asked again that question from that program.

The hook should be system wide affecting any program that calls the MessageBoxA api. (I only mentioned other methods so that people dont suggest methods ive already tried,my bad!)

I dont believe this thread breaks the rules of the forum but if it does please simply delete it. As with most of my projects not that bothered about this specific API/program, more learning the process behind doing something like this.

Before anyone gets shirty about cracking and stuff i think i made it clear in my first post that im not interested in doing any thing that would damage peoples copyrights. Thats why i asked a about a system hook rather than redirecting their thunks.etc.

Besides which any program protection that can be broken simply by redirecting its API functions would prolly be cracked by other means much easier so i dont think this can be veiwed as a crackers post.
(which is what i think your post hints at,i could be wrong)
thx.
Posted on 2006-07-02 07:08:28 by asmrixstar
Despite that, you might find your answer at Woodmann's RCE Forum.
Posted on 2006-07-02 12:00:36 by SpooK
woop woop,spook! thx
Posted on 2006-07-02 13:48:01 by asmrixstar
A few hints:
Manipulating the Import Address Table of arbitrary processes, or manipulating the Export Address Table of a loaded DLL.. these are not suitable topics for discussion in *this* forum.. HOWEVER, if you have no luck, by all means email me for assistance, as these are certainly subjects which I've explored in depth  8)


Posted on 2006-07-03 06:33:52 by Homer
thanks homer
Im looking into that now..
Posted on 2006-07-03 06:40:42 by asmrixstar

thanks homer
Im looking into that now..


He stole one of my ideas for an avatar :'(
Posted on 2006-07-03 17:34:59 by SpooK
:D :mrgreen:  LMAO  :D :mrgreen:

You can have it m8 I intend to change at July 05, 2006, 01:56:22 pm
So grab it b4 then!
Posted on 2006-07-04 07:57:54 by asmrixstar

:D :mrgreen:  LMAO  :D :mrgreen:

You can have it m8 I intend to change at July 05, 2006, 01:56:22 pm
So grab it b4 then!


I just might :P
Posted on 2006-07-04 08:04:42 by SpooK