How to use the Detour library in C++ properly for a simple hook of a function with known memory adress?

Euklides picture Euklides · Jun 7, 2013 · Viewed 9k times · Source

I am having trouble to get my first hook using detour to work. I am using Detour 3.0.

My code compiles fine and I can inject the DLL using Winject , however, the function which I am suppose to hook doesnt seem to be hooked. I am trying to hook the function InsertDateTime in notepad.
http://www.9injector.com/winject-injector/

I have found the adress of the InsertDateTime in hex notation using IDA Pro Free.

Is there anything fundmatal misstakes in the code below or is the memory in the process not ceratinaly at the same time at every call?

My code for the injected DLL can be seen below:

 // dllmain.cpp : Defines the entry point for the DLL application.
#include "stdafx.h"

#include <windows.h>
#include "detours.h"
#pragma comment(lib, "detours.lib")
//

int(__stdcall* InsertDateTime)(int) = (int(__stdcall*)(int))(0x0100978A);
int MyInsertDateTime(int x) //Our function
{
//Messagebox
MessageBox(NULL, TEXT("InsertDateTime Just Got Called"), TEXT("InsertDateTime"), MB_OK);
return InsertDateTime(x); //Return the origional function
}

BOOL APIENTRY DllMain(HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
switch (ul_reason_for_call) //Decide what to do
{
case DLL_PROCESS_ATTACH: //On dll attach
    //InsertDateTime = (int (__stdcall*)(int))DetourAttach((PVOID*)0x0100978A, MyInsertDateTime);
    //MessageBox(NULL, TEXT("InsertDateTime Just Got Called"), TEXT("InsertDateTime"), MB_OK);
    DetourAttach((PVOID*)(&InsertDateTime), (PVOID)MyInsertDateTime);
    //if(!errorCode) {
    //Detour successful

break;
case DLL_THREAD_ATTACH: //On thread attach
        DetourAttach((PVOID*)(&InsertDateTime), (PVOID)MyInsertDateTime);
break;
case DLL_THREAD_DETACH: //On thread detach
break;
case DLL_PROCESS_DETACH: //on process detach
    DetourDetach((PVOID*)0x0100978A, InsertDateTime);
break;
}
return TRUE;
}

Also the code is mostly taken from an old tutorial using Detour 1.5. Reference: http://www.moddb.com/groups/ibepex/tutorials/function-hooking

Answer

Dirk picture Dirk · Jun 7, 2013

Detours is using a transaction system similar to databases. Before you can call Attach or Detach you have to start a transaction and the changes will only apply when you commit the transaction.

DetourTransactionBegin();
DetourAttach(...);
DetourAttach(...);
DetourTransactionCommit();

I think this was introduced in 2.0, which would explain why your tutorial code for 1.5 doesn't include it.