abitofboth
March 15th, 2009, 08:07
1. What is the problem....
- Hook injected successfully but not picking up all text
2. What is the protection....
- none,
3. What tools are you using....
- Olly
4. What tutorials have you read....
- All over, alot from the codeproject, reading books like "secrets of reverse engineering", "the ida pro book","subverting the windows kernel rootkits" (in that order)
5. Show your output listing WITH comments....
- listed below
6. NOW ask your question....
- here goes :
This is a little "detour" (hoho) from this thread
http://www.woodmann.com/forum/showthread.php?t=12505
What i want to do is to snoop on OllyDbg's LOG window, and i do this by hooking with detours. (Ollys log window can be directed to a file but Olly uses a write buffer wich is too large for my needs, i need as close to realtime as possible)
I create my hook with this;
DetourCreateProcessWithDll(OllyPath, NULL, NULL, NULL, TRUE,
CREATE_NEW_CONSOLE | CREATE_DEFAULT_ERROR_MODE , NULL, NULL,
&si, &pi, "detoured.dll", "hook.dll", NULL);
these are the api's I hook
ExtTextOut,DrawText,TextOut,DrawTextEx
and i get output from all api's (in the hook i write intercepted texts to files), but not ALL of it, i get like this ;
-CPU - main thread, module notepad
-Executable modules
-Log data
-Memory map
-CPU - main thread, module notepad
-Executable modules
-Log data
-Log data
What it looks like to me is that i get the texts of different titlebars but not the actual content of these containers. Pretty damned weird to me!
So, any idea as to what i am hooking/doing wrong?
The "-Log data" is the title of the window i want to snoop on, according to spy++ it's a "AList" with caption (surprise) Log data.
Do i need to be hooking something else as well, or is this 'snooping on olly' a dead end?
- Hook injected successfully but not picking up all text
2. What is the protection....
- none,
3. What tools are you using....
- Olly
4. What tutorials have you read....
- All over, alot from the codeproject, reading books like "secrets of reverse engineering", "the ida pro book","subverting the windows kernel rootkits" (in that order)
5. Show your output listing WITH comments....
- listed below
6. NOW ask your question....
- here goes :
This is a little "detour" (hoho) from this thread
http://www.woodmann.com/forum/showthread.php?t=12505
What i want to do is to snoop on OllyDbg's LOG window, and i do this by hooking with detours. (Ollys log window can be directed to a file but Olly uses a write buffer wich is too large for my needs, i need as close to realtime as possible)
I create my hook with this;
DetourCreateProcessWithDll(OllyPath, NULL, NULL, NULL, TRUE,
CREATE_NEW_CONSOLE | CREATE_DEFAULT_ERROR_MODE , NULL, NULL,
&si, &pi, "detoured.dll", "hook.dll", NULL);
these are the api's I hook
ExtTextOut,DrawText,TextOut,DrawTextEx
and i get output from all api's (in the hook i write intercepted texts to files), but not ALL of it, i get like this ;
-CPU - main thread, module notepad
-Executable modules
-Log data
-Memory map
-CPU - main thread, module notepad
-Executable modules
-Log data
-Log data
What it looks like to me is that i get the texts of different titlebars but not the actual content of these containers. Pretty damned weird to me!
So, any idea as to what i am hooking/doing wrong?
The "-Log data" is the title of the window i want to snoop on, according to spy++ it's a "AList" with caption (surprise) Log data.
Do i need to be hooking something else as well, or is this 'snooping on olly' a dead end?
