Sep-17-2001 *** ApiHooks 5.0 *** ----------- Sep-25-2001 *** ApiHooks 5.1 *** ----------- *) When is AH function called with (dwMilliseconds == 0) && (RC_FL_OWNTIMEOUT set), remote thread is not resumed. Developer can change thread's priority, context, security descriptor, etc... Then the thread can be resumed. *) Remote thread's DACL is built using Target's DACL. RC_PF_DEFSD forces usage of default security descriptor. Oct-04-2001 *** ApiHooks 5.2 *** ----------- *) Support for multiple sessions. Oct-12-2001 ----------- *) Added F-Advanced. Oct-30-2001 ----------- *) ApiHooks.exe linked with PrcWorks 2.5. Examples revised. Nov-02-2001 ----------- *) Documentation revised. Nov-17-2001 ----------- *) Fixed: AH creates _Win32_ thread into not-yet initialized NT process after its initialization. *) Improved: ApiWorks.Overwrite/Raw LOOP* translation. *) Documentation revised. Nov-30-2001 *** ApiHooks 5.5 *** ----------- *) Core.RemoteExecute: RCThreadBodyAlias as lpParameter is replaced with current ThreadBody and passed to Scout. Scout can then free Threadbody on its own. Suitable for threads "of no return". *) ModWorks.LoadAndCall: every LACThreadBodyAlias in pArgs is replaced with current ThreadBody. API can then free Threadbody on its own. Suitable for threads "of no return". *) ModWorks.LoadAndCall: can pass up to ~780 DWORD parameters (~3128 bytes) to called API. *) ModWorks.LoadAndCall: buffer support. Stack and memory pointers. *) ApiWorks: Odd dwMilliseconds means re-establish API hooks (support for multiple hook sessions (in one Hooks_DLL)). *) ApiWorks: GetApiHookChain gets CallerPID as parameter (support for multiple hook sessions (in one Hooks_DLL)). Dec-02-2001 ----------- *) Faster code overwriting. Dec-10-2001 ----------- *) LogonLog example added to F-Advanced. *) GlobalC example has old form (w/o FreeLibraryAndExitThread) which is safer. *) Emphasized importance of returning ErrorAHTimeOut from threads with own return in Tips.txt. Dec-18-2001 ----------- *) DelMod example added to A-Core. *) VB example added to C-ApiWorks. *) CallOrigFn API - VB support. Jan-04-2002 ----------- *) Better OVERWRITE/RAWability checks (prevent hooking of APIs like Win9x GDI32.EndPage). Jan-08-2002 ----------- *) h/LoadAndCall returns ErrorAHRemote instead of NULL, when lpszDll is not loaded/present in Target. Jan-14-2002 *** ApiHooks 5.6 *** ----------- *) Specific error codes for built-in scouts. *) Small changes in ApiWorks (see docs). Jan-15-2002 ----------- *) Documents revised. *) Examples revised. Jan-18-2002 ----------- *) Examples hooking CreateProcessW in NT, hook CreateProcessInternalW in XP. Jan-21-2002 ----------- *) AH returns ErrorAHRemote when Target was terminated during Scout execution. Jan-22-2002 ----------- *) Relinked with PrcWorks 2.6. *) ApiWorks: Note that ApiHookChain exported via ordinal 1 is no longer supported (expose it via (Get)ApiHookChain). *) Core: Note that SYNCHRONIZE access to Target is needed (vs AH 5.5-). Feb-02-2002 ----------- *) RC_PF_16TERM is set in the case of NT Target too and results to ErrorAHOpen. *) CallOrigFn returns ErrorAMApi when it can't find pointer to called function. Feb-08-2002 ----------- *) Small memory fix. Feb-13-2002 ----------- *) ApiWorks: HOOK_LOAD_EXPORT dwFlag - loads ModuleExport. Feb-20-2002 ----------- *) ApiWorks: Fixed HookApiW. *) ApiWorks: Win9x unbinding (experimental). *) Added Examples\C-ApiWorks\C\ErunAs2 example. *) Added Examples\F-Advanced\C\HookUnoverwriteable example. Feb-25-2002 ----------- *) Core: Native threads are possible on all NT checked builds. *) Core: Native thread calls DllMains with DLL_THREAD_DETACH before its termination. Mar-05-2002 ----------- *) Updated MakeWin32.h and SesOff, NtLoad examples. *) Added Win32Thread.h and Examples\F-Advanced\C\Win32Thread. *) Added Examples\F-Advanced\C\NTglobal. Mar-06-2002 ----------- *) Linked with the latest PrcWorks. Mar-11-2002 ----------- *) Some examples simplified, some documents updated. Mar-26-2002 ----------- *) Added Examples\F-Advanced\C\AddProcessInitX. Apr-04-2002 ----------- *) ModWorks and ApiWorks can accept national characters. *) Examples\F-Advanced\C\AddProcessInitX moved to Examples\G-AddProcessInitX. *) Added: Examples\H-NtApiWorks. Apr-18-2002 ----------- *) More unsuccess-proof. Apr-24-2002 ----------- *) Added Examples\I-ClientAW. *) ApiHooks.exe uses PrcWorks 2.7. Apr-30-2002 ----------- *) Added Examples\F-Advanced\C\XcptLog.