I hooked ExtTextOut using easyhook.
When I actually output it to the console, the text is about 29 different from the actual input.
For example, if you type abc, the console displays DEF.
Why is that?
The code for the hooking area is as follows.
Other parts are
https://github.com/EasyHook/EasyHook-Tutorials/tree/master/Managed/RemoteFileMonitor
I have created it with reference to .
boolExtTextOut_Hook(
IntPtrhdc,
int x,
inty,
uint fuOptions,
[In] ref RECT lprc,
string lpString,
uint cbCount,
[In] IntPtrpDx)
{
try
{
lock(this._messageQueue)
{
This._messageQueue.Enqueue(string.format("{0}", lpString);
}
}
catch
{
}
returnExtTextOutW(
hdc,
x,
y,
fuOptions,
reflprc,
lpString,
cbCount,
lpDx);
}
When I tried it here, I could hook it without any problems.
c++ Hooking Process (32-bit)
#include<Windows.h>
# include <string>
# include <iostream>
int main()
{
wchar_tstr[] = L "abcdef";
::ExtTextOutW(NULL, 0, 0, 0, nullptr, str, _countof(str), nullptr);
std::string tmp;
std::getline(std::cin, tmp);
return 0;
}
C# Hook DLL
FileMonitorHook/InjectionEntryPoint.cs
Additional Code to
public void Run(
EasyHook.RemoteHooking.IContext context,
US>string channelName)
{
// Omitted
varextextoutook=EasyHook.LocalHook.Create(
EasyHook.LocalHook.GetProcAddress("gdi32.dll", "ExtTextOutW"),
newExtTextOutW_Delegate(ExtTextOutW_Hook),
this);
// Omitted
nextoutook.ThreadACL.SetExclusiveACL (new Int32[]{0});
// Omitted
}
// Omitted
StructureLayout (LayoutKind.Sequential)
public structure RECT
{
public int Left, Top, Right, Bottom;
}
DllImport("gdi32.dll", EntryPoint="ExtTextOutW")]
static external bool ExtTextOut (IntPtr hdc, int X, int Y, uint fuOptions,
[In] ref RECT lprc, [MarshalAs(UnmanagedType.LPWStr)] string lpString,
uint cbCount, [In] IntPtrlDx);
UnmanagedFunctionPointer (CallingConvention.StdCall, CharSet=CharSet.Unicode, SetLastError=true)
return: MarshallAs (UnmanagedType.Bool)
delete boolExtTextOutW_Delegate(
IntPtrhdc,
int x,
inty,
uint options,
[In] ref RECT lprc,
string lpString,
uint c,
IntPtrlpDx
);
US>boolExtTextOutW_Hook(
IntPtrhdc,
int x,
inty,
uint options,
[In] ref RECT lprc,
string lpString,
uint c,
IntPtrlpDx
)
{
bool result=ExtTextOut(hdc, x, y, options, reflprc, lpString, c, lpDx);
try
{
lock(this._messageQueue)
{
if (this._messageQueue.Count<1000)
{
if(string.IsNullOrEmpty(lpString))
{
} else
{
string msg = "ExtTextOutW_Hook:" +lpString;
This._messageQueue.Enqueue(msg);
}
}
}
}
catch
{
}
return result;
}
// Omitted
"abcdef"
for the input
ExtTextOutW_Hook:abcdef
and the console.
When I actually output it to the console, the text is about 29 different from the actual input.
For example, if you enter abc , the console displays DEF.
Does "If you type abc" mean that you gave the argument to ExtTextOutW as "abc"?
It seems that something else has been done something else has been done.
You'll find out what you have doubts about if you elaborate on that.
© 2024 OneMinuteCode. All rights reserved.