[icq-devel] ICQ hooks

Alex Demchenko alex at ritlabs.com
Tue Jun 17 14:43:57 CEST 2003

Hello Gerke,

Tuesday, June 17, 2003, 3:51:33 PM, you wrote:

GP> the general answer in such cases is DLL Interception. Assuming you have
GP> knowledge of the structure of exported DLL functions (parameter list and
GP> return value), you can create a fake DLL that will pass through all API
GP> calls to the original DLL and extract/insert information where
GP> necessary.

I can advice you "madCodeHookingLibrary" from http://www.madshi.net -
"(1) With my package you can hook the same API as often as you like and the order
in which you uninstall your hooks again doesn't matter at all. My madCodeHook
package builds up a full featured hook queue. If you do that with Detours (I mean
hooking the same API in the same process twice and uninstall the hooks in the wrong
order) the process in which you hooked the API will crash, as soon as the API is
called again.

(2) Detours works only under winNT, while madCodeHook works under win9x, too. That
doesn't sound like a big extension, but if you know a bit about win9x (namely that the
system DLLs are loaded in the shared memory area, to which you normally can't obtain
any write access), you will understand that it needs a lot of ugly hacks and assembler
code to make the hooks work exactly like they do under winNT.

Best regards,
 Alex                            mailto:alex at ritlabs.com

More information about the icq-devel mailing list