Cant get Startdoc to fire up hook why

Mar 9, 2010 at 12:02 PM

Hi can somebody please help me i can get creatfile to hook and i tested to get writefile to hook but StartDocA just does not what to fire up i checked the signature it is right, so what am i doing wrong please can somebody just help or send me in the right direction Thank you

Mar 9, 2010 at 3:47 PM
Edited Mar 9, 2010 at 5:22 PM

StartDocW?

 

e: http://pinvoke.net/default.aspx/gdi32/StartDoc.html

Mar 9, 2010 at 4:49 PM

hi thanks for the reply but im doing that StartCocW the unicode way, here is my code maybe you can see something i am missing please

using System;
using System.Collections.Generic;
using System.Text;
using System.Threading;
using System.IO;
using System.Runtime.InteropServices;
using EasyHook;
using System.Windows.Forms;


namespace ProcessMonitor
{

   [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
    public struct DOCINFOW
    {
        public int cbSize;
        [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.LPWStr)] public string lpszDocName;
        [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.LPWStr)] public string lpszOutput;
        [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.LPWStr)] public string lpszDatatype;
        public uint fwType;
    }

 

    public class DemoInjection : EasyHook.IEntryPoint
    {
        public DemoInterface Interface = null;
        public LocalHook CreateFileHook = null;
        Stack<String> Queue = new Stack<string>();

        public DemoInjection(
            RemoteHooking.IContext InContext,
            String InChannelName)
        {
            Interface = RemoteHooking.IpcConnectClient<DemoInterface>(InChannelName);

            Interface.Ping(RemoteHooking.GetCurrentProcessId());
        }

        public void Run(
            RemoteHooking.IContext InContext,
            String InArg1)
        {
            try
            {
                CreateFileHook = LocalHook.Create(
                    LocalHook.GetProcAddress("gdi32.dll", "StartDocW"),
                    new DStartDocW(StartDocW_Hooked),
                    this);

                /*
                 * Don't forget that all hooks will start deaktivated...
                 * The following ensures that all threads are intercepted:
                 */
                CreateFileHook.ThreadACL.SetExclusiveACL(new Int32[] {0});
            }
            catch (Exception e)
            {
                /*
                    Now we should notice our host process about this error...
                 */
                Interface.ReportError(RemoteHooking.GetCurrentProcessId(), e);

                return;
            }


            // wait for host process termination...
            try
            {
                while (Interface.Ping(RemoteHooking.GetCurrentProcessId()))
                {
                    Thread.Sleep(500);

                    // transmit newly monitored file accesses...
                    lock (Queue)
                    {
                        if (Queue.Count > 0)
                        {
                            String[] Package = null;

                            Package = Queue.ToArray();

                            Queue.Clear();

                            Interface.OnCreateFile(RemoteHooking.GetCurrentProcessId(), Package);
                        }
                    }
                }
            }
            catch
            {
                // NET Remoting will raise an exception if host is unreachable
            }
        }

        // DELEGATES
        delegate int DStartDocW(System.IntPtr hdc, ref DOCINFOW lpdi);

       
        [System.Runtime.InteropServices.DllImportAttribute("gdi32.dll", EntryPoint = "StartDocW")]
        static extern int StartDocW(System.IntPtr hdc, ref DOCINFOW lpdi);

        public static int StartDocW_Hooked(System.IntPtr hdc, ref DOCINFOW lpdi)
        {
          
            DemoInjection This = (DemoInjection)HookRuntimeInfo.Callback;

            This.Interface.CreateD("tester");

            This.Queue.Push("***StartDocW_Hooked " + DateTime.Now.ToShortTimeString() + "[" + RemoteHooking.GetCurrentProcessId() + ":" +
                RemoteHooking.GetCurrentThreadId() + "]: \" CALL BLOCKED File:" + lpdi.lpszDocName + "\"");

            return StartDocW(hdc, ref lpdi);
        }
          
    }
}

 

thanks i have created a test message pop up to see if it hits the hook as you can see but nothing happens