Hook W32Api WriteFile

Sep 17, 2009 at 11:57 AM
Edited Sep 17, 2009 at 1:36 PM

I want to hook the WriteFile function in kernel32.dll.
I want to put out the data that should be written to the console but the problem is that the lpBuffer has always a Length of 1 desipte that nNumberOfBytesToWrite is larger. So I get always a Index out of bounds exception at index 1

 

        static bool WriteFile_Hooked(
IntPtr hFile,
byte[] lpBuffer,
uint nNumberOfBytesToWrite,
out uint lpNumberOfBytesWritten,
[In] IntPtr lpOverlapped)
{
try
{
Main This = (Main)HookRuntimeInfo.Callback;

string output = "WriteFile [" + RemoteHooking.GetCurrentProcessId() + ":" +
RemoteHooking.GetCurrentThreadId() + "] DataSize: " + nNumberOfBytesToWrite + " DataLength:" + lpBuffer.Length + "Data: ";
try
{
for (uint i = 0; i < nNumberOfBytesToWrite; i++)
{
byte temp = lpBuffer[i];
output += string.Format("{0}-{1:X2}", i, temp);
}
}
catch (Exception ExtInfo)
{
This.Interface.ReportException(ExtInfo);
}

lock (This.Queue)
{
This.Queue.Push(output);
}
}
catch { }

return WriteFile(hFile, lpBuffer, nNumberOfBytesToWrite, out lpNumberOfBytesWritten, lpOverlapped);
}

 

Thanks in Advance
Ingrater

 

Edit: Solved it myself. Used the marshal class

Feb 8, 2014 at 1:03 PM
static bool WriteFile_Hooked(
        IntPtr hFile,
        System.Text.StringBuilder lpBuffer,
        uint nNumberOfBytesToWrite,
        out uint lpNumberOfBytesWritten,
        [In] IntPtr lpOverlapped)

sorry for late
Marked as answer by spazzarama on 2/18/2014 at 12:14 AM