MSN Messenger Live Plugin Development Article Published

November 4th, 2008 | Posted by hernandp in C++ | opensource | programming | releases - (20 Comments)

We have published an extensive article about Live Messenger applied research in the field of plugin development, entitled “Windows Live Messenger Plugin Development Bible” at the CodeProject website.

The article carefully explains several reversing and  hooking techniques to extend the application functionality:

  • Proxy DLL implementation
  • API hooking through our Trappola library
  • Applied window subclassing to add ‘skinned’ window classes
  • Runtime resource addition and modification (i.e. toolbar buttons and bitmaps)
  • Contact information through Live Messenger COM Interface
  • Contact selection interception with Active Accessibility COM objects

Although focused at Windows Live Messenger, the article is useful for anyone interested on the topic of  reversing for extending applications, querying internals or implementation of interoperability solutions on the Windows platform.

The code is available in both in binary and source format and is released under the GNU General Public License.

Download binary DLLs – 123.47 Kb

Download source code (VS 2005 Solution) – 241.36 Kb

Enjoy it and tell us what you think about it.

We offer development services to build Windows Live Mail Plugins

, , , ,

Deviare COM Spy Console is out!

October 28th, 2008 | Posted by Pablo Yabo in C# | C++ | Deviare | programming | videos - (0 Comments)

Today we have released a console for monitoring and spying on applications using Microsoft’s Component Object Model. This technology is used in many professional applications and now you are able to watch them in action too!

Deviare’s last integration is the ability to intercept COM interfaces. Using this technology and heuristics to discover this interfaces, the console lets you see which interfaces are being used by an application, and how they made their calls.

Here is an example monitoring the Windows Live Messenger:

As you have seen, we found the instantiation of IwebBrowser2. Since we don’t know what we want to see yet, we hooked every member except IDispatch (not necessary here). Then, the console printed calls for Navigate2 (among others), and we could see where the little browser at the bottom of messenger was getting its Adverts from.

The console is open source, so feel free to contribute on it. In this first release, it contains only one method to discover the creation of interfaces, but many others may be added. Go chase them ;) .

Download Deviare COM Spy Console

, , , , ,

Nektra’s hook engine for Windows.

July 15th, 2008 | Posted by Pablo Yabo in C# | C++ | Deviare | examples | products | programming | reverse engineer | services - (3 Comments)

Today we are releasing Trappola, our hook engine, under LPGL license. It has been a part of Deviare since its early beginning. And we think it reached a maturity level that any developer can appreciate.

There are several libraries that provide some of the functionality we give here. But most of them are theoretical examples, or very custom, that do not adjust well to every situation. In contrast, we designed it to suit to most situations and solve most common mistakes, as the ones seen on multithreading environments.

Inside the library, you’ll find a small yet powerful example. Let’s take a look at it:

The example’s goal is to deny access to a complete folder tree (My Documents) and hide any executable file from the dialog. Two kernel’s functions will be intercepted:

fnc_desc2

For our first task, we hook FindFirstFileW. From here we block any access attempt to our folder or any child in it.

fnc_ff

This hook is handled before the actual call is made. So, when we set the last error to access denied and ask our hook to skip the call, the kernel function is never reached, and the caller is prevented from enumerating it. Also, we are returning an invalid handle, as defined by the documentation.

To hide executable extensions from the user, we will hook FindNextFileW. A program call this function to navigate files in a folder. What we do here is intercept calls just before they return to the caller. There we see if the file found is of any interest to us.

fnc_fn

As shown, if we need to skip this call, we simply call the function again. This way, the result goes unknown from the caller. To cleanly return the next item, we make sure that the return value and last error get to the caller.

Please remember that this an open source project. Feel free to add any changes you see fit. We’ll keep on using it on our products, so don’t hesitate in sending us any bug report of feature request. We’ll try our best to add them.

Now go download the library and try it your self ;) . Or take a mayor step and get Deviare.

,

Deviare hook component released

July 31st, 2007 | Posted by swain in application virtualization | C# | C++ | Deviare | examples | products | programming | Python | releases | reverse engineer | services - (1 Comments)

We have released the first version of Deviare. A free trial is available for download.Deviare is a component for ‘easy hooking’ of Windows DLLs. Now you don’t need to be an expert to incercept operating system functions because you use a COM object abstracting many of the complexities.To show the power look at the following code snippet in CSharp (.NET):

DeviareTools.IProcesses procs = _mgr.get_Processes(0);
DeviareTools.IProcess proc = procs.get_Item("msnmsgr.exe");
DeviareTools.IPEModuleInfo mod = proc.Modules.get_ModuleByName("ws2_32.dll");
DeviareTools.IExportedFunction fnc = mod.Functions.get_ItemByName("send");
hook = mgr.CreateHook(fnc);
hook.Attach(proc);
hook.OnFunctionCalled += new Deviare.DHookEvents_OnFunctionCalledEventHandler(hook_OnFunctionCalled);
hook.Properties = (int)DeviareCommonLib.HookFlags._call_before;
hook.Hook();
void hook_OnFunctionCalled(DeviareTools.Process proc,DeviareParams.ICallInfo callInfo, Deviare.IRemoteCall rCall)
{
    DeviareParams.IParams pms = callInfo.Params;
    DeviareParams.IEnumParams enm = pms.Enumerator;
    DeviareParams.IParam pm = enm.First;
    pm = enm.Next;
    object[] args = new object[1];
    string msg = "Transmition -> ";
    msg += pm.Value;
    msg += "rn";
    args[0] = msg;
    txtOutput.Invoke(new AppendHandler(Append), args);
}

With this simple code you hook the send function in the WinSock dll for the Messenger process and our own function hook_OnFunctionCalled is called before the ‘real send’The code can be written in any COM friendly programming language like: C++, C#, VB, Java, Python, Perl, Ruby and many others. API Hook examples in C++, C#, VB.Many applications can now be built on Deviare Technology like Spy Studio a tool to monitor Windows API and available for free.

, , , , , , , , , , , , , , , , , , ,

outlook express plugin windows live mail plugin windows live mail api application virtualization microsoft app-v shim outlook plugin development outlook development audio recorder capture sdk skype g-talk msn messenger IDirectSound / IAudioClient / MCI Wave API / Direct buffer writes capture recorder sdk apple mail plugin
windows system internals API Hook api intercept api hook api monitor api spy windows7 migration Track dll error Track COM error Ajax web scraping javascript web scraping Internet Explorer Knowledge Base