We have released the first version of Deviare. A free trial is available for download.Deviare is a component for ‘easy hooking’ of Windows DLLs. Now you don’t need to be an expert to incercept operating system functions because you use a COM object abstracting many of the complexities.To show the power look at the following code snippet in CSharp (.NET):
[code lang=”c++”]
DeviareTools.IProcesses procs = _mgr.get_Processes(0);
DeviareTools.IProcess proc = procs.get_Item("msnmsgr.exe");
DeviareTools.IPEModuleInfo mod = proc.Modules.get_ModuleByName("ws2_32.dll");
DeviareTools.IExportedFunction fnc = mod.Functions.get_ItemByName("send");
hook = mgr.CreateHook(fnc);
hook.Attach(proc);
hook.OnFunctionCalled += new Deviare.DHookEvents_OnFunctionCalledEventHandler(hook_OnFunctionCalled);
hook.Properties = (int)DeviareCommonLib.HookFlags._call_before;
hook.Hook();
void hook_OnFunctionCalled(DeviareTools.Process proc,DeviareParams.ICallInfo callInfo, Deviare.IRemoteCall rCall)
{
DeviareParams.IParams pms = callInfo.Params;
DeviareParams.IEnumParams enm = pms.Enumerator;
DeviareParams.IParam pm = enm.First;
pm = enm.Next;
object[] args = new object[1];
string msg = "Transmition -> ";
msg += pm.Value;
msg += "rn";
args[0] = msg;
txtOutput.Invoke(new AppendHandler(Append), args);
}
[/code]
With this simple code you hook the send function in the WinSock dll for the Messenger process and our own function hook_OnFunctionCalled is called before the ‘real send’The code can be written in any COM friendly programming language like: C++, C#, VB, Java, Python, Perl, Ruby and many others. API Hook examples in C++, C#, VB.Many applications can now be built on Deviare Technology like Spy Studio a tool to monitor Windows API and available for free.
I think _mgr in line 1 and mgr in line 5 should be the same variable. In the downloaded C# example, the SpyMgr object is acquired by P/Invoke. Is it possible to get it directly from the .net assembly?
Thanks.