Home/ Questions/Q 8899183
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T00:47:53+00:00

Problem: I am injecting into a program and patching calls but I was wondering

  • 0

Problem:

I am injecting into a program and patching calls but I was wondering if there is any way to walk through the application line by line and find specific calls. _IE: Lets say the program ‘Foo.exe’ has a call to MessageBox at some location in memory.

If I did the following code: ( just a rough idea )

a = GetModuleHandle ( "<dll>" ); 
b = GetProcAddress ( a , "<name>" );
swap ( b , (DWORD)*fake_function );

— Everything works out fine, until you start calling the actual function – which creates a huge loop that goes on forever (ouch).

Now I am not sure about this and I may be wrong but … does the above code replace the ‘Foo.exe’ calls in memory, or does it replace the dll’s function with ‘fake_function’?

I am interested in a few things …

A ) How can I find all the memory locations in ‘Foo,exe’ that call MessageBox and replace the memory locations with a call to ‘fake_function’?

B ) How does detours solve this problem?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You don’t need to locate all the instances where MessageBox gets called, instead you can hook the function. It seems like you have the general idea down, but what you want to do is walk the PE import table for the module in question. When you’re walking it, you look for the function you want to hook and then you do the swap. From then on whenever the module calls the MessageBox function it will look for a reference to the function in the import table and find the address to your function where it previously would have found the address to Microsoft’s implementation of MessageBox. In your function you can do whatever you want and you can even call the original address of the MessageBox function that you would have had to save upon swap.

    • 0