Dec 142017
 
Docs from Microsoft on how to intercept any Windows DLL function (especially KERNEL, USER, and GDI).
File WINCAPFN.ZIP from The Programmer’s Corner in
Category Windows 3.X Files
Docs from Microsoft on how to intercept any Windows DLL function (especially KERNEL, USER, and GDI).
File Name File Size Zip Size Zip Type
WINCAPFN.TXT 2560 1101 deflated

Download File WINCAPFN.ZIP Here

Contents of the WINCAPFN.TXT file


Knowledge Base+
Title: INF: How to Transparently Intercept Procedure Calls in Windows
Document Number: Q11623 Publ Date: 8-MAR-1993
Product Name: Microsoft Windows Software Development Kit
Product Version: 2.00 3.00
Operating System: WINDOWS

Summary:
A technique for aliasing procedure names in Windows allows procedure
calls to be transparently intercepted. You can use this technique to
monitor activities such as checking arguments for validity.
More Information:
To intercept procedure calls transparently, first build a Windows
executable code library that resembles the following:
HANDLE MyGlobalAlloc( flags, size )
WORD flags;
DWORD size;
{
/* Perform any type of monitoring necessary here.
if ( !size )
return 0;
*/
return RealGlobalAlloc( flags, size );
}
HANDLE FAR PASCAL main( argc, argv )
WORD argc;
LPSTR argv;
{
return 1;
}
Next write the definitions file for the library above as follows:
BOO.DEF:
LIBRARY BOO
DESCRIPTION "Procedure call interception library."
DATA SINGLE MOVEABLE
CODE MOVEABLE DISCARDABLE
EXPORTS
GlobalAlloc=MyGlobalAlloc
IMPORTS
RealGlobalAlloc=KERNEL.15
You can obtain the ordinal numbers for the KERNEL routines (or for any
other routine) by using the LIB.EXE program to list the contents of
SLIBW or MLIBW.
Build a dynamic link library (DLL) by running IMPLIB BOO.DEF as
follows:
IMPLIB BOO.DEF BOO.LIB
Build the library executable by using the following table:
link4 boo,,,mlibw mlibc,boo.def;
Next dynamically link to BOO.EXE by linking to BOO.LIB as follows:
link4 car,,,boo mlibw mlibc,car.def;
Any calls to GlobalAlloc are routed to MyGlobalAlloc first because of
the name aliasing. This technique is very powerful and can be used to
implement any type of monitoring function. In the case of GlobalAlloc,
the monitoring is transparent in the sense that it is not necessary to
recompile the application to remove error checking; simply link to
MLIBW.LIB instead of to BOO.LIB MLIBW.LIB.
Additional reference words: 2.00 3.00
KBCategory:
KBSubcategory: KrDllMisc

COPYRIGHT Microsoft Corporation, 1992.


 December 14, 2017  Add comments

Leave a Reply