hooking problem
-
I am having trouble with the "Process-wide api spying" article by Anton Bassov. Here is the code: HMODULE hMod = GetModuleHandle("kernel32.dll"); if (hMod == NULL) MessageBox(NULL,"could not load dll","error",MB_OK); else { IMAGE_DOS_HEADER * dosheader=(IMAGE_DOS_HEADER *)hMod; IMAGE_OPTIONAL_HEADER * opthdr =(IMAGE_OPTIONAL_HEADER *) ((BYTE*)hMod+dosheader->e_lfanew+24); IMAGE_IMPORT_DESCRIPTOR * descriptor=(IMAGE_IMPORT_DESCRIPTOR*)(BYTE*)hMod + opthdr->DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress; while(descriptor->FirstThunk) { char*dllname=(char*)((BYTE*)hMod+ descriptor->Name); IMAGE_THUNK_DATA* thunk=( IMAGE_THUNK_DATA*)((BYTE*) hMod + descriptor->OriginalFirstThunk); int x=0; while(thunk->u1.Function) { char*functionname=(char*)((BYTE*) hMod + ( DWORD)thunk->u1.AddressOfData+2); MessageBox(NULL,functionname,"function",MB_OK); DWORD *IATentryaddress=( DWORD *)((BYTE*) hMod + descriptor->FirstThunk)+x; x++; thunk++; } descriptor++; } } It is crashing at run-time, saying that it cannot read from desciptor. Anyone have any idea what the problem is? Any help is appreciated. -Dev578