Hooking a running process 's Innermost dll's function

Is it possible by hooking GetProcAddress() function? Hook GetProcAddress with my myGetProcAddress(). Now myGetProcAddress will be notified on calling GetProcAddress. You can return the address of MyDllThreeFunction on receiving a getprocaddress() for DllThreeFunction.

In release mode it will create compilation error. It creates compilation error in VS2008. I got compilation error "error C4716: 'fatt' : must return a value". But in debug mode it works as follows. In both case contents of EAX register is used as the output of fatt() function. In both case EAX holds the output value, therefore the two versions works correctly in debug mode. The result of imul is available in eax register and that is the expected result from the fatt function. Following are the disassembly of two versions of fatt() function. First one with return value and next is without return value.

    return fattoriale=n\*fatt(n-1);

01182ED2 mov eax,dword ptr [n]
01182ED5 sub eax,1
01182ED8 push eax
01182ED9 call fatt (1181889h)
01182EDE add esp,4
01182EE1 imul eax,dword ptr [n]
01182EE5 mov dword ptr [fattoriale],eax
01182EE8 mov eax,dword ptr [fattoriale]

    fattoriale=n\*fatt(n-1);

01182F92 mov eax,dword ptr [n]
01182F95 sub eax,1
01182F98 push eax
01182F99 call fatt (11815FAh)
01182F9E add esp,4
01182FA1 imul eax,dword ptr [n]
01182FA5 mov dword ptr [fattoriale],eax

The multiplication in n*fatt(n-1) is done with imul operation. And its output is available in EAX register. In first version( with return statement), last two instructions perform the following things. Contents of eax is moved to fattoriale and after that the contents of fattoriale is moved to eax( EAX holds the return value, or result of operation). In second version( without return statement) the last mov is not found. But the output of iMul is in EAX register and therefore the output will be available to caller function through EAX register.

Yes it is possible to debug in release mode. Details are given in the following link. If an application works in a debug build, but fails in a release build, one of the compiler optimizations may be exposing a defect in the source code. To isolate the problem, disable selected optimizations for each source code file until you locate the file and the optimization that is causing the problem. (To expedite the process, you can divide the files into two groups, disable optimization on one group, and when you find a problem in a group, continue dividing until you isolate the problem file.) http://msdn.microsoft.com/en-us/library/fsk896zz.aspx

Try to log the startup sequence by some log mechanism, like OuputDebugString() or File write. Is there any chance to have code which will run in Release mode? Any code which is written by compiler directive like #ifndef.

#ifndef _DEBUG
..
#endif

The following link may help you to find out this issue. http://forums.codeguru.com/showthread.php?269905-Visual-C-Debugging-Why-does-program-work-in-debug-mode-but-fail-in-release-mode In the debug build, if you have incorrect message handler signatures this doesnt cause any problems. But MFC does a couple of naughty type casts in the message map macros. So when you build the same code in release mode, you are guranteed to run into trouble.

Enumerating all modules in a process can be done by EnumProcessModules(). Here is an example of enumerating all modules in a process and displaying its names. http://msdn.microsoft.com/en-us/library/windows/desktop/ms682621(v=vs.85).aspx Load address of each modules can be retrieved by calling GetModuleInformation() for each modules. lpBaseOfDll of MODULEINFO holds the load address of the corresponding module. BOOL WINAPI GetModuleInformation( __in HANDLE hProcess, __in HMODULE hModule, __out LPMODULEINFO lpmodinfo, __in DWORD cb );

Please ensure the target is not started, by adding some log in that process. If process terminates as soon as the startup, then TaskManager cant show it. Please check the values of returned PROCESS_INFORMATION structure. Process ID is avaialable in pi.dwProcessId.

return_code = CreateProcess((LPCSTR) &herc_command[0], // command
(LPCSTR) &herc_parm[0], // paramter
(LPCSTR) &sa,
NULL,
TRUE,
(DWORD) NULL,
NULL,
NULL,
&si,
&pi);

Is third parameter is correct? Conversion to a string is not correct.

Enable Depth test to draw objects beyond others. glEnable( GL_DEPTH_TEST ); glDepthFunc( GL_LESS ); // Near objects will be displayed. object with z -3 displayed on top of object with z -4 If you are creating an app similar to MSPAINT, setup projection matrix with glOrtho(). glOrtho() is used because it creates an orthographic projection, therefore the size of rendered image of same size with different z value will be same. Provide different z values for each objects, based on their z order in the screen. ie, z value of the object drawn at first should be as small, say 1. Then increase z value of each new objects. Render code should be like this.

// set depth range and clear depth value.
glDepthRange(-100, 100);
glClearDepth(100);
glClear(GL_COLOR_BUFFER_BIT|GL_DEPTH_BUFFER_BIT);

// Set projection.
glMatrixMode( GL_PROJECTION );
glLoadIdentity();
glOrtho(-20,20,-20,20,0, 100 );

glEnable( GL_DEPTH_TEST );
glDepthFunc( GL_LESS );

// No model view transformation.
glMatrixMode( GL_MODELVIEW );
glLoadIdentity();

// Draw object 1
glColor3f(0,0,1);
glBegin( GL_TRIANGLES );
glVertex3f( 0,0, -3 );
glVertex3f( 1,1, -3 );
glVertex3f( 0,1, -3 );
glEnd();

// Draw Object 2. Here z is -2, it will be displayed on top of object -3
glColor3f(1,0,0);
glBegin( GL_TRIANGLES );
glVertex3f( 0,1, -2 );
glVertex3f( 1,1, -2 );
glVertex3f( 1,0, -2 );
glEnd();

SwapBuffers( m_hDC );

// Used for GDI+ initialisation.
ULONG_PTR m_gdiplusToken;

// Initialization of GDI+ library.
Gdiplus::GdiplusStartupInput gdiplusStartupInput;
Gdiplus::GdiplusStartup(&m_gdiplusToken, &gdiplusStartupInput, NULL);

The GdiplusStartup function initializes GDI+. Call GdiplusStartup before making any other GDI+ calls, and call GdiplusShutdown when you have finished using GDI+.

Please use GetLogicalDriveStrings() or GetLogicalDrives().

Please use GetLogicalDriveStrings() or GetLogicalDrives(). GetDriveType() can be used to get details of the drive. GetDiskFreeSpace() can be used to retreive information about the specified disk, including the amount of free space on the disk.

which function is used in VC6.0 ? Is it sprintf_s() ?
sprintf() is not checking the output buffer size. Sprintf_s ensures the output buffer overwritinng is not happening.

Which function is used in VC6.0 ? Is it sprintf() or sprintf_s() ?
If it is sprintf(), then nothing to wonder, becausee sprintfdoesnot check the output buffer size.

PreTranslateMessage in Dlg class. and GetString and GetNumber function in other class. so how it will connect with each other. You can directly call m_TxInput.GetString() and m_TxInput.GetNumber() from PreTranslateMessage(). If you want to send a message to CMyTextBox class, you can call PostMessage() with a USER function to the edit control.

If you can override PreTranslateMessage() in your Dialog class, you can track Enter press from PreTranslateMessage().

BOOL CRetValTestDlg::PreTranslateMessage(MSG* pMsg)
{
if( pMsg->message == WM_KEYDOWN &&
pMsg->wParam == VK_RETURN &&
pMsg->hwnd == GetDlgItem( IDC_TX_INPUT )->m_hWnd)
{
// When pressing Enter key in IDC_TX_INPUT edit box, you will get control here.
// Return FALSE ensures Dialog will not process this Enter KeyPress

    // return FALSE;
}
return CDialog::PreTranslateMessage(pMsg);

}

"After press Enter key" I can undestand that you need to get the String and Number values on pressing Enter key.is it right ?

Please move GetWindowText() to CMyTextBox::GetNumber() and CMyTextBox::GetString(). CMyTextBox::OnKeyDown() will not give text values. CRetValTestDlg::OnGetString() still calls m_TxInput.InFlag = false; Please remove it.

Which function ? On every key press, CMyTextBox::OnKeyDown() will call. But Enter will not called. Its reason is "Enter" keypress will consider as Action of currently focused button. please change the MultiLine property of EditBox and check whether enter is recieved in KEyDown

Few comments. 1) First statement of CRetValTestDlg::OnGetString() set InFlag to false. Therefore m_TxInput.GetString() will return "". Move InFlag = false to CRetValTestDlg::OnGetString(). Accessing a member variable outside of class is not a good. 2) First statement of CRetValTestDlg::OnGetNumber() set InFlag to false. Therefore m_TxInput.GetString() will return 0. Move InFlag = false to CRetValTestDlg::OnGetNumber(). 3) modify CMyTextBox::OnKeyDown() like this

if (nFlags == 28) // Enter press
{
InFlag = true;
GetWindowText(RetVal);
}

4. Need to identify Enter KeyPress in your EditControl. 3) Normally an Edit control will not get Enter key press, On Enter keypress, focused button click action will be performed. One option is to change the style of your Edit control to Multi-line. Change MultiLine to true, or enable ES_MULTILINE for the CMyTextBox window style. Another option is to identify enter keypress from PreTranslateMessage(), if "VK_ENTER" key down is occurred from edit control set your InFlag to true.

I felt three problems. 1) InFlag is always false. You have to set it to true from OnKeyDown with Enter key.

if (nFlags == 28) // Enter press
{
InFlag = true;
GetWindowText(RetVal);
}

2. Please ensure you added ON_WM_KEYDOWN() in message map of CMyTextBox class. 3) Normally an Edit control will not get Enter key press, On Enter keypress, focused button click action will be performed. One option is to change the style of your Edit control to Multi-line. Change MultiLine to true, or enable ES_MULTILINE for the CMyTextBox window style. Another option is to identify enter keypress from PreTranslateMessage(), if "VK_ENTER" key down is occurred from edit control set your InFlag to true.

Second parameter of sprintf_s is the size of destination buffer. If length of formatted string is greater than the size of source buffer, sprintf_s will create debug assertion. If length of string in Buffer is less than 3, then it will not create an debug assertion. Here you can change the second parameter of sprintf_s to 47,by considering offset in buffer.