whatsnew.txt

window编程,非常的好

			     What's new in ApiHooks 2.0 ?
				      TechInfo


+ Added Task Manager Extension 01 into BIN\TMext directory.
  Currently supported are: taskmgr, procdump.

+ Added possibility to hook protected processes like winlogon and services.
  Of course available only to users with "Debug programs" privilege granted.

+ Added WinLogon example into Examples\EliASM\WinLogon directory.

+ Added "Hooking running process" section into ApiHooks.txt.

+ Sleeping re-added (all versions except WNT-2K). It solves priority problems
  partially.

+ WakeUpGUI added (all versions except WNT-2K). It solves problems with
  waiting partially, but it can cause difficulties with passing WM_QUIT from
  PostQuitMessage to GetMessage function with hWnd != NULL.

+ "GetThreadContext during NTCALL and VxDCall" problem solved (forever?).

+ Freeing is done before thread closing.

- Seems WNT-2K causes various faults (can't invoke common dialogs, common
  controls aren't displayed,..) when used with -n option (-o works fine) in
  Windows 2000 (seems remote thread changes something in ntdll's data; apps
  didn't work correctly even if I blocked DLL_THREAD_ATTACH/DETACH messages).
  Try for example: apihooks -nq patcher.dll notepad, then choose Save As...
  You should get Not enough memory error.
  Use W2K version instead. I hope WNT-2K works fine in NT4.



			     What's new in ApiHooks 1.7 ?
				      TechInfo


+ "GetThreadContext during NTCALL" problem solved via context magic. Updated
  is ApiHooks.dll for W2K, ALL, W95-98.



			     What's new in ApiHooks 1.6 ?
				      TechInfo


+ Original Apihooks.exe was splitted into ApiHooks.dll and ApiHooks.exe

+ Package consits of OS specific versions now (they are optimized). Of course
  there is still universal version in BIN\ALL directory.

+ ApiHookChain can be exported by 2 ways now:
  1) By name 'ApiHookChain' or
  2) By ordinal 1 (as in the past).

+ Modules are enumerated in situ (Toolhelp and PSAPI aren't employed).

+ Version W2K is now as quiet as W95-98; it means no threads are created and
  DLLs get no DLL_THREAD_ATTACH/DETACH message (this is big +).

+ Version ALL goes W95-98 way if MS Windows was detected,
	      goes W2K	  way if Windows 2000 was detected
	      otherwise it goes WNT-2K way

+ If you have Windows 2000, you can use both W2K and WNT-2K versions.

- Supported are processes with 64 modules maximum.

- Versions W2K and ALL in Windows 2000 can't find process when PathTo is
  specified, because Proc32* functions don't work as they should (they return
  szExe without Path).
  So instead of:
  apihooks -o hooks.dll c:\winnt\system32\taskmgr.exe
  use only:
  apihooks -o hooks.dll taskmgr.exe

- Version WNT-2K can't find process where DLLs weren't initialized yet.

- When are hooks applied on process which waits (typically which is in
  background) and W95-98, W2K or ALL in Windows 2000 versions are used, one
  must wait until this process wakes up, or must wait for long time.

- W2K: GetThreadContext during NTCALL (=undefined EAX) is fixed by repeating
  given NTCALL (it is still not optimal, but one can't expect thread to be
  suspended outside NTCALL, especially inside GetMessage, WaitMessage, ...).
  NTCALLs via SYSENTER aren't supported because I haven't met them yet.