Tracking HDC from injected process

Question

Hi,

I'm facing quite a dilemma. I've injected my DLL into other process as well as hooked few WinAPI calls from there, ExtTextOutW@GDI32, DrawTextExW@GDI32 and AlphaBlend@Msimg32 to be specific. Now, the problem is that when the other application writes something with those two GDI32 functions, i don't know the exact location where it comes up. This is because the DC which contains the text gets processed with AlphaBlend, which also eventually puts it to the window's DC.

So, how can I track certain HDC? In pseudo code, here's how the other application draws text to the screen:

HDC h = DrawTextW("STRING")

Do something with h. The "STRING" gets new HDC, say h2.

Pass h2 to AlphaBlend, which draws it to the screen.

Like I said, I loose track with the original h as the string gets new DC before AlphaBlend. Any idea, how I can make a connection from h > h2 with certain string in it?

I don't know if I was able to explain the problem properly, please ask if you've got any questions...

Answer 1

static BOOL (WINAPI *AlphaBlend_t)(
  HDC           hdcDest,
  int           nXOriginDest,
  int           nYOriginDest,
  int           nWidthDest,
  int           nHeightDest,
  HDC           hdcSrc,
  int           nXOriginSrc,
  int           nYOriginSrc,
  int           nWidthSrc,
  int           nHeightSrc,
  BLENDFUNCTION blendFunction
) = AlphaBlend;

BOOL MyAlphaBlend(
  HDC           hdcDest,
  int           nXOriginDest,
  int           nYOriginDest,
  int           nWidthDest,
  int           nHeightDest,
  HDC           hdcSrc,
  int           nXOriginSrc,
  int           nYOriginSrc,
  int           nWidthSrc,
  int           nHeightSrc,
  BLENDFUNCTION blendFunction
) 
{
    // modify hdcDest to hdcDest2
    return AlphaBlend_t(hdcDest2, ...);
}

That should do the trick. Put in any code to modify the HDC in the latter function.