Injecting code?

Is this at all possible using C# (managed code vs unmanaged code and all that)?

Yes it's possible using unsafe code in C#.

Can it be done if you don't have access to the code?

Yes, but you'll have to reverse engineer their code to figure out where to insert your detour/trampoline function.

What are the restrictions of hooking/injecting?

Once you've detoured the method, you can do anything you could normally do.

Would there be an easier way to do this?

Contact the company that wrote the software and ask them for the functionality.

What you are proposing to do is not trivial. It will require skill in assembly, reverse engineering, windows internals, C/C++, C#. You'll probably be violating the license your company signed when they purchased the software. If you install software like this on your work computer without permission you'll most likely be fired.

Have fun :)

Thanks for the reply!

Alright, well I don't mind doing the learning or the work. And this is free of any schedule, which helps as well. I might also be able to ask one of their engineers for hints or clues (he comes by about once every month). Though in previous conversations he was not actually knowledgable about the code from the product (although he wasn't against my ideas).

I do have some (extremely basic) working experience with things like OllyDB, might that at least provide a way in?
How much of the program would I have to reverse engineer?

The program is actually quite basic and simple, since most of the data is sent from the server to the program. Some of the finer points may be hard though.
Other thing entirely, I just thought of this. If they were to have an API available, would that make it easier, or just as hard?

Any tips, hints, guides, links, or examples would be greatly apreciated!

Until then, I will start looking up things suggested, and see what I can do with them.

Having an API available might make it easier, depending on what they provide.

As for how much you'll have to reverse engineer I can't tell you. You'll have to do enough to figure out where your code injection goes, which could be a small part to the entire program.

If it's a client/server program you might be able to insert yourself between the client and server (man-in-the-middle). This would be easier than the other method. And if you can get some info from the developers on what kind of messages are passed.

Good afternoon,

To know if the API is in fact available, I would have to wait until monday.

Reverse engineering is possible of course, but would require a great deal of time, effort, and most of all, learning. So for now, let's call that a final resort.

How tough would it be to create a man-in-the-middle program?
Would it be necesary to have it check all of the networktraffic (on a specific port of course) and analyze it until it finds the bytes it is looking for (predetermined by something like wireshark), or would it be possible to have like a special event for that?
Other thought, haven't checked this out, but maybe incorperate something that checks the current status of datatransfer of the dialingprogram? (sort of like netstat -a does)

Insights on this would be greatly apreciated

I don't mean to interject because I really have no answer to your question, but I did want to throw some things out there to consider:

1. Would it be easier for you to just write your own program that functions in the same way the one you use now does? You said it was simple, if it's really simple just replicate it and add your own features.

2. Be weary (and I mean very weary) of copyright laws. When I was in high school and college I'll admit I had no care for those (I don't think anyone really did), but meh since learning how to write software and getting older I've found that saying "OMG! Why didn't Microsoft add x, y, z feature!! What a ripoff! It wouldn't be that hard" is not actually true :) I know you aren't saying that so don't take it that way, but the point is, 99% of the time reverse engineering, patching or whatever you want to call it is illegal and even if there is an API, it might not provide the functionality you want.

Just some points to ponder :)

No offense taken at all.

Since I don't plan on selling, showing (outside of immediate colleagues), sharing, or distributing any of my changes, at this moment I don't think I need to worry about any of that. I would would strongly prefer to use a non-invasive way of adding (or more precisely reacting) with the software. But thanks for the suggestion.

The basic setup of the program is quite easy, however it does handle either the SIP or .H323 signals. Which is something I probably couldn't really do (unless I'd find some good and practical library for that). All the other functions could be done I suppose (though still not really easy)

True, but I would still be careful and do everything in a legal fashion. Piracy and DMCA violations are expensive and it could end up being worse. If I was you, I would call the software manufacturer and suggest your enhancement, or like you did ask for an API, or some form of written permission to do what you want to do.

I've never gotten in trouble for those violations...everything I have is legal and legit, and now that I see the work involved in writing those applications, I appreciate the rules a bit more than the average person I guess. I'm sure you do to.

Anyway, I'll get off my soapbox now :D sorry for stirring the pot...just wanted to offer a few suggestions/alternates.

Yes, but you'll have to reverse engineer their code to figure out where to insert your detour/trampoline function.

Hey that big block of NOOPs looks pretty good...