# Visual Basic > Visual Basic 6 and Earlier >  Thunk insert to "Catch" when IDE is transitioning from runtime to design-time

## Elroy

I've been turning over an idea in my head for the last few days, on how to make (my version) of ComCtl32 subclassing more IDE safe.  Currently, there are only two situations in which it's not: 1) when you hit the IDE's stop button and a modal form is showing (and you've subclassed some prior hWnd), or 2) anytime you click the "Stop" button on the runtime-error's modal message box.

To correct this, wqweto and others have inserted a thunk that "catches" when the IDE is transitioning from runtime to design-time (apparently before any/all windows are actually destroyed).  I suppose I could deconstruct wqweto's work, but it might be easier to just ask.

But, I want to do it a bit differently.

All I want is some information on how to "insert" a jump (or call) into the IDE's code that jumps to an address (from, say, AddressOf) that I supply.  Once the jump (or call) is made, it can return and then execute as normal.  Done this way, I could design all the "clean-up" code in VB6, with the thunk being quite minimal.  And also, once I've got this piece, I'm sure I can work out how to un-subclass anything/everything that needs to be un-subclassed ... even when the stop button is clicked on a modal form or the runtime-error stop button is clicked.

----------

Also, I'll test when I get the thunk worked out, but I'm curious about exactly what's been done and what hasn't been done when that thunk executes.  For instance:  Are COM objects already destroyed?  Are global variables already reset?

----------


## The trick

https://github.com/thetrik/CTrickSubclass

When you stop project execution the runtime releases all the object variables. So you can use an asm-destructor which cleans-up all the data.

----------


## dz32

the basic process is

- find the address you want to hook, usually an export found with GetProcAddress but can be a hardcoded offset
- sometimes you have to scan for a code signature if the hardcoded offset may change between versions
- grab a copy of the bytes that represent the first several full instructions of the original code.
the minimim size is determined by the size of the hook you wish to place.
- create a new allocation that is in executable memory and place those stolen instructions there along with a new final instruction that will jump back to the original function + x bytes
- now you can embed your hook into the original function location that takes up the original x bytes this can be a jmp address hook, a push address ret hook or other forms.
- the new address you provide is your hook function usually you want to keep the same prototype as the function you have hooked 
- somewhere inside your hook function you call the Real_xx function which will start by executing the stolen code you saved your trampoline. The first few instructions execute in your alloc with stolen code, then jmp back to the remainder of the real function body.

Here is a sample of a vb compatible C library which makes it easy

https://github.com/dzzie/libs/blob/m...dule1.bas#L138

this is a typical detours style hook

----------

