Search found 19 matches

by wineggdrop
Fri Apr 17, 2020 4:24 am
Forum: madCodeHook
Topic: weird result hooking GetQueuedCompletionStatus
Replies: 5
Views: 3651

Re: weird result hooking GetQueuedCompletionStatus

iconic wrote:Before I get into this today I meant to ask, have you tried another hooking library to see if it's the same result? Detours, Mhook etc.?

--Iconic
yes, the same result.I wonder why this would happen. I even change the sample code with one worker thread,still the same result.
by wineggdrop
Sun Apr 12, 2020 5:31 am
Forum: madCodeHook
Topic: weird result hooking GetQueuedCompletionStatus
Replies: 5
Views: 3651

weird result hooking GetQueuedCompletionStatus

trying to hook GetQueuedCompletionStatus from microsoft SDK IOCP echo server sample,the detour GetQueuedCompletionStatus just won't get triggered when client connects to the echo server,it only gets triggered when client sends data to the echo server,but from the sample code,GetQueuedCompletionStatu...
by wineggdrop
Mon Dec 23, 2019 9:20 pm
Forum: madCodeHook
Topic: what would happen
Replies: 2
Views: 3143

what would happen

the EncodePointer() isn't exported from kernel32.dll on windows 2k.if I use madhook to hook this API and redirect the call to my own code such as Detour_EncodePointer,when an application runs on windows 2k and call EncodePointer(),would my code Detour_EncodePointer get called?(assume my dll with hoo...
by wineggdrop
Sat Dec 14, 2019 6:18 pm
Forum: madCodeHook
Topic: Is it possible to hook un-exported function
Replies: 2
Views: 3330

Is it possible to hook un-exported function

#include <windows.h>
#include <stdio.h>

bool TestFunction()
{
..............
return true;
}

int main(int argc,char *argv[])
{
TestFunction();
return 0;
}

Is it possible to hook TestFunction() in the above program with madcodehook?if so,how?
by wineggdrop
Sun Dec 08, 2019 4:39 am
Forum: madCodeHook
Topic: how to hook ConnectEx
Replies: 1
Views: 2815

Re: how to hook ConnectEx

Got it with HookCode.
by wineggdrop
Sun Dec 08, 2019 4:17 am
Forum: madCodeHook
Topic: how to hook ConnectEx
Replies: 1
Views: 2815

how to hook ConnectEx

HookAPI doesn't seem to work on ConnectEx,AcceptEx and etc.
by wineggdrop
Thu Nov 21, 2019 1:26 am
Forum: madCodeHook
Topic: hookAPI() return issue
Replies: 11
Views: 6313

Re: hookAPI() return issue

I guess I could do that, but it would really only help during development, but it would not improve anything on the PC of the end user, or would it? it would be very helpful since windows have so many versions now and even MSDN can't provide the correct info about which API exported from which syst...
by wineggdrop
Wed Nov 20, 2019 4:56 pm
Forum: madCodeHook
Topic: hookAPI() return issue
Replies: 11
Views: 6313

Re: hookAPI() return issue

Maybe it should. But there could be situations where you want a different behaviour. For example, let's say you do "HookAPI(weird.dll, weirdApi)", and let's say that there are different versions of "weird.dll" around, some of which export the "weirdApi" and some don't....
by wineggdrop
Tue Nov 19, 2019 10:18 pm
Forum: madCodeHook
Topic: Hooking RtlCopyMemory crash
Replies: 13
Views: 6604

Re: Hooking RtlCopyMemory crash

it works if removing the OutputDebugPrintf("RtlCopyMemory Called");
by wineggdrop
Tue Nov 19, 2019 3:32 am
Forum: madCodeHook
Topic: Hooking RtlCopyMemory crash
Replies: 13
Views: 6604

Re: Hooking RtlCopyMemory crash

#pragma warning(disable : 4995) #define _CRT_SECURE_NO_WARNINGS #include <Windows.h> #include <stdio.h> #include "MadHook.h" #if defined _M_X64 #pragma comment(lib,"madHookx64.lib") #elif defined _M_IX86 #pragma comment(lib,"madHookx32.lib") #endif VOID (WINAPI *Real_Rt...
by wineggdrop
Tue Nov 19, 2019 3:17 am
Forum: madCodeHook
Topic: Hooking RtlCopyMemory crash
Replies: 13
Views: 6604

Re: Hooking RtlCopyMemory crash

your code works fine,but it's an exe file,I am talking about the hook in dll,inject the dll into a running process like notepad.exe,mstsc.exe and etc.

64 bit ntdll.dll exports RtlCopyMemory,and 32 bit ntdll.dll won't export that api,I am sure about it.
by wineggdrop
Tue Nov 19, 2019 1:01 am
Forum: madCodeHook
Topic: Hooking RtlCopyMemory crash
Replies: 13
Views: 6604

Re: Hooking RtlCopyMemory crash

Does Real_RtlCopyMemory have WINAPI? Both callback and real hook definitions need the same calling convention, otherwise you crash --Iconic I have tried both with/without WINAPI conversion,same result.I even tried the __cdecl conversion,same result.BTW,it won't only happen in madcodehook,it happens...
by wineggdrop
Tue Nov 19, 2019 12:39 am
Forum: madCodeHook
Topic: Hooking RtlCopyMemory crash
Replies: 13
Views: 6604

Re: Hooking RtlCopyMemory crash

VOID (WINAPI *Real_RtlCopyMemory)(PVOID pDestination,const PVOID pSource,SIZE_T iSize); VOID WINAPI Detour_RtlCopyMemory(PVOID pDestination,const PVOID pSource,SIZE_T iSize); void InstallHook() { LPTSTR lpModule = "ntdll.dll"; LPTSTR lpAPIToHook = "RtlCopyMemory"; HookAPI(lpModul...
by wineggdrop
Mon Nov 18, 2019 9:54 pm
Forum: madCodeHook
Topic: Hooking RtlCopyMemory crash
Replies: 13
Views: 6604

Hooking RtlCopyMemory crash

VOID (WINAPI *Real_RtlCopyMemory)(PVOID pDestination,const PVOID pSource,SIZE_T iSize); VOID WINAPI Detour_RtlCopyMemory(PVOID pDestination,const PVOID pSource,SIZE_T iSize); void InstallHook() { LPTSTR lpModule = "ntdll.dll"; LPTSTR lpAPIToHook = "RtlCopyMemory"; HookAPI(lpModul...
by wineggdrop
Mon Nov 18, 2019 9:47 pm
Forum: madCodeHook
Topic: hookAPI() return issue
Replies: 11
Views: 6313

Re: hookAPI() return issue

HookAPI() requires the name of the module that the API exists in, in this case SetWindowsHookExA() does *not* exist in the export table of ntdll.dll at all. It only exists inside user32.dll so the behavior is completely normal. It will never trigger on ntdll.dll, only when SetWindowsHookExA() is ca...