yes, the same result.I wonder why this would happen. I even change the sample code with one worker thread,still the same result.iconic wrote:Before I get into this today I meant to ask, have you tried another hooking library to see if it's the same result? Detours, Mhook etc.?
--Iconic
Search found 19 matches
- Fri Apr 17, 2020 4:24 am
- Forum: madCodeHook
- Topic: weird result hooking GetQueuedCompletionStatus
- Replies: 5
- Views: 11373
Re: weird result hooking GetQueuedCompletionStatus
- Sun Apr 12, 2020 5:31 am
- Forum: madCodeHook
- Topic: weird result hooking GetQueuedCompletionStatus
- Replies: 5
- Views: 11373
weird result hooking GetQueuedCompletionStatus
trying to hook GetQueuedCompletionStatus from microsoft SDK IOCP echo server sample,the detour GetQueuedCompletionStatus just won't get triggered when client connects to the echo server,it only gets triggered when client sends data to the echo server,but from the sample code,GetQueuedCompletionStatu...
- Mon Dec 23, 2019 9:20 pm
- Forum: madCodeHook
- Topic: what would happen
- Replies: 2
- Views: 9059
what would happen
the EncodePointer() isn't exported from kernel32.dll on windows 2k.if I use madhook to hook this API and redirect the call to my own code such as Detour_EncodePointer,when an application runs on windows 2k and call EncodePointer(),would my code Detour_EncodePointer get called?(assume my dll with hoo...
- Sat Dec 14, 2019 6:18 pm
- Forum: madCodeHook
- Topic: Is it possible to hook un-exported function
- Replies: 2
- Views: 9520
Is it possible to hook un-exported function
#include <windows.h>
#include <stdio.h>
bool TestFunction()
{
..............
return true;
}
int main(int argc,char *argv[])
{
TestFunction();
return 0;
}
Is it possible to hook TestFunction() in the above program with madcodehook?if so,how?
#include <stdio.h>
bool TestFunction()
{
..............
return true;
}
int main(int argc,char *argv[])
{
TestFunction();
return 0;
}
Is it possible to hook TestFunction() in the above program with madcodehook?if so,how?
- Sun Dec 08, 2019 4:39 am
- Forum: madCodeHook
- Topic: how to hook ConnectEx
- Replies: 1
- Views: 8507
Re: how to hook ConnectEx
Got it with HookCode.
- Sun Dec 08, 2019 4:17 am
- Forum: madCodeHook
- Topic: how to hook ConnectEx
- Replies: 1
- Views: 8507
how to hook ConnectEx
HookAPI doesn't seem to work on ConnectEx,AcceptEx and etc.
- Thu Nov 21, 2019 1:26 am
- Forum: madCodeHook
- Topic: hookAPI() return issue
- Replies: 11
- Views: 16472
Re: hookAPI() return issue
I guess I could do that, but it would really only help during development, but it would not improve anything on the PC of the end user, or would it? it would be very helpful since windows have so many versions now and even MSDN can't provide the correct info about which API exported from which syst...
- Wed Nov 20, 2019 4:56 pm
- Forum: madCodeHook
- Topic: hookAPI() return issue
- Replies: 11
- Views: 16472
Re: hookAPI() return issue
Maybe it should. But there could be situations where you want a different behaviour. For example, let's say you do "HookAPI(weird.dll, weirdApi)", and let's say that there are different versions of "weird.dll" around, some of which export the "weirdApi" and some don't....
- Tue Nov 19, 2019 10:18 pm
- Forum: madCodeHook
- Topic: Hooking RtlCopyMemory crash
- Replies: 13
- Views: 16901
Re: Hooking RtlCopyMemory crash
it works if removing the OutputDebugPrintf("RtlCopyMemory Called");
- Tue Nov 19, 2019 3:32 am
- Forum: madCodeHook
- Topic: Hooking RtlCopyMemory crash
- Replies: 13
- Views: 16901
Re: Hooking RtlCopyMemory crash
#pragma warning(disable : 4995) #define _CRT_SECURE_NO_WARNINGS #include <Windows.h> #include <stdio.h> #include "MadHook.h" #if defined _M_X64 #pragma comment(lib,"madHookx64.lib") #elif defined _M_IX86 #pragma comment(lib,"madHookx32.lib") #endif VOID (WINAPI *Real_Rt...
- Tue Nov 19, 2019 3:17 am
- Forum: madCodeHook
- Topic: Hooking RtlCopyMemory crash
- Replies: 13
- Views: 16901
Re: Hooking RtlCopyMemory crash
your code works fine,but it's an exe file,I am talking about the hook in dll,inject the dll into a running process like notepad.exe,mstsc.exe and etc.
64 bit ntdll.dll exports RtlCopyMemory,and 32 bit ntdll.dll won't export that api,I am sure about it.
64 bit ntdll.dll exports RtlCopyMemory,and 32 bit ntdll.dll won't export that api,I am sure about it.
- Tue Nov 19, 2019 1:01 am
- Forum: madCodeHook
- Topic: Hooking RtlCopyMemory crash
- Replies: 13
- Views: 16901
Re: Hooking RtlCopyMemory crash
Does Real_RtlCopyMemory have WINAPI? Both callback and real hook definitions need the same calling convention, otherwise you crash --Iconic I have tried both with/without WINAPI conversion,same result.I even tried the __cdecl conversion,same result.BTW,it won't only happen in madcodehook,it happens...
- Tue Nov 19, 2019 12:39 am
- Forum: madCodeHook
- Topic: Hooking RtlCopyMemory crash
- Replies: 13
- Views: 16901
Re: Hooking RtlCopyMemory crash
VOID (WINAPI *Real_RtlCopyMemory)(PVOID pDestination,const PVOID pSource,SIZE_T iSize); VOID WINAPI Detour_RtlCopyMemory(PVOID pDestination,const PVOID pSource,SIZE_T iSize); void InstallHook() { LPTSTR lpModule = "ntdll.dll"; LPTSTR lpAPIToHook = "RtlCopyMemory"; HookAPI(lpModul...
- Mon Nov 18, 2019 9:54 pm
- Forum: madCodeHook
- Topic: Hooking RtlCopyMemory crash
- Replies: 13
- Views: 16901
Hooking RtlCopyMemory crash
VOID (WINAPI *Real_RtlCopyMemory)(PVOID pDestination,const PVOID pSource,SIZE_T iSize); VOID WINAPI Detour_RtlCopyMemory(PVOID pDestination,const PVOID pSource,SIZE_T iSize); void InstallHook() { LPTSTR lpModule = "ntdll.dll"; LPTSTR lpAPIToHook = "RtlCopyMemory"; HookAPI(lpModul...
- Mon Nov 18, 2019 9:47 pm
- Forum: madCodeHook
- Topic: hookAPI() return issue
- Replies: 11
- Views: 16472
Re: hookAPI() return issue
HookAPI() requires the name of the module that the API exists in, in this case SetWindowsHookExA() does *not* exist in the export table of ntdll.dll at all. It only exists inside user32.dll so the behavior is completely normal. It will never trigger on ntdll.dll, only when SetWindowsHookExA() is ca...