madshi.net

high quality low level programming
http://forum.madshi.net/

Bug in MCH? CreateProcess hook problem under Win NT 4

http://forum.madshi.net/viewtopic.php?f=7&t=108

Page 1 of 1

Bug in MCH? CreateProcess hook problem under Win NT 4

Posted: Thu Jul 01, 2004 8:07 am
by torstenv
I noticed a problem with hooking CreateProcess under Win NT 4. To reproduce, you can take the program "total commander", which is available at http://www.ghisler.com/download.htm. You can use the MCHDemos and inject HookProcessCreation.dll from "Various Dlls". Now if you start TotalCommander and try to start notepad by using the F4 key, you'll be asked 4 times if you want to allow TotalCommander to start notpad. You can always click OK, but it won't start. If you uninject HookProcessCreation.dll again, it works fine. That's a problem with the MCH, isn't it?

T.

Posted: Thu Jul 01, 2004 1:38 pm
by madshi
I guess it's a problem with the HookProcessCreation.dll. But I'll check it.

Posted: Thu Jul 01, 2004 2:55 pm
by torstenv
madshi wrote:I guess it's a problem with the HookProcessCreation.dll. But I'll check it.
I doubt that, but you probably know best where to look first. Anyway, I think the problem is more likely to be in the MCH stuff somewhere, because this problem arose when we were trying to hook CreateProcess and had troubles. I just pointed to the MCHDemos, because it's easily reproducible and it proves that the problem cannot be in one of our routines.

T.

Posted: Thu Jul 01, 2004 3:46 pm
by madshi
Kind of found the problem. If I remove the MessageBoxW call from the HookProcessCreation.dll demo, everything works as expected. I suspect that MessageBoxW internally does some wide<->ansi conversion and thus violates hooking rule 7... :(

Anyway, it's not a bug in madCodeHook. This behaviour is exactly what you get when hooking rule 7 is violated.

http://help.madshi.net/HookingRules.htm

I wish I could work around this problem, but I don't know how. Would have to patch Windows itself to get this solved. You'd have the very same problem with any other API hooking package, too.

Posted: Thu Jul 01, 2004 5:23 pm
by madshi
P.S: MessageBoxW internalls calls "RegQueryValueExA" in NT4. Don't ask me why, but this is the reason for the problems in the HookProcessCreation.dll (violation of hooking rule 7, as mentioned before).

Posted: Thu Jul 01, 2004 6:40 pm
by torstenv
madshi wrote:P.S: MessageBoxW internalls calls "RegQueryValueExA" in NT4. Don't ask me why, but this is the reason for the problems in the HookProcessCreation.dll (violation of hooking rule 7, as mentioned before).
Thx, that seemed to have helped.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited