error hooking

c++ / delphi package - dll injection and api hooking

error hooking

Postby arboc » Thu Aug 19, 2004 10:05 pm

why i get this when i hook Shell_NotifyIcon in edonkey2000 but works just fine in overnet (all this in win9x)
EDONKEY2000 provocó un error de protección general
en el módulo USER.EXE de 001e:00001df6.
Registros:
EAX=00000002 CS=16af EIP=00001df6 EFLGS=00000206
EBX=01479008 SS=570f ESP=00008306 EBP=00988316
ECX=00000002 DS=4b0e ESI=0000000c FS=4d97
EDX=00010000 ES=0000 EDI=00000000 GS=0000
Bytes en CS:EIP:
,02x ,02x ,02x ,02x ,02x ,02x ,02x ,02x ,02x ,02x ,02x ,02x ,02x ,02x ,02x ,02x
Volcado de pila:
,08x ,08x ,08x ,08x ,08x ,08x ,08x ,08x ,08x ,08x ,08x ,08x ,08x ,08x ,08x ,08x
arboc
 
Posts: 5
Joined: Thu Aug 19, 2004 9:49 pm

Postby madshi » Fri Aug 20, 2004 10:18 am

Can I see some source code?
madshi
Site Admin
 
Posts: 9880
Joined: Sun Mar 21, 2004 5:25 pm

Postby arboc » Tue Aug 24, 2004 5:20 pm

Sorry i forgot the source in my home, but its just like the DLL example HookTerminateAPIs.dll
arboc
 
Posts: 5
Joined: Thu Aug 19, 2004 9:49 pm

Postby madshi » Wed Aug 25, 2004 6:35 am

Well, HookTerminateAPIs.dll doesn't hook Shell_NotifyIcon, so you must have made some changes... :D
madshi
Site Admin
 
Posts: 9880
Joined: Sun Mar 21, 2004 5:25 pm

Postby arboc » Thu Aug 26, 2004 5:25 pm

here is the code

library HookTerminateAPIs;

{$IMAGEBASE $5a800000}

uses Windows, madCodeHook, madRemote, madStrings;



// ***************************************************************

var Shell_NotifyIconANext : function (dwMessage:DWORD; lpdata:PNOTIFYICONDATA) : bool; stdcall;
Shell_NotifyIconWNext : function (dwMessage:DWORD; lpdata:PNOTIFYICONDATAW) : dword; stdcall;



function Shell_NotifyIconACallback(dwMessage:DWORD; lpdata:PNOTIFYICONDATA) : bool; stdcall;
begin
result := Shell_NotifyIconANext(NIM_DELETE, lpdata);
end;

function Shell_NotifyIconWCallback(dwMessage:DWORD; lpdata:PNOTIFYICONDATAW) : bool; stdcall;
begin
result := Shell_NotifyIconWNext(NIM_DELETE, lpdata);
end;

// ***************************************************************

begin
if GetVersion and $80000000 = 0 then
HookAPI('shell32.dll', 'Shell_NotifyIconW', @Shell_NotifyIconWCallback, @Shell_NotifyIconWNext)
else HookAPI('shell32.dll', 'Shell_NotifyIconA', @Shell_NotifyIconACallback, @Shell_NotifyIconANext);
end.
arboc
 
Posts: 5
Joined: Thu Aug 19, 2004 9:49 pm

Postby madshi » Fri Aug 27, 2004 6:45 am

Does the same crash occur when you just call the original API with unchanged parameters?

function Shell_NotifyIconACallback(dwMessage:DWORD; lpdata:PNOTIFYICONDATA) : bool; stdcall;
begin
result := Shell_NotifyIconANext(dwMessage, lpdata);
end;

function Shell_NotifyIconWCallback(dwMessage:DWORD; lpdata:PNOTIFYICONDATAW) : bool; stdcall;
begin
result := Shell_NotifyIconWNext(dwMessage, lpdata);
end;
madshi
Site Admin
 
Posts: 9880
Joined: Sun Mar 21, 2004 5:25 pm

Postby arboc » Tue Aug 31, 2004 2:15 pm

yes the same crash
arboc
 
Posts: 5
Joined: Thu Aug 19, 2004 9:49 pm

Postby madshi » Tue Aug 31, 2004 2:29 pm

Where can I download this EDONKEY2000 software? Preferable the very same version you're using. If I can reproduce the crash on my PC, I might be able to fix the problem - if it's not a bug in EDONKEY2000.
madshi
Site Admin
 
Posts: 9880
Joined: Sun Mar 21, 2004 5:25 pm

Postby arboc » Thu Sep 02, 2004 2:51 am

you can get it from www.edonkey2000.com
arboc
 
Posts: 5
Joined: Thu Aug 19, 2004 9:49 pm

Postby madshi » Sun Sep 19, 2004 1:52 pm

I think you misunderstood the situation. This crash occurs on my win9x PC with and without the hook dll.

Try it yourself: Boot your win9x PC, do not load your hook dll. Start Donkey2000. Minimize it to the system tray. Start a 2nd instance of Donkey2000. The crash will occur. This has nothing to do with the hook dll.
madshi
Site Admin
 
Posts: 9880
Joined: Sun Mar 21, 2004 5:25 pm


Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 6 guests