error hooking

c++ / delphi package - dll injection and api hooking
Post Reply
arboc
Posts: 5
Joined: Thu Aug 19, 2004 9:49 pm

error hooking

Post by arboc »

why i get this when i hook Shell_NotifyIcon in edonkey2000 but works just fine in overnet (all this in win9x)
EDONKEY2000 provocó un error de protección general
en el módulo USER.EXE de 001e:00001df6.
Registros:
EAX=00000002 CS=16af EIP=00001df6 EFLGS=00000206
EBX=01479008 SS=570f ESP=00008306 EBP=00988316
ECX=00000002 DS=4b0e ESI=0000000c FS=4d97
EDX=00010000 ES=0000 EDI=00000000 GS=0000
Bytes en CS:EIP:
,02x ,02x ,02x ,02x ,02x ,02x ,02x ,02x ,02x ,02x ,02x ,02x ,02x ,02x ,02x ,02x
Volcado de pila:
,08x ,08x ,08x ,08x ,08x ,08x ,08x ,08x ,08x ,08x ,08x ,08x ,08x ,08x ,08x ,08x
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Can I see some source code?
arboc
Posts: 5
Joined: Thu Aug 19, 2004 9:49 pm

Post by arboc »

Sorry i forgot the source in my home, but its just like the DLL example HookTerminateAPIs.dll
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Well, HookTerminateAPIs.dll doesn't hook Shell_NotifyIcon, so you must have made some changes... :D
arboc
Posts: 5
Joined: Thu Aug 19, 2004 9:49 pm

Post by arboc »

here is the code

library HookTerminateAPIs;

{$IMAGEBASE $5a800000}

uses Windows, madCodeHook, madRemote, madStrings;



// ***************************************************************

var Shell_NotifyIconANext : function (dwMessage:DWORD; lpdata:PNOTIFYICONDATA) : bool; stdcall;
Shell_NotifyIconWNext : function (dwMessage:DWORD; lpdata:PNOTIFYICONDATAW) : dword; stdcall;



function Shell_NotifyIconACallback(dwMessage:DWORD; lpdata:PNOTIFYICONDATA) : bool; stdcall;
begin
result := Shell_NotifyIconANext(NIM_DELETE, lpdata);
end;

function Shell_NotifyIconWCallback(dwMessage:DWORD; lpdata:PNOTIFYICONDATAW) : bool; stdcall;
begin
result := Shell_NotifyIconWNext(NIM_DELETE, lpdata);
end;

// ***************************************************************

begin
if GetVersion and $80000000 = 0 then
HookAPI('shell32.dll', 'Shell_NotifyIconW', @Shell_NotifyIconWCallback, @Shell_NotifyIconWNext)
else HookAPI('shell32.dll', 'Shell_NotifyIconA', @Shell_NotifyIconACallback, @Shell_NotifyIconANext);
end.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Does the same crash occur when you just call the original API with unchanged parameters?

function Shell_NotifyIconACallback(dwMessage:DWORD; lpdata:PNOTIFYICONDATA) : bool; stdcall;
begin
result := Shell_NotifyIconANext(dwMessage, lpdata);
end;

function Shell_NotifyIconWCallback(dwMessage:DWORD; lpdata:PNOTIFYICONDATAW) : bool; stdcall;
begin
result := Shell_NotifyIconWNext(dwMessage, lpdata);
end;
arboc
Posts: 5
Joined: Thu Aug 19, 2004 9:49 pm

Post by arboc »

yes the same crash
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Where can I download this EDONKEY2000 software? Preferable the very same version you're using. If I can reproduce the crash on my PC, I might be able to fix the problem - if it's not a bug in EDONKEY2000.
arboc
Posts: 5
Joined: Thu Aug 19, 2004 9:49 pm

Post by arboc »

you can get it from www.edonkey2000.com
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

I think you misunderstood the situation. This crash occurs on my win9x PC with and without the hook dll.

Try it yourself: Boot your win9x PC, do not load your hook dll. Start Donkey2000. Minimize it to the system tray. Start a 2nd instance of Donkey2000. The crash will occur. This has nothing to do with the hook dll.
Post Reply