Hooking PSAPI and crashes

Azmodeus · Post by **Azmodeus** » Tue Oct 05, 2004 7:32 pm

I'm trying to do some basic hooking of psapi.dll functions. However, it will crash every time with just a basic redirect to the original function.

Is there a special command or hooking method that I need to use to hook psapi functions?

Also, when I try to hook

Azmodeus · Post by **Azmodeus** » Tue Oct 05, 2004 7:33 pm

Oh, and yes I am familiar with how HookApi works, as I have other kernel hooks working perfectly. (FYI)

Umm.. well except for trying to hook GetModuleFileName it still crashes the same as the psapi functions, but that is not as important.

Post by **madshi** » Thu Oct 07, 2004 1:46 pm

Can I see some code, please?

In which OS(s) do you get these problems?

Azmodeus · Post by **Azmodeus** » Thu Oct 07, 2004 9:41 pm

Sure, winXP SP2. Tried without SP2 installed.

I am running a MFC dll if it makes any difference.

Code: Select all

// ***************************************************************
//  Empty.dll                 version:  1.0   ·  date: 2003-06-15
//  -------------------------------------------------------------
//  just an empty dll to test dll injection
//  -------------------------------------------------------------
//  Copyright (C) 1999 - 2003 www.madshi.net, All Rights Reserved
// ***************************************************************

// 2003-06-15 1.0  initial release

#define _DEBUG_PSAPI

#include "stdafx.h"
#include "d:\program files\MadCollection\MadCodeHook\DLL\madCHook - static.h"
#include <tlhelp32.h>

#include "LogTrace.h"
CLogTrace cLog;

//// PSAPI - WinNT functions
BOOL WINAPI MyPSAPI_EnumProcessModules(HANDLE hProcess,HMODULE* lphModule,DWORD cb,LPDWORD lpcbNeeded);
	BOOL (WINAPI * OrigPSAPI_EnumProcessModules)(HANDLE hProcess,HMODULE* lphModule,DWORD cb,LPDWORD lpcbNeeded);

BOOL WINAPI MyPSAPI_EnumProcessModules(HANDLE hProcess,HMODULE* lphModule,DWORD cb,LPDWORD lpcbNeeded)
{
	
#ifdef _DEBUG_PSAPI
	cLog.WriteLine("PSAPI_EnumProcessModules");
#endif //_DEBUG

	return OrigPSAPI_EnumProcessModules(hProcess,lphModule,cb,lpcbNeeded);
	
	//TODO finish this function after crashes are fixed.

}

void HookPSAPI(void)
{	    HookAPI("PSAPI.DLL","EnumProcessModules",MyPSAPI_EnumProcessModules,(PVOID*)&OrigPSAPI_EnumProcessModules,MIXTURE_MODE);  //Note, I have tried without Mixture mode also		
}



void Attach(HINSTANCE hInstance)
{  //Called from DLLMain
		InitializeMadCHook(); //I dont think this is used anymore
		HookPSAPI();
}

void Detach(HINSTANCE hInstance)
{  //Called from DLLMain
		FinalizeMadCHook();  //I dont think this is used anymore
}

Again, once I use the DLLInjector to inject the dll, insta system crash and a force reboot.

I have another similar dll running just fine that hooks Kernel32.

Azmodeus · Post by **Azmodeus** » Fri Oct 08, 2004 3:45 am

Update:

I thought I tested on a XP Sp1 machine, but it wasnt. On a SP1 machine, it works perfectly.

Sp2 will crash before a hooked call is even called.

Post by **madshi** » Fri Oct 08, 2004 7:24 am

Which version of madCodeHook are you using? I suggest updating to the latest version:

http://madshi.net/madCollection.exe (2.1.3.0)

Azmodeus · Post by **Azmodeus** » Fri Oct 08, 2004 8:38 am

Yes, latest version 2.1.3.0

Post by **madshi** » Fri Oct 08, 2004 8:45 am

Hmmmm... Could you please try without MFC? If it still crashes without MFC, could you then please mail your project files to me?