I'll try to explain my problem:
I need to inject a library to intercept the spooler printing events, as StartDocPrinterW and SetJobW.
I had success in windows 64-bit to intercept the function calling, but in 32 bit systems (both Windows 2k3 and windows 2008 R2) the spoolsv.exe crash after returning from the injected function.
Please, I need help!
C++ sample code (visual studio 2010):
Code: Select all
// function pointers
DWORD (WINAPI *pStartDocPrinterW_spoolss_dll)(HANDLE hPrinter, DWORD Level, LPBYTE pDocInfo);
BOOL (WINAPI *pSetJobW_spoolss_dll)(HANDLE hPrinter, DWORD JobId, DWORD Level, LPBYTE pJob, DWORD Command);
// hooked functions
DWORD StartDocPrinterW_spoolss_dll(HANDLE hPrinter, DWORD Level, LPBYTE pDocInfo)
{
DWORD result = pStartDocPrinterW_spoolss_dll(hPrinter, Level, pDocInfo);
return result; // <-- crash after this return on 32bit!!!
}
BOOL SetJobW_spoolss_dll(HANDLE hPrinter, DWORD JobId, DWORD Level, LPBYTE pJob, DWORD Command)
{
BOOL result = (pSetJobW_spoolss_dll)(hPrinter, JobId, Level, pJob, Command);
return result; // <-- crash after this return on 32bit!!!
}
// MAIN
BOOL WINAPI DllMain(HANDLE hModule, DWORD fdwReason, LPVOID lpReserved)
{
if (fdwReason == DLL_PROCESS_ATTACH)
{
InitializeMadCHook();
//spoolss.dll
HookAPI("spoolss.dll", "StartDocPrinterW", StartDocPrinterW_spoolss_dll, (PVOID*) &pStartDocPrinterW_spoolss_dll);
HookAPI("spoolss.dll", "SetJobW", SetJobW_spoolss_dll, (PVOID*) &pSetJobW_spoolss_dll);
}
else if (fdwReason == DLL_PROCESS_DETACH)
{
FinalizeMadCHook();
}
return true;
}