Unhooking the hooked function throws exception.

c++ / delphi package - dll injection and api hooking
Post Reply
sachinware
Posts: 2
Joined: Wed Mar 25, 2015 12:30 pm

Unhooking the hooked function throws exception.

Post by sachinware »

I am a newbie to madshi hooking api's. I have created a code to hook a function in QTGui4.dll which is of QT framework.
The function is of class

Code: Select all

QPaninter
' ,named

Code: Select all

drawText
. I have hooked it using

Code: Select all

HookCode 
function. Function drawText is hooked successfully, but unhooking it gives exception.

Following is my code:

Code: Select all

void MyHook()
{
	__try 
	{
		 hMod=(HMODULE)GetModuleHandleA("QtGui4.dll");
		
		DWORD drawText = (DWORD)(((DWORD)hMod)+((DWORD)0x001207B0));//4.7.4:QPainter::drawText(class QRect const &,int,class QString const &,class QRect *) : 0x001207B0
		HookCode((PVOID)drawText,NewdrawText ,(PVOID*) &UnhookdrawText);
		
	}
	__except(filter(GetExceptionCode(),GetExceptionInformation(),L"HK_API"))     //catch(...)
	{
		;
	}
}

Code: Select all

void (WINAPI *  UnhookdrawText) ( const QRect & rectangle, int flags, const QString & text, QRect * boundingRect );
void WINAPI NewdrawText ( const QRect & rectangle, int flags, const QString & text, QRect * boundingRect = 0 )
{
	__try
	{
		
		WriteLog_String(L"NewdrawText",L"Entered  * * * *");
		  UnhookdrawText(rectangle,flags,text,boundingRect);
		
	}
	__except(filter(GetExceptionCode(),GetExceptionInformation(),L"DRTXT_API"))     //catch(...)
	{
		;
	}
}
So , please can anyone tell me what i am making a mistake.Thanx in advance for any help.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: Unhooking the hooked function throws exception.

Post by madshi »

You mean calling the original function throws an exception? Unhooking would be the moment when you call UnhookCode().

I think your function definition is probably incorrect. You're trying to hook a class method, correct? Such methods have a hidden "This" parameter. Also, are you sure that the calling convention is really WINAPI? That's an usual calling convention for a class method, although it's possible. If it's really WINAPI, then just add a first parameter "LPVOID This", before the "rectangle" parameter, for both NewdrawText and UnhookdrawText, and the problem should go away. If it's not WINAPI, things could get ugly because the default class calling convention usually transports "This" via the ECX register, IIRC, and that's hard to reproduce with a simple hook callback function / nextHook function variable. It's possible, but ugly. But first make sure you figure out the correct calling convention.

Btw, I would suggest to rename "UnhookdrawText" to "NextdrawText" or "OriginaldrawText". madCodeHook does *not* unhook when you try to call the original function, so the name you're using in slightly confusing. The only time madCodeHook unhooks an API/function hook is if you call UnhookCode/API().
iconic
Site Admin
Posts: 1065
Joined: Wed Jun 08, 2005 5:08 am

Re: Unhooking the hooked function throws exception.

Post by iconic »

His calling convention is wrong and as Madshi mentioned the "This" pointer is passed in the ECX register and not on the stack. Check out __thiscall convention here https://msdn.microsoft.com/en-us/library/ek8tkfbw.aspx

--Iconic
sachinware
Posts: 2
Joined: Wed Mar 25, 2015 12:30 pm

Re: Unhooking the hooked function throws exception.

Post by sachinware »

Thanx . For your valuable help .I cleared some of my miss conceptions from your answers .That's right , that the calling convention i was using was wrong . After some research i came to know that class member functions generally follows

Code: Select all

__thiscall
calling convention, but it did not worked for me . So i hooked using different calling conventions one by one and succeeded on

Code: Select all

__fastcall
calling convention and it worked fine for me . Also i needed to add first two parameters as void pointers ,in which first is This pointer.

Here is my working code :

Code: Select all

 void (__fastcall *  UnhookdrawText) (void * This, void *noUse, const QRect & rectangle, int flags, const QString & text, QRect * boundingRect );
    void __fastcall NewdrawText (void * This, void *noUse, const QRect & rectangle, int flags, const QString & text, QRect * boundingRect = 0 )
    {
       __try
       {
          
          WriteLog_String(L"NewdrawText",L"Entered  * * * *");
            UnhookdrawText(This,noUse,rectangle,flags,text,boundingRect);
          
       }
       __except(filter(GetExceptionCode(),GetExceptionInformation(),L"DRTXT_API"))     //catch(...)
       {
          ;
       }
    }



Thanx for the help !!!! :crazy: :blush: :blush: :blush:
Post Reply