Page 1 of 1

Unhooking the hooked function throws exception.

PostPosted: Wed Mar 25, 2015 12:55 pm
by sachinware
I am a newbie to madshi hooking api's. I have created a code to hook a function in QTGui4.dll which is of QT framework.
The function is of class
Code: Select all
QPaninter
' ,named
Code: Select all
drawText
. I have hooked it using
Code: Select all
HookCode
function. Function drawText is hooked successfully, but unhooking it gives exception.

Following is my code:
Code: Select all
void MyHook()
{
   __try
   {
       hMod=(HMODULE)GetModuleHandleA("QtGui4.dll");
      
      DWORD drawText = (DWORD)(((DWORD)hMod)+((DWORD)0x001207B0));//4.7.4:QPainter::drawText(class QRect const &,int,class QString const &,class QRect *) : 0x001207B0
      HookCode((PVOID)drawText,NewdrawText ,(PVOID*) &UnhookdrawText);
      
   }
   __except(filter(GetExceptionCode(),GetExceptionInformation(),L"HK_API"))     //catch(...)
   {
      ;
   }
}



Code: Select all
void (WINAPI *  UnhookdrawText) ( const QRect & rectangle, int flags, const QString & text, QRect * boundingRect );
void WINAPI NewdrawText ( const QRect & rectangle, int flags, const QString & text, QRect * boundingRect = 0 )
{
   __try
   {
      
      WriteLog_String(L"NewdrawText",L"Entered  * * * *");
        UnhookdrawText(rectangle,flags,text,boundingRect);
      
   }
   __except(filter(GetExceptionCode(),GetExceptionInformation(),L"DRTXT_API"))     //catch(...)
   {
      ;
   }
}


So , please can anyone tell me what i am making a mistake.Thanx in advance for any help.

Re: Unhooking the hooked function throws exception.

PostPosted: Wed Mar 25, 2015 1:45 pm
by madshi
You mean calling the original function throws an exception? Unhooking would be the moment when you call UnhookCode().

I think your function definition is probably incorrect. You're trying to hook a class method, correct? Such methods have a hidden "This" parameter. Also, are you sure that the calling convention is really WINAPI? That's an usual calling convention for a class method, although it's possible. If it's really WINAPI, then just add a first parameter "LPVOID This", before the "rectangle" parameter, for both NewdrawText and UnhookdrawText, and the problem should go away. If it's not WINAPI, things could get ugly because the default class calling convention usually transports "This" via the ECX register, IIRC, and that's hard to reproduce with a simple hook callback function / nextHook function variable. It's possible, but ugly. But first make sure you figure out the correct calling convention.

Btw, I would suggest to rename "UnhookdrawText" to "NextdrawText" or "OriginaldrawText". madCodeHook does *not* unhook when you try to call the original function, so the name you're using in slightly confusing. The only time madCodeHook unhooks an API/function hook is if you call UnhookCode/API().

Re: Unhooking the hooked function throws exception.

PostPosted: Sat Mar 28, 2015 5:09 am
by iconic
His calling convention is wrong and as Madshi mentioned the "This" pointer is passed in the ECX register and not on the stack. Check out __thiscall convention here https://msdn.microsoft.com/en-us/library/ek8tkfbw.aspx

--Iconic

Re: Unhooking the hooked function throws exception.

PostPosted: Mon Apr 13, 2015 1:45 pm
by sachinware
Thanx . For your valuable help .I cleared some of my miss conceptions from your answers .That's right , that the calling convention i was using was wrong . After some research i came to know that class member functions generally follows
Code: Select all
__thiscall
calling convention, but it did not worked for me . So i hooked using different calling conventions one by one and succeeded on
Code: Select all
__fastcall
calling convention and it worked fine for me . Also i needed to add first two parameters as void pointers ,in which first is This pointer.

Here is my working code :

Code: Select all
 void (__fastcall *  UnhookdrawText) (void * This, void *noUse, const QRect & rectangle, int flags, const QString & text, QRect * boundingRect );
    void __fastcall NewdrawText (void * This, void *noUse, const QRect & rectangle, int flags, const QString & text, QRect * boundingRect = 0 )
    {
       __try
       {
         
          WriteLog_String(L"NewdrawText",L"Entered  * * * *");
            UnhookdrawText(This,noUse,rectangle,flags,text,boundingRect);
         
       }
       __except(filter(GetExceptionCode(),GetExceptionInformation(),L"DRTXT_API"))     //catch(...)
       {
          ;
       }
    }





Thanx for the help !!!! :crazy: :blush: :blush: :blush: