madshi.net

Hey,

This is somewhat continuation of "Unhooking on process destroy and manual uninject issues" thread.

In the PROCESS_DETACH I am unhooking all the hooks using UnHookCode().
In case the hooks have been unhooked before PROCESS_DETACH the UnHookCode() function simply fails.

The problem is that in a reproducable scenario unhook of CoCreateInstance causes access violation. The call stack is the following:
ntdll.dll!000000007789afba() Unknown
KernelBase.dll!000007fefd6d1592() Unknown
my_dll.dll!CCodeHook::~CCodeHook(void) C++
my_dll.dll!CCodeHook::`vector deleting destructor'(unsigned int) C++
my_dll.dll!AutoUnhookUninject(struct HINSTANCE__ *) C++
my_dll.dll!UnhookCode() C++

p.s.
IsHookInUse() returns 0.

Does this still happen with madCodeHook 3.1.11? If so, is there a way for me to reproduce the problem somehow? Or can you somehow find out which source code line in the destructor produces that crash?

1. I do use the latest version. btw, is there a way to verify what is the installed version?

2. I did not succeed in reproducing it on a small scale demo, and I don't have the source code. I can try and produce a dump if you like.

What happens if you compile a debug version? Maybe the stack trace then contains line numbers or something?

no...

Oh well. Please send me a crash dump then. If possible, please use the debug version of your hook dll, and please include the PDB also. Thanks!

Sending by mail...

Also, I've use an IPC mechanism I have to try and unhook before the dll main (before uninjecting the libraries) and it still crashes.