UnHookCode causes access violation
Posted: Tue Mar 29, 2016 9:37 am
Hey,
This is somewhat continuation of "Unhooking on process destroy and manual uninject issues" thread.
In the PROCESS_DETACH I am unhooking all the hooks using UnHookCode().
In case the hooks have been unhooked before PROCESS_DETACH the UnHookCode() function simply fails.
The problem is that in a reproducable scenario unhook of CoCreateInstance causes access violation. The call stack is the following:
ntdll.dll!000000007789afba() Unknown
KernelBase.dll!000007fefd6d1592() Unknown
my_dll.dll!CCodeHook::~CCodeHook(void) C++
my_dll.dll!CCodeHook::`vector deleting destructor'(unsigned int) C++
my_dll.dll!AutoUnhookUninject(struct HINSTANCE__ *) C++
my_dll.dll!UnhookCode() C++
p.s.
IsHookInUse() returns 0.
This is somewhat continuation of "Unhooking on process destroy and manual uninject issues" thread.
In the PROCESS_DETACH I am unhooking all the hooks using UnHookCode().
In case the hooks have been unhooked before PROCESS_DETACH the UnHookCode() function simply fails.
The problem is that in a reproducable scenario unhook of CoCreateInstance causes access violation. The call stack is the following:
ntdll.dll!000000007789afba() Unknown
KernelBase.dll!000007fefd6d1592() Unknown
my_dll.dll!CCodeHook::~CCodeHook(void) C++
my_dll.dll!CCodeHook::`vector deleting destructor'(unsigned int) C++
my_dll.dll!AutoUnhookUninject(struct HINSTANCE__ *) C++
my_dll.dll!UnhookCode() C++
p.s.
IsHookInUse() returns 0.