HooKApi not working

c++ / delphi package - dll injection and api hooking
Post Reply
ilkovn
Posts: 7
Joined: Mon May 09, 2016 10:24 am

HooKApi not working

Post by ilkovn »

Hello there
i was trying one of the examples in the documantation to be precisely this one http://help.madshi.net/ProcessApi.htm .
I am working on VS 2010 my os windows 10 obviously trying to run the example on c++ and i am with the latest version of madCodeHook
so here is the code i am trying to run

Code: Select all

#include "stdafx.h"
#include <Windows.h>
#include <stdio.h>
#include "madCHook.h"
#include <WinDef.h>
#include <exception>
#include <iostream>

using namespace std;

UINT (WINAPI *WinExecNextHook) (LPCSTR  cmdLine, UINT    showCmd);

UINT WINAPI WinExecHookProc(LPCSTR  cmdLine,UINT    showCmd)
{
	if(MessageBox(0,cmdLine, "Executet?", MB_YESNO | MB_ICONQUESTION)==IDYES)
	{
		return WinExecNextHook(cmdLine, showCmd);
	}
	else
	{
		return ERROR_ACCESS_DENIED;
	}
}



int _tmain(int argc, _TCHAR* argv[])
{
	HookAPI( "kernel32.dll", "WinExec", WinExecHookProc, (PVOID*)&WinExecNextHook );

	WinExec("notepad.exe", SW_SHOWNORMAL);


	UnhookAPI((PVOID*) &WinExecNextHook);

	return 0;
}


and here is the error which occure when run
Unhandled exception at 0x77866d79 in FIRSTTESTWITHMADHOOKS.exe: 0xC0000005: Access violation writing location 0x00000014.

also here is the output

Code: Select all

'FIRSTTESTWITHMADHOOKS.exe': Loaded 'E:\Projects\FIRSTTESTWITHMADHOOKS\Debug\FIRSTTESTWITHMADHOOKS.exe', Symbols loaded.
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\ntdll.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\kernel32.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\KernelBase.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\apphelp.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\user32.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\gdi32.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\advapi32.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\msvcrt.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\sechost.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\rpcrt4.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\sspicli.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\cryptbase.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\bcryptprimitives.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\oleaut32.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\combase.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\msvcr100d.dll', Symbols loaded.
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\imm32.dll', Cannot find or open the PDB file
First-chance exception at 0x77866d79 in FIRSTTESTWITHMADHOOKS.exe: 0xC0000005: Access violation writing location 0x00000014.
Unhandled exception at 0x77866d79 in FIRSTTESTWITHMADHOOKS.exe: 0xC0000005: Access violation writing location 0x00000014.
The program '[5620] FIRSTTESTWITHMADHOOKS.exe: Native' has exited with code 0 (0x0).

Thanks in advance.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: HooKApi not working

Post by madshi »

In which line is it crashing exactly, if you step through the code in the debugger? Does it reach the code in your hook callback function? Does it try to call MessageBox? Does the MessageBox appear?
ilkovn
Posts: 7
Joined: Mon May 09, 2016 10:24 am

Re: HooKApi not working

Post by ilkovn »

it crashes on

Code: Select all

HookAPI( "kernel32.dll", "WinExec", WinExecHookProc, (PVOID*)&WinExecNextHook );
actually it doesnt step in the code in the callback function at all

and the message doesnt show at all
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: HooKApi not working

Post by madshi »

Oh, the call to InitializeMadCHook() is missing. Delphi users don't need to call that function, but MSVC++ users do.
ilkovn
Posts: 7
Joined: Mon May 09, 2016 10:24 am

Re: HooKApi not working

Post by ilkovn »

so where to put it :D
and i think its time you put some c++ examples mate
Last edited by ilkovn on Thu May 26, 2016 3:13 pm, edited 1 time in total.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: HooKApi not working

Post by madshi »

It's the initialization function, so it should be the first call to madCodeHook that you make in your program. It doesn't matter where you call it, as long as it's the first madCodeHook API you're calling.

You should see this in all the C++ madCodeHook demos. They're all calling InitializeMadCHook.
Post Reply