HooKApi not working

c++ / delphi package - dll injection and api hooking

HooKApi not working

Postby ilkovn » Thu May 26, 2016 2:20 pm

Hello there
i was trying one of the examples in the documantation to be precisely this one http://help.madshi.net/ProcessApi.htm .
I am working on VS 2010 my os windows 10 obviously trying to run the example on c++ and i am with the latest version of madCodeHook
so here is the code i am trying to run
Code: Select all
#include "stdafx.h"
#include <Windows.h>
#include <stdio.h>
#include "madCHook.h"
#include <WinDef.h>
#include <exception>
#include <iostream>

using namespace std;

UINT (WINAPI *WinExecNextHook) (LPCSTR  cmdLine, UINT    showCmd);

UINT WINAPI WinExecHookProc(LPCSTR  cmdLine,UINT    showCmd)
{
   if(MessageBox(0,cmdLine, "Executet?", MB_YESNO | MB_ICONQUESTION)==IDYES)
   {
      return WinExecNextHook(cmdLine, showCmd);
   }
   else
   {
      return ERROR_ACCESS_DENIED;
   }
}



int _tmain(int argc, _TCHAR* argv[])
{
   HookAPI( "kernel32.dll", "WinExec", WinExecHookProc, (PVOID*)&WinExecNextHook );

   WinExec("notepad.exe", SW_SHOWNORMAL);


   UnhookAPI((PVOID*) &WinExecNextHook);

   return 0;
}




and here is the error which occure when run
Unhandled exception at 0x77866d79 in FIRSTTESTWITHMADHOOKS.exe: 0xC0000005: Access violation writing location 0x00000014.



also here is the output
Code: Select all
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'E:\Projects\FIRSTTESTWITHMADHOOKS\Debug\FIRSTTESTWITHMADHOOKS.exe', Symbols loaded.
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\ntdll.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\kernel32.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\KernelBase.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\apphelp.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\user32.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\gdi32.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\advapi32.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\msvcrt.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\sechost.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\rpcrt4.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\sspicli.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\cryptbase.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\bcryptprimitives.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\oleaut32.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\combase.dll', Cannot find or open the PDB file
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\msvcr100d.dll', Symbols loaded.
'FIRSTTESTWITHMADHOOKS.exe': Loaded 'C:\Windows\SysWOW64\imm32.dll', Cannot find or open the PDB file
First-chance exception at 0x77866d79 in FIRSTTESTWITHMADHOOKS.exe: 0xC0000005: Access violation writing location 0x00000014.
Unhandled exception at 0x77866d79 in FIRSTTESTWITHMADHOOKS.exe: 0xC0000005: Access violation writing location 0x00000014.
The program '[5620] FIRSTTESTWITHMADHOOKS.exe: Native' has exited with code 0 (0x0).



Thanks in advance.
ilkovn
 
Posts: 7
Joined: Mon May 09, 2016 10:24 am

Re: HooKApi not working

Postby madshi » Thu May 26, 2016 2:37 pm

In which line is it crashing exactly, if you step through the code in the debugger? Does it reach the code in your hook callback function? Does it try to call MessageBox? Does the MessageBox appear?
madshi
Site Admin
 
Posts: 9265
Joined: Sun Mar 21, 2004 5:25 pm

Re: HooKApi not working

Postby ilkovn » Thu May 26, 2016 2:40 pm

it crashes on
Code: Select all
HookAPI( "kernel32.dll", "WinExec", WinExecHookProc, (PVOID*)&WinExecNextHook );


actually it doesnt step in the code in the callback function at all

and the message doesnt show at all
ilkovn
 
Posts: 7
Joined: Mon May 09, 2016 10:24 am

Re: HooKApi not working

Postby madshi » Thu May 26, 2016 3:09 pm

Oh, the call to InitializeMadCHook() is missing. Delphi users don't need to call that function, but MSVC++ users do.
madshi
Site Admin
 
Posts: 9265
Joined: Sun Mar 21, 2004 5:25 pm

Re: HooKApi not working

Postby ilkovn » Thu May 26, 2016 3:11 pm

so where to put it :D
and i think its time you put some c++ examples mate
Last edited by ilkovn on Thu May 26, 2016 3:13 pm, edited 1 time in total.
ilkovn
 
Posts: 7
Joined: Mon May 09, 2016 10:24 am

Re: HooKApi not working

Postby madshi » Thu May 26, 2016 3:13 pm

It's the initialization function, so it should be the first call to madCodeHook that you make in your program. It doesn't matter where you call it, as long as it's the first madCodeHook API you're calling.

You should see this in all the C++ madCodeHook demos. They're all calling InitializeMadCHook.
madshi
Site Admin
 
Posts: 9265
Joined: Sun Mar 21, 2004 5:25 pm


Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 2 guests