HookCode IFileDialog::GetResult problem HELP ME !!
Posted: Thu Oct 27, 2016 1:13 am
I hooked GetResult method to get the dialog's result. (The dialog is created by IFileOpenDialog.- COM Object)
First, I hooked CoCreateInstance using HookAPI and got the address of IFileOpenDialog.
Then, I hooked GetResult method using HookCode.
My source code is shown below.
This is the definition of GetResult method in IFileOpenDialog's vtable.
I defined GetResultCallback and GetResultNext using the definition of GetResult in the vtable.
(GetResults too.)
Then, I tested my source code on notepad.exe application.
At first, I opened 'File Open Dialog' in notepad application. When I selected a file, I got the result successfully.
However, if I open 'File Open Dialog' again, the notepad application dies.
I debugged the code using Windbg.
The program successfully opens the file for the first time.
However, if i try opening 'File Open Dialog' after the first time,
the notepad application dies in CoCreateInstanceNext, which belong to CoCreateInstanceCallback.
=> HRESULT hrResult = CoCreateInstanceNext(rclsid, pUnkOuter, dwClsContext, riid, ppv);
GetResults method does not occur the notepad's close.
That's occurred by GetResult method.(IFileOpenDialog::QueryInterface method too.. I had tested..)
1. Are thetre any problems in my source code?
2. Did I define GetResultCallback and GetResultNext correctly?
3. If there is no problem in my source code, do I need to UnHook the methods that I hooked using HookCode?
4. Please tell me why the notepad application dies. Please QQ...
* I found additional problem
When I hook the GetResult method and GetResults method together, notepad was closed.
But When I hook the GetResult method only, It's no problem.
Why....
First, I hooked CoCreateInstance using HookAPI and got the address of IFileOpenDialog.
Then, I hooked GetResult method using HookCode.
My source code is shown below.
Code: Select all
PVOID GetInterfaceMethod64(PVOID intf, DWORD methodIndex)
{
return *(PVOID*)(*(ULONG_PTR*)intf + methodIndex * sizeof(PVOID));
}
PVOID GetInterfaceMethod(PVOID intf, DWORD methodIndex)
{
return *(PVOID*)(*(DWORD*)intf + methodIndex * 4);
}
// ~Next method definitions
HRESULT(WINAPI *GetResultNext)(IFileOpenDialog * This, IShellItem **ppsi);
HRESULT(WINAPI *GetResultsNext)(IFileOpenDialog * This, IShellItemArray **ppenum);
HRESULT(WINAPI *CoCreateInstanceNext)(REFCLSID rclsid, LPUNKNOWN pUnkOuter, DWORD dwClsContext, REFIID riid, LPVOID *ppv);
// ~Callback method definitions
HRESULT WINAPI GetResultCallback(IFileOpenDialog * This, IShellItem **ppsi)
{
HRESULT hrResult = GetResultNext(This, ppsi);
if (!SUCCEEDED(hrResult)) return hrResult;
DWORD dwPid = GetCurrentProcessId();
GetResultDataHandle(ppsi, dwPid);
OutputDebugString(_T("IFileDialog::GetResult End"));
return hrResult;
}
HRESULT WINAPI GetResultsCallback(IFileOpenDialog * This, IShellItemArray **ppenum)
{
HRESULT hrResult = GetResultsNext(This, ppenum);
if (!SUCCEEDED(hrResult)) return hrResult;
DWORD dwPid = GetCurrentProcessId();
GetResultsDataHandle(ppenum, dwPid);
OutputDebugString(_T("IFileOpenDialog::GetResults End"));
return hrResult;
}
HRESULT WINAPI CoCreateInstanceCallback(
REFCLSID rclsid,
LPUNKNOWN pUnkOuter,
DWORD dwClsContext,
REFIID riid,
LPVOID *ppv
) {
HRESULT hrResult = CoCreateInstanceNext(rclsid, pUnkOuter, dwClsContext, riid, ppv);
if (hrResult == S_OK && rclsid == CLSID_FileOpenDialog) {
LPVOID pGetResult;
LPVOID pGetResults;
#ifdef WIN64
OutputDebugString(_T("[hookofficepro] CoCreateInstance Callback Info : WIN64"));
pGetResult = GetInterfaceMethod64(*ppv, 20);
pGetResults = GetInterfaceMethod64(*ppv, 27);
#else
OutputDebugString(_T("[hookofficepro] CoCreateInstance Callback Info : WIN32"));
pGetResult = GetInterfaceMethod(*ppv, 20);
pGetResults = GetInterfaceMethod(*ppv, 27);
#endif
if (!GetResultNext) {
if (!HookCode(pGetResult, GetResultCallback, (PVOID *)&GetResultNext))
OutputDebugString(_T("IFileDilaog::GetResult Hook Fail"));
else
OutputDebugString(_T("IFileDilaog::GetResult Hook Success"));
}
else
RenewHook((PVOID*)&GetResultNext);
if (!GetResultsNext) {
if (!HookCode(pGetResults, GetResultsCallback, (PVOID *)&GetResultsNext))
OutputDebugString(_T("IFileOpenDilaog::GetResults Hook Fail"));
else
OutputDebugString(_T("IFileOpenDilaog::GetResults Hook Success"));
}
else
RenewHook((PVOID*)&GetResultsNext);
}
return hrResult;
}
// Hook Install & Uninstall
BOOL InstallAPIHook()
{
HookAPI("Ole32.dll", "CoCreateInstance", CoCreateInstanceCallback, (PVOID*)&CoCreateInstanceNext)
return TRUE;
}
void UninstallAPIHook() {
UninstallHookCode(&CoCreateInstanceNext);
return;
}
I defined GetResultCallback and GetResultNext using the definition of GetResult in the vtable.
(GetResults too.)
Code: Select all
typedef struct IFileOpenDialogVtbl
{
BEGIN_INTERFACE
... ...
HRESULT ( STDMETHODCALLTYPE *GetResult )(
__RPC__in IFileOpenDialog * This,
/* [out] */ __RPC__deref_out_opt IShellItem **ppsi);
... ...
HRESULT ( STDMETHODCALLTYPE *GetResults )(
__RPC__in IFileOpenDialog * This,
/* [out] */ __RPC__deref_out_opt IShellItemArray **ppenum);
HRESULT ( STDMETHODCALLTYPE *GetSelectedItems )(
__RPC__in IFileOpenDialog * This,
/* [out] */ __RPC__deref_out_opt IShellItemArray **ppsai);
END_INTERFACE
} IFileOpenDialogVtbl;
Then, I tested my source code on notepad.exe application.
At first, I opened 'File Open Dialog' in notepad application. When I selected a file, I got the result successfully.
However, if I open 'File Open Dialog' again, the notepad application dies.
I debugged the code using Windbg.
The program successfully opens the file for the first time.
However, if i try opening 'File Open Dialog' after the first time,
the notepad application dies in CoCreateInstanceNext, which belong to CoCreateInstanceCallback.
=> HRESULT hrResult = CoCreateInstanceNext(rclsid, pUnkOuter, dwClsContext, riid, ppv);
GetResults method does not occur the notepad's close.
That's occurred by GetResult method.(IFileOpenDialog::QueryInterface method too.. I had tested..)
1. Are thetre any problems in my source code?
2. Did I define GetResultCallback and GetResultNext correctly?
3. If there is no problem in my source code, do I need to UnHook the methods that I hooked using HookCode?
4. Please tell me why the notepad application dies. Please QQ...
* I found additional problem
When I hook the GetResult method and GetResults method together, notepad was closed.
But When I hook the GetResult method only, It's no problem.
Why....