IFileOperation::CopyItems hookcode not work

c++ / delphi package - dll injection and api hooking

IFileOperation::CopyItems hookcode not work

Postby wali » Fri Oct 28, 2016 10:14 am

environment: win7 & win10
mch3.1.12 mch3.1.13
Steps:
1. copy files via explorer.exe

Result:
No "jmp" instruction in excepted assemble code, and "HookCode" returns True.

For mch3.1.11, it works fine.

Attachment is a simple example.
Attachments
Test.rar
(95.43 KiB) Downloaded 63 times
wali
 
Posts: 23
Joined: Tue Oct 11, 2016 7:05 am

Re: IFileOperation::CopyItems hookcode not work

Postby ExPx » Fri Oct 28, 2016 11:06 am

I am working on this issue on x64 windows 10. If any progress i will inform you. You can try api monitor. I see copied item file name in zipfldr.dll calls for now.
ExPx
 
Posts: 13
Joined: Fri Oct 21, 2016 3:20 pm

Re: IFileOperation::CopyItems hookcode not work

Postby madshi » Fri Oct 28, 2016 3:00 pm

Please add a check "(ppv != NULL)", just to be safe.

Using a local "next" variable for your "HookCode()" call is a very bad idea, it will lead to stack corruption at some point. madCodeHook remembers the address of your "next" variable and change it, as long as the hook exists. So please use a global or class variable. One that isn't on the stack.

Also, the way your code works right now, you're calling HookCode() every time a new IID_IFileOperation object is created, but you never unhook anywhere. That's not a good idea. If this actually works as intended, if the Explorer creates 2 IID_IFileOperation objects, your hook callback function will actually be called twice, every time the hooked method is called.

But I don't suppose changing these things will make the test project work, or will it?
madshi
Site Admin
 
Posts: 9431
Joined: Sun Mar 21, 2004 5:25 pm

Re: IFileOperation::CopyItems hookcode not work

Postby wali » Tue Nov 01, 2016 6:36 am

I appreciate your advice, but the attachment just is an example.
It is not solved after changing those things.
wali
 
Posts: 23
Joined: Tue Oct 11, 2016 7:05 am

Re: IFileOperation::CopyItems hookcode not work

Postby wali » Thu Nov 10, 2016 4:37 am

ExPx wrote:I am working on this issue on x64 windows 10. If any progress i will inform you. You can try api monitor. I see copied item file name in zipfldr.dll calls for now.


Hi,
ExPx,
any progress?
wali
 
Posts: 23
Joined: Tue Oct 11, 2016 7:05 am

Re: IFileOperation::CopyItems hookcode not work

Postby wali » Fri Nov 18, 2016 2:25 am

It is an urgent issue for NEXTLABS. We are confused whether MCHook should be updated or not.
Would you please take more attention to this. Thanks.
wali
 
Posts: 23
Joined: Tue Oct 11, 2016 7:05 am

Re: IFileOperation::CopyItems hookcode not work

Postby madshi » Mon Nov 21, 2016 10:10 am

I'm sorry for letting you wait to long. I'll have a look at this in the next 1-2 days.
madshi
Site Admin
 
Posts: 9431
Joined: Sun Mar 21, 2004 5:25 pm

Re: IFileOperation::CopyItems hookcode not work

Postby ExPx » Thu Nov 24, 2016 11:34 am

wali wrote:ExPx,
any progress?



Sorry wali no progress.
ExPx
 
Posts: 13
Joined: Fri Oct 21, 2016 3:20 pm

Re: IFileOperation::CopyItems hookcode not work

Postby wali » Fri Nov 25, 2016 2:41 am

ExPx wrote:
wali wrote:ExPx,
any progress?



Sorry wali no


Have you reproduced the issue ?
wali
 
Posts: 23
Joined: Tue Oct 11, 2016 7:05 am

Re: IFileOperation::CopyItems hookcode not work

Postby madshi » Fri Nov 25, 2016 4:08 pm

I've looked at the test project, but it can't work. There's a function called "Hooked_CoCreateInstance()", but nobody calls this function. It seems there's a HookAPI() call missing which installs a CoCreateInstance() API hook?
madshi
Site Admin
 
Posts: 9431
Joined: Sun Mar 21, 2004 5:25 pm

Re: IFileOperation::CopyItems hookcode not work

Postby wali » Mon Nov 28, 2016 2:54 am

yes, you are right. I miss CoCreateInstance function hook-call.
wali
 
Posts: 23
Joined: Tue Oct 11, 2016 7:05 am

Re: IFileOperation::CopyItems hookcode not work

Postby ExPx » Mon Nov 28, 2016 6:39 pm

My code was based on http://stuani.blogspot.com.tr/2010/01/i ... seven.html example. I traced execution with OutputDebugString and In canPerform_PunkItem function punkItems.QueryInterface checks cant return S_OK. I think something changed on windows10
ExPx
 
Posts: 13
Joined: Fri Oct 21, 2016 3:20 pm

Re: IFileOperation::CopyItems hookcode not work

Postby wali » Tue Nov 29, 2016 1:40 am

Do you think the reason that fires these two problem is same?
Our issue happens on both win7 and win10.
wali
 
Posts: 23
Joined: Tue Oct 11, 2016 7:05 am

Re: IFileOperation::CopyItems hookcode not work

Postby ExPx » Tue Nov 29, 2016 6:29 am

I think we have different problems. Mine works but has some problems.
ExPx
 
Posts: 13
Joined: Fri Oct 21, 2016 3:20 pm

Re: IFileOperation::CopyItems hookcode not work

Postby wali » Fri Dec 02, 2016 6:42 am

I hope you can solve it as quickly.
wali
 
Posts: 23
Joined: Tue Oct 11, 2016 7:05 am

Next

Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 4 guests