i have question error code 0x770002

c++ / delphi package - dll injection and api hooking

Re: i have question error code 0x770002

Postby iconic » Thu Jan 09, 2020 7:03 pm

Hmmm, have you tried modifying the VMT directly instead of using HookCode() in the case of IFileDialog? In other words, replacing the method address pointer in the virtual method table (VMT) instead of overwriting the method address in memory at the prologue (first few binary bytes, which HookCode does). That should get around any uninterceptable code because the address is replaced to point to your callback directly, much like the way IAT patching works, it's an address replacement inside a table only.

--Iconic
iconic
Site Admin
 
Posts: 945
Joined: Wed Jun 08, 2005 5:08 am

Re: i have question error code 0x770002

Postby ankur_singh » Mon Jan 27, 2020 5:35 am

iconic wrote:Hmmm, have you tried modifying the VMT directly instead of using HookCode() in the case of IFileDialog? In other words, replacing the method address pointer in the virtual method table (VMT) instead of overwriting the method address in memory at the prologue (first few binary bytes, which HookCode does). That should get around any uninterceptable code because the address is replaced to point to your callback directly, much like the way IAT patching works, it's an address replacement inside a table only.

--Iconic


Hi Iconic,

I tried using VMT for IFileDialogue::Show and that worked fine. Thanks for your valuable help.
Just had one doubt: "whether there is a possibility of the vtable changing for an Interface (IFileDialogue), say for e.g. When an interface can be created with different CLSIDs."
ankur_singh
 
Posts: 4
Joined: Wed Jan 08, 2020 1:40 pm

Re: i have question error code 0x770002

Postby iconic » Mon Jan 27, 2020 7:26 am

COM technology has to adhere to contract standards for interoperability (this is a Microsoft derived interface even, not 3rd-party) so the chances are virtually none that the index you're referring to would change in the case of the generic Show() method. IID is more important than CLSID here in your case. IUnknown -> IModalWindow -> IFileDialog should be the inheritance hierarchy (interface wise) with IModalWindow directly exposing the Show() method

--Iconic
iconic
Site Admin
 
Posts: 945
Joined: Wed Jun 08, 2005 5:08 am

Previous

Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 7 guests