i have question error code 0x770002

c++ / delphi package - dll injection and api hooking
iconic
Site Admin
Posts: 1065
Joined: Wed Jun 08, 2005 5:08 am

Re: i have question error code 0x770002

Post by iconic »

Hmmm, have you tried modifying the VMT directly instead of using HookCode() in the case of IFileDialog? In other words, replacing the method address pointer in the virtual method table (VMT) instead of overwriting the method address in memory at the prologue (first few binary bytes, which HookCode does). That should get around any uninterceptable code because the address is replaced to point to your callback directly, much like the way IAT patching works, it's an address replacement inside a table only.

--Iconic
ankur_singh
Posts: 4
Joined: Wed Jan 08, 2020 1:40 pm

Re: i have question error code 0x770002

Post by ankur_singh »

iconic wrote:Hmmm, have you tried modifying the VMT directly instead of using HookCode() in the case of IFileDialog? In other words, replacing the method address pointer in the virtual method table (VMT) instead of overwriting the method address in memory at the prologue (first few binary bytes, which HookCode does). That should get around any uninterceptable code because the address is replaced to point to your callback directly, much like the way IAT patching works, it's an address replacement inside a table only.

--Iconic
Hi Iconic,

I tried using VMT for IFileDialogue::Show and that worked fine. Thanks for your valuable help.
Just had one doubt: "whether there is a possibility of the vtable changing for an Interface (IFileDialogue), say for e.g. When an interface can be created with different CLSIDs."
iconic
Site Admin
Posts: 1065
Joined: Wed Jun 08, 2005 5:08 am

Re: i have question error code 0x770002

Post by iconic »

COM technology has to adhere to contract standards for interoperability (this is a Microsoft derived interface even, not 3rd-party) so the chances are virtually none that the index you're referring to would change in the case of the generic Show() method. IID is more important than CLSID here in your case. IUnknown -> IModalWindow -> IFileDialog should be the inheritance hierarchy (interface wise) with IModalWindow directly exposing the Show() method

--Iconic
Post Reply