Injection library problem with another hooking program
Posted: Thu Mar 09, 2017 1:17 pm
Hi! Madshi,
I've been using MadCHook 3.1.13 and found something strange
My program and Symantec DLP hooks same process and same GDI Print API.
I've used HookAPI() with no 'dwFlags' and returns true.
But, its behavior seems to skip hooking API
My callback function does nothing, like it never been called.
I've tested these things
- Symantec DLP hooks API first(It means to turn on the DLP). and my program succeeds to hook the same API. DLP works but mine is not working
- My program hooks API first. and Symantec DLP hooks the same API. Both hook functions are working well
- Symantec DLP hooks API first. and my program succeeds to hook the same API with FOLLOW_JMP option. Both hook functions are working well
So, I wondering,
Q1. Are there any cases skipping hook API but returning success?
I saw HookAPI() returns false, but I've never seen like this
Q2. If yes, follow jump option makes do not skipping hook?
I've been using MadCHook 3.1.13 and found something strange
My program and Symantec DLP hooks same process and same GDI Print API.
I've used HookAPI() with no 'dwFlags' and returns true.
But, its behavior seems to skip hooking API
My callback function does nothing, like it never been called.
I've tested these things
- Symantec DLP hooks API first(It means to turn on the DLP). and my program succeeds to hook the same API. DLP works but mine is not working
- My program hooks API first. and Symantec DLP hooks the same API. Both hook functions are working well
- Symantec DLP hooks API first. and my program succeeds to hook the same API with FOLLOW_JMP option. Both hook functions are working well
So, I wondering,
Q1. Are there any cases skipping hook API but returning success?
I saw HookAPI() returns false, but I've never seen like this
Q2. If yes, follow jump option makes do not skipping hook?