NtCreateSection Hook error

c++ / delphi package - dll injection and api hooking
Post Reply
splicer
Posts: 4
Joined: Tue May 02, 2017 4:20 am

NtCreateSection Hook error

Post by splicer »

please, I hope you understand my Level of English (not well)


I want hooking a API(NtCreateSection)

I run bottom the code (By Pass)


-- Execute code

Code: Select all

typedef NTSTATUS(WINAPI NtCreateSection)(
	OUT PHANDLE            SectionHandle,
	IN  ACCESS_MASK        DesiredAccess,
	IN  POBJECT_ATTRIBUTES ObjectAttributes,
	IN  PLARGE_INTEGER     MaximumSize,
	IN  ULONG              SectionPageProtection,
	IN  ULONG              AllocationAttributes,
	IN  HANDLE             FileHandle
	);
NtCreateSection* fpNtCreateSection;

NTSTATUS NtCreateSectionCallback(
	OUT PHANDLE            SectionHandle,
	IN  ACCESS_MASK        DesiredAccess,
	IN  POBJECT_ATTRIBUTES ObjectAttributes,
	IN  PLARGE_INTEGER     MaximumSize,
	IN  ULONG              SectionPageProtection,
	IN  ULONG              AllocationAttributes,
	IN  HANDLE             FileHandle
)
{
	return fpNtCreateSection(SectionHandle, DesiredAccess, ObjectAttributes, MaximumSize, SectionPageProtection, AllocationAttributes, FileHandle);
} 


main()
{
 
	hMapF = CreateFileMapping(
			hF,
			NULL,
			PAGE_READWRITE,
			0,
			0,
			NULL);
        	if (hMapF == NULL)
		{
			printf("CreateFileMapping() fail");
			CloseHandle(hF);
			return 1;
		}

}
However, Unhandled exception occurred with error message
Stack cookie instrumentation code detected a stack-based buffer overrun.

What's happening? :(

How do I Fixed Problem?

How should I take action?



additional
OS Enviroment(Win10 64bit ver1703) complie a MSVC 2015 on /GS option.


Waiting for your answer.

Thank you.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: NtCreateSection Hook error

Post by madshi »

Your NtCreateSectionCallback definition is missing the "WINAPI".
splicer
Posts: 4
Joined: Tue May 02, 2017 4:20 am

Re: NtCreateSection Hook error

Post by splicer »

Goooood :D

problem solved with help you

My Mistake

Thanks.
Post Reply