HookCode Return False

c++ / delphi package - dll injection and api hooking

HookCode Return False

Postby pambol » Tue Jul 31, 2018 11:25 pm

What can cause a False result on HookCode?
I'm hooking api CloseHandle and CreateFileA.

if not HookCode(@CloseHandle, @CloseHandleHookProc, @TrampolineCloseHandle) then begin
if not HookCode(@CreateFileA, @CreateFileWHookProc, @TrampolineCreateFileW) then begin

But on some customers return false, and on others true.
pambol
 
Posts: 29
Joined: Sat Jun 23, 2018 1:15 am

Re: HookCode Return False

Postby iconic » Tue Jul 31, 2018 11:30 pm

Why aren't you using HookAPI('kernel32.dll', 'CreateFileA', @lpCreateFileACallback, @lpOriginalCreateFileA) ? HookCode() is used mostly used for functions that aren't exported, but can of course do so fine as well. You'd want to use GetProcAddress() and use the returned pointer as HookCode()'s first parameter. HookAPI() can take the DLL name and function name directly without needing you to GetProcAddress() explicitly and is recommended. You should see madCodeHook's available demos and base your hooking projects upon them. You'll see that HookAPI() is used consistently. The way you're calling it may be using the thunk that Delphi generates, to get the real pointer you need GetProcAddress() specifically.

--Iconic
iconic
 
Posts: 846
Joined: Wed Jun 08, 2005 5:08 am

Re: HookCode Return False

Postby madshi » Wed Aug 01, 2018 7:49 am

iconic is right, of course. HookAPI() is always preferred over HookCode().

If HookAPI() also fails, what does GetLastError() say?
madshi
Site Admin
 
Posts: 9826
Joined: Sun Mar 21, 2004 5:25 pm


Return to madCodeHook

Who is online

Users browsing this forum: Baidu [Spider] and 10 guests