HookCode Return False

c++ / delphi package - dll injection and api hooking

HookCode Return False

Postby pambol » Tue Jul 31, 2018 11:25 pm

What can cause a False result on HookCode?
I'm hooking api CloseHandle and CreateFileA.

if not HookCode(@CloseHandle, @CloseHandleHookProc, @TrampolineCloseHandle) then begin
if not HookCode(@CreateFileA, @CreateFileWHookProc, @TrampolineCreateFileW) then begin

But on some customers return false, and on others true.
Posts: 44
Joined: Sat Jun 23, 2018 1:15 am

Re: HookCode Return False

Postby iconic » Tue Jul 31, 2018 11:30 pm

Why aren't you using HookAPI('kernel32.dll', 'CreateFileA', @lpCreateFileACallback, @lpOriginalCreateFileA) ? HookCode() is used mostly used for functions that aren't exported, but can of course do so fine as well. You'd want to use GetProcAddress() and use the returned pointer as HookCode()'s first parameter. HookAPI() can take the DLL name and function name directly without needing you to GetProcAddress() explicitly and is recommended. You should see madCodeHook's available demos and base your hooking projects upon them. You'll see that HookAPI() is used consistently. The way you're calling it may be using the thunk that Delphi generates, to get the real pointer you need GetProcAddress() specifically.

Site Admin
Posts: 873
Joined: Wed Jun 08, 2005 5:08 am

Re: HookCode Return False

Postby madshi » Wed Aug 01, 2018 7:49 am

iconic is right, of course. HookAPI() is always preferred over HookCode().

If HookAPI() also fails, what does GetLastError() say?
Site Admin
Posts: 10008
Joined: Sun Mar 21, 2004 5:25 pm

Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 7 guests