HookCode Return False

c++ / delphi package - dll injection and api hooking
Post Reply
pambol
Posts: 50
Joined: Sat Jun 23, 2018 1:15 am

HookCode Return False

Post by pambol »

What can cause a False result on HookCode?
I'm hooking api CloseHandle and CreateFileA.

if not HookCode(@CloseHandle, @CloseHandleHookProc, @TrampolineCloseHandle) then begin
if not HookCode(@CreateFileA, @CreateFileWHookProc, @TrampolineCreateFileW) then begin

But on some customers return false, and on others true.
iconic
Site Admin
Posts: 1065
Joined: Wed Jun 08, 2005 5:08 am

Re: HookCode Return False

Post by iconic »

Why aren't you using HookAPI('kernel32.dll', 'CreateFileA', @lpCreateFileACallback, @lpOriginalCreateFileA) ? HookCode() is used mostly used for functions that aren't exported, but can of course do so fine as well. You'd want to use GetProcAddress() and use the returned pointer as HookCode()'s first parameter. HookAPI() can take the DLL name and function name directly without needing you to GetProcAddress() explicitly and is recommended. You should see madCodeHook's available demos and base your hooking projects upon them. You'll see that HookAPI() is used consistently. The way you're calling it may be using the thunk that Delphi generates, to get the real pointer you need GetProcAddress() specifically.

--Iconic
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: HookCode Return False

Post by madshi »

iconic is right, of course. HookAPI() is always preferred over HookCode().

If HookAPI() also fails, what does GetLastError() say?
Post Reply