Page 1 of 1

HookCode Return False

PostPosted: Tue Jul 31, 2018 11:25 pm
by pambol
What can cause a False result on HookCode?
I'm hooking api CloseHandle and CreateFileA.

if not HookCode(@CloseHandle, @CloseHandleHookProc, @TrampolineCloseHandle) then begin
if not HookCode(@CreateFileA, @CreateFileWHookProc, @TrampolineCreateFileW) then begin

But on some customers return false, and on others true.

Re: HookCode Return False

PostPosted: Tue Jul 31, 2018 11:30 pm
by iconic
Why aren't you using HookAPI('kernel32.dll', 'CreateFileA', @lpCreateFileACallback, @lpOriginalCreateFileA) ? HookCode() is used mostly used for functions that aren't exported, but can of course do so fine as well. You'd want to use GetProcAddress() and use the returned pointer as HookCode()'s first parameter. HookAPI() can take the DLL name and function name directly without needing you to GetProcAddress() explicitly and is recommended. You should see madCodeHook's available demos and base your hooking projects upon them. You'll see that HookAPI() is used consistently. The way you're calling it may be using the thunk that Delphi generates, to get the real pointer you need GetProcAddress() specifically.

--Iconic

Re: HookCode Return False

PostPosted: Wed Aug 01, 2018 7:49 am
by madshi
iconic is right, of course. HookAPI() is always preferred over HookCode().

If HookAPI() also fails, what does GetLastError() say?