HookCode doesn't work

cata · Post by **cata** » Sat Nov 20, 2004 6:42 pm

Hi everyone,

I can't understand why HookCode fail. Last error return 770002 (maybe is not relevant); Maybe someone can help me.

library DllHook;
{$H-}
uses
Windows,SysUtils,MadCodeHook;

{$R *.res}

var
NextHook: procedure(); stdcall;
Hook1:pointer;

procedure myHook(); stdcall;
begin
asm
mov reg_bh ,bh
mov reg_ebx,ebx
mov reg_eax,eax
mov reg_ecx,ecx
mov reg_edx,edx
mov reg_esi,esi
mov reg_edi,edi
end;
end;

begin
Hook1:=Pointer($EB6E920);
if HookCode(Hook1,@myHook ,@NextHook) then
MessageBox(0,PChar('OK. It is hooked'),PChar('Test'),mb_ok);
MessageBox(0,PChar(Format('%08X',[GetLastError()])),PChar('Test'), mb_ok);
end.

Thanks!

Post by **madshi** » Sun Nov 21, 2004 10:46 am

770002 means "code not interceptable". That means the code at address $EB6E920 is structured in a way that doesn't allow madCodeHook to hook it (without impacting stability).

Are you sure that there's really code at that address and that it's really the beginning of a function? Generally using a hard coded code address is a bad idea, unless you know *exactly* what you're doing.

cata · Post by **cata** » Sun Nov 21, 2004 6:27 pm

Thanks madshi,

Yes, I know what I'm doing. It's not a standard function. The function starts by pushing all registers.
push edi
push esi
push edx
eush ecx
push ebx
push eax
xor ecx,ecx
xor edi,edi
mov cx,ax
cmp ecx,0
jne $eb6e937

Can I force code hooking?

Thanks,
Cata

Post by **madshi** » Sun Nov 21, 2004 6:37 pm

If the function is not exported from a dll/exe, you probably can't hook it, at least not by using any automated hooking package. Maybe you can hook it by manually replacing the binary asm code.

If it's important for you, you can post a disasm of the function you want to hook here. You can use this:

Code: Select all

uses madDisAsm, madExcept;

var strVar : string;
begin
  ParseFunction(pointer($EB6E920), strVar);  // exported by madDisAsm
  FillClipboard(strVar);   // exported by madExcept