Morphous does not get installed

Sanjeev · Post by **Sanjeev** » Thu Nov 25, 2004 8:52 am

Hello,

When I hook SHFileOperationW and SHFileOperationA and install morphous the installation terminates with read

momery error. Please help.. The code written in callback function is attached.

Regards

Sanjeev

int WINAPI SHFileOperationWCallback(LPSHFILEOPSTRUCTW lpFileOp)

{
char *FileNameA={0};
WideToAnsi(lpFileOp->pTo, FileNameA);
WriteFileLog(FileNameA);
if (strlen(FileNameA) > 2 )
{
if ( (!IsAllowed(FileNameA)) || (!IsAllowedFolder(FileNameA)) ) //Even all files and folders allowd then also same problem. simple condition say if(1 != 1) or IsAllowed function simply returns true
{
SetLastError(ERROR_SUCCESS);
return false;
}
else
{
char *as, *as1;
as=strstr(FileNameA,Blocked_Popup[0]);
as1=strstr(FileNameA,".htm");
if ( as != NULL && as1 != NULL )
{
SetLastError(ERROR_SUCCESS);
return false;
}
else
{
int result = SHFileOperationWNext(lpFileOp);
// CreateProcess hooks are used very often, so to be sure we renew the hook
RenewHook((PVOID*) &SHFileOperationWNext);
return result;
}
}
}
else
{
int res = SHFileOperationWNext(lpFileOp);
// CreateProcess hooks are used very often, so to be sure we renew the hook
RenewHook((PVOID*) &SHFileOperationWNext);
return res;
}
}

Sanjeev · Post by **Sanjeev** » Thu Nov 25, 2004 4:16 pm

Any idea? Its urgent please help...

Best Regards
Sanjeev

Post by **madshi** » Sat Nov 27, 2004 9:59 am

Some comments:

(1) I think this is an API which is usually not hooked so often. So I think you don't need those RenewHook calls. They shouldn't harm, though.

(2) What is "Blocked_Popup"?

(3) I'm no C++ expert, but "char *FileNameA={0};" looks strange to me. What exactly does that do? It looks like a simple pointer to me. But "WideToAnsi" expects the destination to be allocated! Just like 99% of all such APIs do.

Sanjeev · Post by **Sanjeev** » Sat Nov 27, 2004 11:56 am

Many thanks for your reply.

If we do not renewhook then also it gives same problem.

Blocked_Popup is an array of char type and we are using only first index (like 0 ) of that array. you can use a simple string like "popup.htm" instead of this.

char *FileNameA={0};

={0} is used to initilize the pointer to the NULL. It is quite similer to the declaretion of the char array (like char FileNameA[255]

If you need I can send you the source code of the dll.

Regards
Sanjeev

Post by **madshi** » Sat Nov 27, 2004 12:43 pm

Sanjeev wrote:={0} is used to initilize the pointer to the NULL. It is quite similer to the declaretion of the char array (like char FileNameA[255]

If I understand that right you're calling WideToAnsi with a NULL pointer. Of course that must crash!

Sanjeev wrote:If you need I can send you the source code of the dll.

Sorry, but I don't have the time for that.

Sanjeev · Post by **Sanjeev** » Sun Nov 28, 2004 10:23 am

I did try according to your sugession. Before calling WideToAnsi I checked the value of pointer but its not working. I made it simple like

int WINAPI SHFileOperationWCallback(LPSHFILEOPSTRUCTW lpFileOp)

{
int result = SHFileOperationWNext(lpFileOp);
// CreateProcess hooks are used very often, so to be sure we renew the hook
//RenewHook((PVOID*) &SHFileOperationWNext);
return result;
}

even then also its not working. I feel problem is with hooking API itself. See if you could help me on this.

I know you dont have time but as you know we do not have source code of API, we can not do this ourself or ask other person. I will appriciate if you can spare some time for this error.

Thanks again
Sanjeev

Post by **madshi** » Sun Nov 28, 2004 10:29 am

Please post the full dll source code.

Sanjeev · Post by **Sanjeev** » Sun Nov 28, 2004 11:06 am

Thanks for prompt reply. This is the simplest code I posted.. Full source code of my dll is sent to you via email.

#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include "madCHook.h"

int (WINAPI *SHFileOperationANext) (LPSHFILEOPSTRUCTA lpFileOp);
int (WINAPI *SHFileOperationWNext) (LPSHFILEOPSTRUCTW lpFileOp);

int (WINAPI *ShellExecuteANext) (HWND hwnd, LPCSTR lpOperation, LPCSTR lpFile, LPCSTR lpParameters, LPCSTR lpDirectory, INT nShowCmd);
int (WINAPI *ShellExecuteWNext) (HWND hwnd, LPCWSTR lpOperation, LPCWSTR lpFile, LPCWSTR lpParameters, LPCWSTR lpDirectory, INT nShowCmd);

int WINAPI SHFileOperationACallback(LPSHFILEOPSTRUCTA lpFileOp)

{
int res = SHFileOperationANext(lpFileOp);

// CreateProcess hooks are used very often, so to be sure we renew the hook
//RenewHook((PVOID*) &SHFileOperationANext);
return res;
}

int WINAPI SHFileOperationWCallback(LPSHFILEOPSTRUCTW lpFileOp)

{
//if (lpFileOp->fFlags != FO_MOVE || lpFileOp->fFlags != FO_COPY || lpFileOp->fFlags != FO_RENAME)
{
int rest1 = SHFileOperationWNext(lpFileOp);
return rest1;
}
}

//Shell Execute
int WINAPI ShellExecuteACallback(HWND hwnd, LPCSTR lpOperation, LPCSTR lpFile, LPCSTR lpParameters, LPCSTR lpDirectory, INT nShowCmd)

{
int result = ShellExecuteANext(hwnd,lpOperation,lpFile,lpParameters,lpDirectory,nShowCmd);

// CreateProcess hooks are used very often, so to be sure we renew the hook
RenewHook((PVOID*) &ShellExecuteANext);
return result;
}

int WINAPI ShellExecuteWCallback(HWND hwnd, LPCWSTR lpOperation, LPCWSTR lpFile, LPCWSTR lpParameters, LPCWSTR lpDirectory, INT nShowCmd)

{

int result = ShellExecuteWNext(hwnd,lpOperation,lpFile,lpParameters,lpDirectory,nShowCmd);

// CreateProcess hooks are used very often, so to be sure we renew the hook
RenewHook((PVOID*) &ShellExecuteWNext);
return result;
}

BOOL WINAPI DllMain(HANDLE hModule, DWORD fdwReason, LPVOID lpReserved)
{
if (fdwReason == DLL_PROCESS_ATTACH)
{

//File Operation
HookAPI("shell32.dll", "SHFileOperationA", SHFileOperationACallback, (PVOID*) &SHFileOperationANext);
HookAPI("shell32.dll", "SHFileOperationW", SHFileOperationWCallback, (PVOID*) &SHFileOperationWNext);

//Shell Execute
HookAPI("shell32.dll", "ShellExecuteA", ShellExecuteACallback, (PVOID*) &ShellExecuteANext);
HookAPI("shell32.dll", "ShellExecuteW", ShellExecuteWCallback, (PVOID*) &ShellExecuteWNext);

}
return true;

}

regards
Sanjeev