Error in RegOpenKeyExW Hooking

c++ / delphi package - dll injection and api hooking
Post Reply
LeVuHoang
Posts: 131
Joined: Fri Oct 22, 2004 8:37 am

Error in RegOpenKeyExW Hooking

Post by LeVuHoang »

I tried to hook RegOpenKeyExW API :

Code: Select all

var
  RegOpenKeyExWNext  : function (hKey: HKEY; lpSubKey: PWideChar; ulOptions: DWORD; samDesired: REGSAM; var phkResult: HKEY): Longint; stdcall;

function RegOpenKeyExWCallback(hKey: HKEY; lpSubKey: PWideChar;
  ulOptions: DWORD; samDesired: REGSAM; var phkResult: HKEY): Longint; stdcall;
begin
  Result :=RegOpenKeyExW(hKey, lpSubKey, ulOptions, samDesired, phkResult);
  RenewHook(@RegOpenKeyExWNext);

end; { RegOpenKeyExW }

begin
  HookAPI('advapi32.dll', 'RegOpenKeyExW', @RegOpenKeyExWCallback, @RegOpenKeyExWNext);
end.
While I ran this. My computer restarted. How can I solve this problem ??
Thank you
uall
Posts: 254
Joined: Sun Feb 20, 2005 1:24 pm

Post by uall »

what is RenewHook?
shouldnt it be UnhookAPI?


dont cause an endlesslopp u must call

Result :=RegOpenKeyExWNext(hKey, lpSubKey, ulOptions, samDesired, phkResult);

instead of
Result :=RegOpenKeyExW(hKey, lpSubKey, ulOptions, samDesired, phkResult);

if it doesnt solve the problem try to use HookCode instead
nildo
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am
Contact:

Post by nildo »

HookCode is not necessary. As it's written in MadCodeHook's help, I'll copy here whats the purpose of RenewHook
Some firewall/antivirus programs install API hooks, too. Sometimes they uninstall your hooks. So if you hook often hooked APIs like CreateProcess, you might want to call RenewHook inside of your hook callback function (after you called the next hook), to make sure that your hook is still installed. Don't have fear, it rarely happens that another program is uninstalling your hooks. And if it happens, it only happens for such APIs, which are hooked very often. So normally you don't need to care. RenewHook is only there just in case...
uall
Posts: 254
Joined: Sun Feb 20, 2005 1:24 pm

Post by uall »

ok i thought he want to unhook the API after a call, i didnt know what RenewHook does :>

but problem should be the endlessloop because the Nexthook isnt used
nildo
Posts: 249
Joined: Mon Mar 22, 2004 11:32 am
Contact:

Post by nildo »

uall wrote:but problem should be the endlessloop because the Nexthook isnt used
Yep, that's the problem
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Good catch, uall. I tend to overlook such cases where people call the original API directly instead of OriginalAPINext. Most of the time I only notice that after trying their code on my PC... :D
Post Reply