Page 1 of 1

Problem hooking DeviceIoControl

Posted: Fri Oct 26, 2007 4:15 pm
by Nobsi
I'm using madCodeHook 2.2e now for a while (commercial user, static microsoft library, Visual Studio .NET 2003, C++) with no problems so far.

But today I needed to hook kernel32 DeviceIoControl and running into trouble. I used exactly the same technique like for all my hooks, but already my first base test with a hook which does nothing than call the original function leads to an instable system (XP SP2).

If I start a program after installing the hook (e.g. explorer), I get error messages like "The instruction at 0x77dfc566 referenced memory at 0x00390008. The memory could not be written." After unhooking, programs behave normally again. (Ok, in case of explorer my system is messed up afterwards.)

I looked a thousend times over my code to see if I did some parameter swapping or another silly mistake, but I can find nothing wrong.
Anyway, here is the related code I use:

BOOL (WINAPI *DeviceIoControlNext)(
HANDLE hDevice, DWORD dwIoControlCode, LPVOID lpInBuffer,
DWORD nInBufferSize, LPVOID lpOutBuffer, DWORD nOutBufferSize, LPDWORD lpBytesReturned, LPOVERLAPPED lpOverlapped);

BOOL DeviceIoControlCallback(
HANDLE hDevice, DWORD dwIoControlCode, LPVOID lpInBuffer, DWORD nInBufferSize, LPVOID lpOutBuffer, DWORD nOutBufferSize, LPDWORD lpBytesReturned, LPOVERLAPPED lpOverlapped)
{
// Beep (5000, 10);
return DeviceIoControlNext(hDevice, dwIoControlCode, lpInBuffer,
nInBufferSize, lpOutBuffer, nOutBufferSize, lpBytesReturned, lpOverlapped);
}

.
.
.
InitializeMadCHook();
HookAPI("kernel32.dll", "DeviceIoControl", DeviceIoControlCallback, (PVOID*) &DeviceIoControlNext);
.
.
.

Also tried the flags SAFE_HOOKING and MIXTURE_MODE with no success.

So can masdshi or someone else tell me what goes wrong or if someone could successfully hook this particular API function?

Any help is greatly appreciated!

Posted: Sat Oct 27, 2007 9:24 am
by Nobsi
So can at least someone confirm that hooking DeviceIoControl should be possible without problems in XP?

Posted: Mon Oct 29, 2007 10:14 am
by Nobsi
So now I can confirm myself that hooking DeviceIoControl is possible!
I simply forgot the WINAPI declaration for my callback handler. If only every problem could be solved so easily...

Posted: Fri Nov 02, 2007 6:38 pm
by madshi
Sorry for the late reply. But I see you fixed it yourself already - that's nice!

Forgetting WINAPI happens very often. Whenever somebody reports a problem with an API hook here on the forum, my first check is always whether WINAPI was forgotten... :) So easy to forget. Such bad consequences...