Hooking frequently called Win32 fileio api's ?

[ollie]

Hi folks,
I'm spent the past few hours playing with / evaluating madCodeHook and I have to say I really like it. . I'm playing with hooking some Win32 fileio api's system wide on Win98 and while some are fine, others cause a crash every time. For now my functions are doing nothing except calling the original API. At initial glance it seems that any of the more frequently called API's crash while the one off ones are fine. For example, hooking GetFileAttributes or FindFirstFile crash while infrequent API's like CreateDirectory or MoveFile are fine. I used the FindNextFile example as my base, so FindNextFile works fine .

Has anyone any pointers for me.. or am I missing something ? BTW, I'm still at the evaluating stage so I'm using the dynamic lib.

Thanks in advance for all the advice I'm about to receive.
-Ollie.

[madshi]

Can you create a little demo for me which reproduces the crash? As little as possible, please. Ideal would be just hooking one API and doing in the callback function nothing more but calling the original API.

[ollie]

Hi madshi,
I've included a stripped down version leaving just 2 hooks that builds fine etc. The MoveFile hook works fine but if I enable the GetAttributes hook I'll crash.

Thanks for any advice you can give.
-Ollie.

Code: Select all

#include <windows.h>
#include "madCHook.h"


// ***************************************************************
// ***************************************************************
// ***************************************************************


BOOL    (WINAPI* MoveFileNextHook)	   (LPCTSTR lpExistingFileName,LPCTSTR  lpNewFileName);
DWORD   (WINAPI* GetAttributesANext)    (LPCTSTR  lpFileName);


// ***************************************************************
// ***************************************************************
// ***************************************************************



DWORD GetAttributesAHook(  LPCTSTR  lpFileName)
{
    DWORD result;
    result = GetAttributesANext(lpFileName);
    return result;
}


// ***************************************************************
// ***************************************************************
// ***************************************************************




BOOL WINAPI MoveFileHookProc(LPCTSTR  lpExistingFileName,LPCTSTR  lpNewFileName)
{
    BOOL result;
    char arrCh [11];

    arrCh[0] = 'M';
    arrCh[1] = 'o';
    arrCh[2] = 'v';
    arrCh[3] = 'e';
    arrCh[4] = ' ';
    arrCh[5] = 'F';
    arrCh[6] = 'i';
    arrCh[7] = 'l';
    arrCh[8] = 'e';
    arrCh[9] = '?'; 
    arrCh[10] = 0;  

    if (MessageBox(0, arrCh, arrCh, MB_YESNO | MB_ICONQUESTION) != IDYES) {
        SetLastError(ERROR_ACCESS_DENIED);
        result = false;
    } 
    else
        result = MoveFileNextHook(lpExistingFileName,lpNewFileName);
    return result;
}

// ***************************************************************

BOOL WINAPI DllMain(HANDLE hModule, DWORD fdwReason, LPVOID lpReserved)
{
    if (fdwReason == DLL_PROCESS_ATTACH) {
        // InitializeMadCHook is needed only if you're using the static madCHook.lib
        // InitializeMadCHook();

        // This work fine...
        HookAPI("kernel32.dll", "MoveFileA", MoveFileHookProc, (PVOID*) &MoveFileNextHook);
	
        // Uncommenting this will crash..
       //HookAPI("kernel32.dll", "GetFileAttributesA", GetAttributesAHook, (PVOID*) &GetAttributesANext);
    } 
    else if (fdwReason == DLL_PROCESS_DETACH) {
        // FinalizeMadCHook is needed only if you're using the static madCHook.lib
        // FinalizeMadCHook();
    }
    return true;
}

[madshi]

Code: Select all

DWORD GetAttributesAHook(  LPCTSTR  lpFileName)

You forgot to specify the calling convention!

Besides, when you're using the dynamic lib, you should use InitializeMadCHook and FinalizeMadCHook.

[ollie]

Oh dear... Yep, all is well within my little world again.

Thanks for putting me straight and so promptly too

-Ollie.