Problem hooking DeviceIoControl

c++ / delphi package - dll injection and api hooking
Post Reply
Nobsi
Posts: 3
Joined: Fri Oct 26, 2007 3:33 pm

Problem hooking DeviceIoControl

Post by Nobsi »

I'm using madCodeHook 2.2e now for a while (commercial user, static microsoft library, Visual Studio .NET 2003, C++) with no problems so far.

But today I needed to hook kernel32 DeviceIoControl and running into trouble. I used exactly the same technique like for all my hooks, but already my first base test with a hook which does nothing than call the original function leads to an instable system (XP SP2).

If I start a program after installing the hook (e.g. explorer), I get error messages like "The instruction at 0x77dfc566 referenced memory at 0x00390008. The memory could not be written." After unhooking, programs behave normally again. (Ok, in case of explorer my system is messed up afterwards.)

I looked a thousend times over my code to see if I did some parameter swapping or another silly mistake, but I can find nothing wrong.
Anyway, here is the related code I use:

BOOL (WINAPI *DeviceIoControlNext)(
HANDLE hDevice, DWORD dwIoControlCode, LPVOID lpInBuffer,
DWORD nInBufferSize, LPVOID lpOutBuffer, DWORD nOutBufferSize, LPDWORD lpBytesReturned, LPOVERLAPPED lpOverlapped);

BOOL DeviceIoControlCallback(
HANDLE hDevice, DWORD dwIoControlCode, LPVOID lpInBuffer, DWORD nInBufferSize, LPVOID lpOutBuffer, DWORD nOutBufferSize, LPDWORD lpBytesReturned, LPOVERLAPPED lpOverlapped)
{
// Beep (5000, 10);
return DeviceIoControlNext(hDevice, dwIoControlCode, lpInBuffer,
nInBufferSize, lpOutBuffer, nOutBufferSize, lpBytesReturned, lpOverlapped);
}

.
.
.
InitializeMadCHook();
HookAPI("kernel32.dll", "DeviceIoControl", DeviceIoControlCallback, (PVOID*) &DeviceIoControlNext);
.
.
.

Also tried the flags SAFE_HOOKING and MIXTURE_MODE with no success.

So can masdshi or someone else tell me what goes wrong or if someone could successfully hook this particular API function?

Any help is greatly appreciated!
Nobsi
Posts: 3
Joined: Fri Oct 26, 2007 3:33 pm

Post by Nobsi »

So can at least someone confirm that hooking DeviceIoControl should be possible without problems in XP?
Nobsi
Posts: 3
Joined: Fri Oct 26, 2007 3:33 pm

Post by Nobsi »

So now I can confirm myself that hooking DeviceIoControl is possible!
I simply forgot the WINAPI declaration for my callback handler. If only every problem could be solved so easily...
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Sorry for the late reply. But I see you fixed it yourself already - that's nice!

Forgetting WINAPI happens very often. Whenever somebody reports a problem with an API hook here on the forum, my first check is always whether WINAPI was forgotten... :) So easy to forget. Such bad consequences...
Post Reply