hookcode fails in powerpoint for mch3.1.xx

c++ / delphi package - dll injection and api hooking
Post Reply
wali
Posts: 23
Joined: Tue Oct 11, 2016 7:05 am

hookcode fails in powerpoint for mch3.1.xx

Post by wali »

Environment: win7 & win10, office2010&office2013&office2016
mch3.1.11&mch3.1.12&mch3.1.13
Steps:
1.register our add-in, see "NLOfficePEP.dll" in the attached document
2.hookcode afer hookapi when do drag and drop action, see "HookAPI.cpp" in the attached document
3.firstly drag text, succeed.
then drag slides, failed
4. close powerpoint, firstly drag slides succeed.
then drag text, failed

following windbg assemble debug, found that first injection always succeeded, and second injection failed.
what is critical is that HookCode always return TRUE.
Attachments
NLOfficePEP3.7z
before uncompress please rename to NLOfficePEP.7z.003
(21.4 KiB) Downloaded 350 times
NLOfficePEP2.7z
before uncompress please rename to NLOfficePEP.7z.002
(254.94 KiB) Downloaded 319 times
NLOfficePEP1.7z
before uncompress please rename to NLOfficePEP.7z.001
(255.05 KiB) Downloaded 312 times
wali
Posts: 23
Joined: Tue Oct 11, 2016 7:05 am

Re: hookcode fails in powerpoint for mch3.1.xx

Post by wali »

Here is one additional tip that demo works normally for mch 3.0
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: hookcode fails in powerpoint for mch3.1.xx

Post by madshi »

Neither RAR nor 7zip seem to be able to extract the attached 7z files. Maybe my 7zip installation is outdated, but I don't really want to update it at this point. Maybe you can use simple zip format?

What do you mean with "injection" succeeded or failed? Do you mean DLL injection? That doesn't really make a lot of sense to me.

Do you have any more information about the "failed" situation? What does "failed" mean exactly? Does your PC explode in that moment? Does the OS bluescreen? Or how do you decide when things "failed" or "succeeded"?
wali
Posts: 23
Joined: Tue Oct 11, 2016 7:05 am

Re: hookcode fails in powerpoint for mch3.1.xx

Post by wali »

1. I changed 7z files name, because uploading was denied for invalid file type. Before extracting 7z files, just should rename them back, such as NLOfficePEP.7z.001.
Anyway, Attachments are simple rar files.
2. When talking about "injection failed", I mean assemble instruction 'jmp' has not been inserted.
3. No OS bluescreen, No PC explode, just no "jmp" instruction in excepted assemble code.
And "HookCode" returns True.

Thanks!
Attachments
NLOfficePEP.part02.rar
(196.98 KiB) Downloaded 309 times
NLOfficePEP.part01.rar
(255.06 KiB) Downloaded 305 times
wali
Posts: 23
Joined: Tue Oct 11, 2016 7:05 am

Re: hookcode fails in powerpoint for mch3.1.xx

Post by wali »

Any progress? Thank you.
wali
Posts: 23
Joined: Tue Oct 11, 2016 7:05 am

Re: hookcode fails in powerpoint for mch3.1.xx

Post by wali »

It is an urgent problem for the company products of NEXTLAB.
Would you please play more attention to this bug, and give a quick reply?
Thank you!
Last edited by wali on Wed Oct 26, 2016 1:25 am, edited 1 time in total.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: hookcode fails in powerpoint for mch3.1.xx

Post by madshi »

I'm sorry for the late reply. This is high on my to do list, I think I should get to it this week.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: hookcode fails in powerpoint for mch3.1.xx

Post by madshi »

I've tried to reproduce the issue you reported.

I'm having trouble to get "DoDragDrop" to get called at all when trying to drag slides in PowerPoint 2010 x64 on my Windows 8.1 x64 PC. The API gets called fine when dragging text, but not at all when dragging slides, it seems. That's different to your report. Even if I restart PowerPoint and then directly drag slides (without having dragged text first), "DoDragDrop" doesn't seem to be called at all.

Maybe I'm dragging slides in the wrong way? How do you do that? I just simply start with an empty project, then I copy the one and only slide, so I have 2 slides. Then I drag the first slide to the 2nd, so they swap their order. Do you use a different way of slide dragging?

FWIW, your code has one problem that I can see: You're repeatedly calling HookCode(), using the same "NextQueryContinueDrag" function variable, without properly unhooking the old hook before. That's not correct usage. Please try inserting the following code before your HookCode() call. Maybe that already "fixes" the issue?

Code: Select all

	if (NextQueryContinueDrag != NULL)
	{
		UnhookCode((PVOID*)&NextQueryContinueDrag);
		NextQueryContinueDrag = NULL;
	}
wali
Posts: 23
Joined: Tue Oct 11, 2016 7:05 am

Re: hookcode fails in powerpoint for mch3.1.xx

Post by wali »

You are correct, repeated call is the reason.
I am curious why mch 3.0 works fine.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: hookcode fails in powerpoint for mch3.1.xx

Post by madshi »

So the problem is solved?

At some point I think I added a check to detect if the same hook callback function is used repeatedly and to block that. Probably 3.0 doesn't have that check yet.
wali
Posts: 23
Joined: Tue Oct 11, 2016 7:05 am

Re: hookcode fails in powerpoint for mch3.1.xx

Post by wali »

Yes , it is solved.
Thanks.
Post Reply