I am trying to hook methods such as CoCreateInstance from Ole32.dll
but office 2016 32bit word, excel, ppt HookAPI fail.
error code : 0x770002
test : win10 64bit / office 32bit
office 2013 CoCreateInstance hook success.
office 2016 another api hook success.
another process hook success.
Are you calling HookAPI with any special flags? How does your HookAPI call look like exactly?
Unfortunately I only have an Office 2010 license, so I'm not sure how I can test Office 2016. Any ideas? Maybe you could create a test VM for me, so that I could reproduce the problem on my PC? You could email me the VM download URL, and of course I would delete the VM after testing is done.
You're saying the problem occurs with Office 32bit. Have you tested Office 64bit? Does the problem occur there, too? (I'm not sure if Office even exists in a 64bit version.)
Which exact madCodeHook build are you using?
I am facing same issue in office 365 on using HookAPI (error code : 0x770002). If I use HookCode hook is getting Installed successfully and working for maximum calls but for File Save Dialogue my callbackFunc is not getting called. Same code is working properly on office 2016 msi.
. This only happens on machine with MS office 365. Hook is successful on machine with office 2016 / 2013.Failed to install hook. NTSTATUS: 0x770002 Description: ole32.dll@CoCreateInstance
I also tried to hook same method (CoCreateInstance ) by calling HookCode, I didn't got any error even on Office 365 machine. Only weird thing which I noticed is that, CoCreateInstance hook is working for all COM interfaces expect IFileDialogue.
Both method ( HookCode and HookApi ) is causing some problem while hooking CoCreateInstance method of ole32.dll. Please suggest me how to solve these issues.
What you're saying is... Hooking CoCreateInstance() only fails with MS Office 365 and only when using HookAPI(), HookCode() succeeds though?
Is this correct or incorrect in its entirety?
What this suggests is that HookCode() did correctly install the hook and allCoCreateInstance hook is working for all COM interfaces expect IFileDialogue.
interfaces can be accessed except for IFileDialog. But, how do you even know
that an instance of IFileDialog is even being instantiated? What if it's now
a newer dialog derived from a different base class or perhaps some custom interface altogether?
How are you checking for IFileDialog, CLSID, IID, both?
It may never even be instantiated. Also, Office 365 might even be calling the different API CoCreateInstanceEx()
The fact that it works with other interfaces tells me the hook is working fine (meaning HookCode() installed it fine, that is)
Now, what is strange is how HookAPI() is not succeeding yet HookCode() is hooking correctly. HookAPI() needs to translate the
API and module name into the correct function pointer and then the behavior becomes very similar to
HookCode()'s internal functionality. We may have to investigate that with Office 365. What do your HookAPI() flags look like?
Are you supplying the parameter with any flags?
Also, if you read above in this same thread, 0x770002 is actually not a real NTSTATUS issued from Windows.
It's a custom error code set when madDisasm determines that that code's structure isn't suitable for stable
hooking. Hence the custom meaning of the error "Code is not Interceptable". But, it is, so we'll need to look
at this most likely. Madshi may have more to say about this though so I don't want to jump to conclusions yet.
I am using API monitor tool ( http://www.rohitab.com/apimonitor ) to trap the calls of CoCreateInstance. I am getting CoCreateInstance for IFIleDialogue in office 365. One thing which I also noticed is that hook only fails when CoCreateInstance is called from mso.dll of office 365.But, how do you even know that an instance of IFileDialog is even being instantiated?