These are chat archives for EasyHook/EasyHook

1st
Jun 2016
Andrew
@zezba9000
Jun 01 2016 00:14
Is there an example hooking dll methods like ones coming from D3D11 in a target app?
Looking to hook D3D11 methods in a Unity3D app
The only example I see in the docs is for "drivers" which isn't what i'm looking for
New to hooking...
Andrew
@zezba9000
Jun 01 2016 00:27
I'm guessing I use "RhCreateAndInject"
Any sample code for that?
Justin Stenning
@spazzarama
Jun 01 2016 03:18
@zezba9000 there are C# examples avail in another project that demonstrate Dirct3D hooking in another app (Dirct3DHook) - otherwise RhInjectLibrary for native or LhInstallHook if same process (tutorial for LhInstallHook on website, one pending for remote hook).
Andrew
@zezba9000
Jun 01 2016 16:33
@spazzarama I can't find anything on Google about "Dirct3DHook"? Do you have a link?
I need something more like "RhCreateAndInject" as I need to run some NV_SDK code before D3D11 calls are made.
@spazzarama Found it: "https://github.com/spazzarama/Direct3DHook/tree/master/Capture"
But this is for .NET not native C/C++?
Andrew
@zezba9000
Jun 01 2016 17:58
Never mind, going through the code. Will have to create a paused process for this. Awesome work btw
Andrew
@zezba9000
Jun 01 2016 19:12
@spazzarama Is there an example of how to use "RemoteHooking.CreateAndInject" with a native dll? I'm getting "System.BadImageFormatException"
If I use the native method "RhCreateAndInject" I get a error of "-1073741582" Where are the error code docs?
Andrew
@zezba9000
Jun 01 2016 20:51
How do I define the EntryPoint for the custom dll when used with RhCreateAndInject
Andrew
@zezba9000
Jun 01 2016 21:11
Got it working based on this example: https://github.com/johnstoj/Faultron_EasyHook
Something like that would be great for the docs!
Justin Stenning
@spazzarama
Jun 01 2016 21:37
@zezba9000 thx, also you can get the last error RtlGetLastError (or something like that) I have a task for me to create the remote hook tutorial.
Andrew
@zezba9000
Jun 01 2016 21:38
RhCreateAndInject also returns the error as well but ya tnx!
Andrew
@zezba9000
Jun 01 2016 22:31
@spazzarama RhCreateAndInject is launching the application and invoking the "void __stdcall NativeInjectionEntryPoint(REMOTE_ENTRY_INFO*)" method BUT... Hooking a method only has effect in the dll itself
extern "C" declspec(dllexport) void stdcall NativeInjectionEntryPoint(REMOTE_ENTRY_INFO*)
{
if (overrideBeep()) Beep(500, 500);
RhWakeUpProcess();
}

bool overrideBeep()
{
//auto lib = LoadLibrary(L"kernel32.dll");
//if (lib == nullptr) return false;

auto mod = GetModuleHandle(L"kernel32.dll");
if (mod == nullptr)
{
    cout << "Error: GetModuleHandle" << endl;
    return false;
}

auto proc = GetProcAddress(mod, "Beep");
if (proc == nullptr)
{
    cout << "Error: GetProcAddress" << endl;
    return false;
}

HOOK_TRACE_INFO hook = { NULL };
auto result = LhInstallHook(proc, MyBeep, nullptr, &hook);
if (FAILED(result))
{
    cout << "Error: " << result << endl;
    return 1;
}

// activate hook
ULONG ACLEntries[1] = { 0 };
LhSetInclusiveACL(ACLEntries, 1, &hook);

//FreeLibrary(lib);
return true;

}


BOOL WINAPI MyBeep(DWORD dwFreq, DWORD dwDuration)
{
cout << "Fake Beep" << endl;
return true;
}

As stated that hook works ONLY in the lib. Once I call beep in my test app it doesn't
Test App--------------------
int main()
{
cout << "WOOO" << endl;
Beep(500, 500);
while (true) Sleep(1);
return 0;
}
Justin Stenning
@spazzarama
Jun 01 2016 22:46
@zezba9000 I meant RtlGetLastErrorString so you can understand the error.
@zezba9000 I'll need to take a look at it, but won't happen until the weekend.
Andrew
@zezba9000
Jun 01 2016 23:02
k
Andrew
@zezba9000
Jun 01 2016 23:24
I can give a repo case if needed
Andrew
@zezba9000
Jun 01 2016 23:42
Well I used "LhSetExclusiveACL" instead of "LhSetInclusiveACL" and it works but now it doesn't invoke anything in the hooking lib