These are chat archives for EasyHook/EasyHook

4th
Aug 2018
Justin Stenning
@spazzarama
Aug 04 2018 07:36
@TinkerWorX unknown error in assembler code, usually refers to something not working with the code that is injected into the target process. This is a real pain to step through with the debugger, basically you have the target debugged and the host. The starting point is in the host at thread.c line 1292 WriteProcessMemory(hProc, RemoteInjectCode, GetInjectionPtr(), ...). The location is "RemoteInjectCode", so find that location within the target process and open the disassembler and add a break point. That code will be executed by a later call to NtCreateThreadEx.
The remote thread probably is failing to be created...
The ASM that is injected is returned by GetInjectionPtr() - returning either Injection_ASM_x64, or Injection_ASM_x86
Justin Stenning
@spazzarama
Aug 04 2018 07:42
@TinkerWorX take a look at this ASM code in HookSpecific_x64/x86.asm, if it is getting as far as running this code then one of the calls in here is probably failing (in the target process - so you will have to have the disassembler window open, and pointing to the correct address from RemoteInjectCode with a break point) .