Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Oct 20 08:24
    zengfr commented #351
  • Oct 20 08:15
    zengfr commented #351
  • Oct 20 03:39
    zengfr commented #351
  • Oct 20 03:37
    zengfr commented #351
  • Oct 20 03:35
    zengfr closed #350
  • Oct 20 03:31
    zengfr commented #351
  • Oct 20 03:30
    zengfr commented #351
  • Oct 20 03:28
    zengfr commented #351
  • Oct 20 03:28
    zengfr commented #351
  • Oct 20 03:27
    zengfr commented #351
  • Oct 20 03:25
    zengfr commented #351
  • Oct 19 14:54
    zengfr commented #351
  • Oct 19 14:52
    zengfr commented #351
  • Oct 19 13:40
    zengfr commented #351
  • Oct 19 13:40
    zengfr commented #351
  • Oct 19 13:39
    zengfr commented #351
  • Oct 19 12:45
    spazzarama commented #351
  • Oct 19 12:18
    zengfr commented #351
  • Oct 19 12:16
    zengfr commented #351
  • Oct 19 12:14
    zengfr commented #351
Justin Stenning
@spazzarama
@catmanjan make sure you have the correct calling convention and parameters, that is usually the cause of crashes when the hook is triggered.
@sukhoeing you may need to grab an old version, maybe even from the codeplex site, alternatively you can compile the project yourself.
Justin Stenning
@spazzarama
@sukhoeing take a look at this Fork for XP support: draco1023/EasyHook@2a68236
sukhoeing
@sukhoeing
@spazzarama Thanks so much, I've compiled the project myself and it works.
lsoft
@lsoft
Hi! I'm using EasyHook and have a question. My scope: unmanaged code, local hooks. I need to hide some files from my application. So I decide to hook FindFirstFile and FindNextFile and perform some magic. Interceptions of these functions are sufficient to accomplish my task. My application contains two dlls: main.dll, and hook.dll. Hook.dll hides files for main.dll. For some reason I need to call a genuine win32 FindFIRSTFile function from a FindNEXTFile hook handler. But this call is intercepted by FindFIRSTFile hook handler. It makes big difficulties for me. So my question: is it possible to disable all local hooks for hook.dll, but leave their enabled for main.dll?
Justin Stenning
@spazzarama
If diff threads you can use ACLs, otherwise I would suggest using a mutex to coordinate your code
lsoft
@lsoft
Yeah, I was thinking about threads... Thanks a lot for reply and for EasyHook!
Corey Gwin
@simpleshadow
Hi! New here and to hooking and injecting, so apologize if this question is way off base: Are there any conceivable strategies for injecting a Unity3D application and have it rendered in the target process (i.e. hook into Direct3D like Direct3DHook) ? I'm assuming there's not a way to pull in the UnityEngine and instead would have to write my own Direct3D engine/render that's injected (w/ shaders, etc.) to do something like this?
(Thanks for EasyHook and any suggestions!)
823639792
@823639792
how to hook any thread in my process
where can i find pdb file?
Justin Stenning
@spazzarama
@simpleshadow you could perhaps render from your app and overlay into target app
Justin Stenning
@spazzarama
@823639792
823639792
@823639792
@spazzarama
can i printf stack when use LhBarrierCallStackTrace?
Justin Stenning
@spazzarama
@823639792 any thread you set exclusive acl to 1 or -1 or similar unlikely thread ID
@823639792 there is a fork that adds stack trace support for 64-bit, otherwise 32-bit should be ok
or for the thread if you don't need current thread (usually case especially if injecting) setexclusive with 0
0 == current threadid
823639792
@823639792
@spazzarama LhBarrierCallStackTrace(CallStack, 64, &MethodCount); Can I output CallStack using string?
Justin Stenning
@spazzarama
it has some details that may help you
823639792
@823639792
ok,thanks
Green-Wolf
@Green-Wolf
Good Evening all, I just wanted a quick sanity check to ask if it is it possible to use Easyhook to hook .NET dll's that are in the GAC. I'm wanting to hook the system.net.http dll for the httpclient class. Specifically the getAsync method. Is this possible with easyhook?
Justin Stenning
@spazzarama
@Green-Wolf EasyHook cannot hook managed methods. There was a very early proof of concept that was possible by forcing a re-JIT/hooking the JIT compiler however that hasn't been possible since .NET 3.5 (I believe). It is possible to hook delegates, but that doesn't really help in this situation.
Green-Wolf
@Green-Wolf
Thanks @spazzarama , much appreciated
Michael IV
@SasMaster1980_twitter
Hi All. Anybody here encountered any issues when using native C++ based on Windows SDK 10 (10.0.16299.0) ?
I filed an issue on the github page.What happens is that when I switch from 8.1 to 10 SDK the hook can't find its entry point in the hook DLL.
Justin Stenning
@spazzarama
@SasMaster1980_twitter worked fine for me with 10.0.15063.0, can you try that version (I don't have 10.0.16299.0 SDK installed yet)

@SasMaster1980_twitter I assume your native entry point looks something like:

extern "C" void declspec(dllexport) stdcall NativeInjectionEntryPoint(REMOTE_ENTRY_INFO inRemoteInfo);
void __stdcall NativeInjectionEntryPoint(REMOTE_ENTRY_INFO
inRemoteInfo) {...

Michael IV
@SasMaster1980_twitter
Hmm, will try that version. Yeah, the hook entry point in my app looks like that.
Michael IV
@SasMaster1980_twitter
Well,weird stuff.Today tried it again with 10.0.16299.0 and with the 10.0.15063.0 - and it worked ok. No idea what was wrong. I was messing with this issue yesterday ,like, for 2 hours..
Shit
MechanicalPen
@MechanicalPen
I'm trying to use EasyHook .NET to hook a DLL. It works great except the function I am hooking takes a c++ std::string. I can't figure out how to even pass it back into the original function without it crashing. I tried void*, IntPtr. Any ideas?
MechanicalPen
@MechanicalPen
The original function is bool sf::SoundBuffer::loadFromFile ( const std::string & filename )
Justin Stenning
@spazzarama
@MechanicalPen what does your handler signature look like?
32-/64-bit?
MechanicalPen
@MechanicalPen

[UnmanagedFunctionPointer(CallingConvention.ThisCall, SetLastError = true, CharSet = CharSet.Unicode)] [return: MarshalAs(UnmanagedType.Bool)] unsafe delegate bool SmflAudio2_SoundBuffer_loadFromFile(void* filename);

32 bit.

MechanicalPen
@MechanicalPen
Here's the rest of the relevant code, in case it helps. audioOpenFromFileAddress = LocalHook.GetProcAddress("sfml-audio-2.dll", "?openFromFile@InputSoundFile@sf@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z"); smfl_loadFromFile = Marshal.GetDelegateForFunctionPointer<SmflAudio2_SoundBuffer_loadFromFile>(audioOpenFromFileAddress);
unsafe bool SoundGetFromFileHook(void* filename) { return smfl_loadFromFile(filename); }
Justin Stenning
@spazzarama
@MechanicalPen try adding first param as IntPtr self as well (to store the this object). Filename can just be IntPtr also and no need for unsafe (unless you need it for another reason)
i.e.
[UnmanagedFunctionPointer(CallingConvention.ThisCall, SetLastError = true, CharSet = CharSet.Unicode)] [return: MarshalAs(UnmanagedType.Bool)] delegate bool SmflAudio2_SoundBuffer_loadFromFile(IntPtr self, IntPtr filename);
MechanicalPen
@MechanicalPen
@spazzarama Hey, that worked! So we need to store a pointer to the object when we hook a c++ object's method. (self points at the SoundBuffer in this case, correct?)
Justin Stenning
@spazzarama
@MechanicalPen correct
Jan Martin
@catmanjan
im having an issue hooking into the DoDragDrop event, if I return my own function it works in Firefox and IE, but for some reason I have to drag and drop twice to get chromium based browsers to accept my files - any ideas anyone?
Justin Stenning
@spazzarama
Is it hitting your hook each time?
@catmanjan If you have a very simple hook handler with just a call to the original does it still display the same behaviour?
Jan Martin
@catmanjan
@spazzarama yeah definitely, i believe the first drop is the original behavior - the issue is the original behavior of dropping from outlook to chrome is to reject the file so its hard to tell
it works fully in IE so i suspect a chromium issue, but i cant prove it
simon dimitriadis
@simonides
Hi can anyone help me with a hooked VirtualAlloc issue? I described it in more detail on stackoverflow. https://stackoverflow.com/questions/47844170/hooked-virtualalloc-returns-nullptr-when-called-by-system-dlls