by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Sep 14 02:08
    LostBeard commented #9
  • Sep 14 02:07
    LostBeard commented #9
  • Sep 13 22:46
    spazzarama commented #348
  • Sep 13 22:29
    spazzarama commented #348
  • Sep 13 20:47
    cpast opened #348
  • Sep 09 17:19
    UMU618 commented #347
  • Sep 09 16:31
    UMU618 synchronize #347
  • Sep 09 16:29
    UMU618 opened #347
  • Aug 23 05:12
    spazzarama closed #210
  • Aug 23 05:12
    spazzarama commented #210
  • Aug 23 02:14
    joelvaneenwyk commented #210
  • Aug 03 09:27
    Yangff edited #346
  • Aug 03 09:27
    Yangff edited #346
  • Aug 03 09:26
    Yangff opened #346
  • Jul 23 12:43
    abdullahtoqeer523 opened #345
  • Jul 21 22:11
    spazzarama commented #344
  • Jul 21 13:10
    albgen commented #344
  • Jul 21 13:10
    albgen commented #344
  • Jul 21 12:28
    michaelgorman commented #344
  • Jul 21 12:27
    michaelgorman commented #344
Justin Stenning
@spazzarama
@simpleshadow you could perhaps render from your app and overlay into target app
Justin Stenning
@spazzarama
@823639792
823639792
@823639792
@spazzarama
can i printf stack when use LhBarrierCallStackTrace?
Justin Stenning
@spazzarama
@823639792 any thread you set exclusive acl to 1 or -1 or similar unlikely thread ID
@823639792 there is a fork that adds stack trace support for 64-bit, otherwise 32-bit should be ok
or for the thread if you don't need current thread (usually case especially if injecting) setexclusive with 0
0 == current threadid
823639792
@823639792
@spazzarama LhBarrierCallStackTrace(CallStack, 64, &MethodCount); Can I output CallStack using string?
Justin Stenning
@spazzarama
it has some details that may help you
823639792
@823639792
ok,thanks
Green-Wolf
@Green-Wolf
Good Evening all, I just wanted a quick sanity check to ask if it is it possible to use Easyhook to hook .NET dll's that are in the GAC. I'm wanting to hook the system.net.http dll for the httpclient class. Specifically the getAsync method. Is this possible with easyhook?
Justin Stenning
@spazzarama
@Green-Wolf EasyHook cannot hook managed methods. There was a very early proof of concept that was possible by forcing a re-JIT/hooking the JIT compiler however that hasn't been possible since .NET 3.5 (I believe). It is possible to hook delegates, but that doesn't really help in this situation.
Green-Wolf
@Green-Wolf
Thanks @spazzarama , much appreciated
Michael IV
@SasMaster1980_twitter
Hi All. Anybody here encountered any issues when using native C++ based on Windows SDK 10 (10.0.16299.0) ?
I filed an issue on the github page.What happens is that when I switch from 8.1 to 10 SDK the hook can't find its entry point in the hook DLL.
Justin Stenning
@spazzarama
@SasMaster1980_twitter worked fine for me with 10.0.15063.0, can you try that version (I don't have 10.0.16299.0 SDK installed yet)

@SasMaster1980_twitter I assume your native entry point looks something like:

extern "C" void declspec(dllexport) stdcall NativeInjectionEntryPoint(REMOTE_ENTRY_INFO inRemoteInfo);
void __stdcall NativeInjectionEntryPoint(REMOTE_ENTRY_INFO
inRemoteInfo) {...

Michael IV
@SasMaster1980_twitter
Hmm, will try that version. Yeah, the hook entry point in my app looks like that.
Michael IV
@SasMaster1980_twitter
Well,weird stuff.Today tried it again with 10.0.16299.0 and with the 10.0.15063.0 - and it worked ok. No idea what was wrong. I was messing with this issue yesterday ,like, for 2 hours..
Shit
MechanicalPen
@MechanicalPen
I'm trying to use EasyHook .NET to hook a DLL. It works great except the function I am hooking takes a c++ std::string. I can't figure out how to even pass it back into the original function without it crashing. I tried void*, IntPtr. Any ideas?
MechanicalPen
@MechanicalPen
The original function is bool sf::SoundBuffer::loadFromFile ( const std::string & filename )
Justin Stenning
@spazzarama
@MechanicalPen what does your handler signature look like?
32-/64-bit?
MechanicalPen
@MechanicalPen

[UnmanagedFunctionPointer(CallingConvention.ThisCall, SetLastError = true, CharSet = CharSet.Unicode)] [return: MarshalAs(UnmanagedType.Bool)] unsafe delegate bool SmflAudio2_SoundBuffer_loadFromFile(void* filename);

32 bit.

MechanicalPen
@MechanicalPen
Here's the rest of the relevant code, in case it helps. audioOpenFromFileAddress = LocalHook.GetProcAddress("sfml-audio-2.dll", "?openFromFile@InputSoundFile@sf@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z"); smfl_loadFromFile = Marshal.GetDelegateForFunctionPointer<SmflAudio2_SoundBuffer_loadFromFile>(audioOpenFromFileAddress);
unsafe bool SoundGetFromFileHook(void* filename) { return smfl_loadFromFile(filename); }
Justin Stenning
@spazzarama
@MechanicalPen try adding first param as IntPtr self as well (to store the this object). Filename can just be IntPtr also and no need for unsafe (unless you need it for another reason)
i.e.
[UnmanagedFunctionPointer(CallingConvention.ThisCall, SetLastError = true, CharSet = CharSet.Unicode)] [return: MarshalAs(UnmanagedType.Bool)] delegate bool SmflAudio2_SoundBuffer_loadFromFile(IntPtr self, IntPtr filename);
MechanicalPen
@MechanicalPen
@spazzarama Hey, that worked! So we need to store a pointer to the object when we hook a c++ object's method. (self points at the SoundBuffer in this case, correct?)
Justin Stenning
@spazzarama
@MechanicalPen correct
Jan Martin
@catmanjan
im having an issue hooking into the DoDragDrop event, if I return my own function it works in Firefox and IE, but for some reason I have to drag and drop twice to get chromium based browsers to accept my files - any ideas anyone?
Justin Stenning
@spazzarama
Is it hitting your hook each time?
@catmanjan If you have a very simple hook handler with just a call to the original does it still display the same behaviour?
Jan Martin
@catmanjan
@spazzarama yeah definitely, i believe the first drop is the original behavior - the issue is the original behavior of dropping from outlook to chrome is to reject the file so its hard to tell
it works fully in IE so i suspect a chromium issue, but i cant prove it
simon dimitriadis
@simonides
Hi can anyone help me with a hooked VirtualAlloc issue? I described it in more detail on stackoverflow. https://stackoverflow.com/questions/47844170/hooked-virtualalloc-returns-nullptr-when-called-by-system-dlls
simon dimitriadis
@simonides
Hi, is there an easy way through easyhook to call a function in an already injected dll, from the injector's process?
Justin Stenning
@spazzarama
@simonides EasyHook doesn't provide an IPC framework itself. If managed, .NET provides a number of IPC mechanisms for you (remoting etc). If unmanaged, just google to research the various IPC approaches available to you.
simon dimitriadis
@simonides
Already using pipes, thought there could an easy way in the lib :) Thank you.
Ari Seyhun
@Acidic9
Hello! Is EasyHook suited for memory hacking on Windows?
Justin Stenning
@spazzarama
@Acidic9 EasyHook does not provide any memory pattern search / patching tools. It does provide the ability to inject into a target.
simon dimitriadis
@simonides
Hi, I know how to hook VirtualAlloc but how would I hook operator new? Usual overwriting is not really an option.
Mateus Pimentel
@PimentelMateusw_twitter
someone knows if it's possible to hook native functions from a program? ( not DLL functions )
I want to hook this function:
image.png
but this did not work yet:
image.png