by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Sep 28 09:48
    smnkrgr commented #137
  • Sep 28 09:43
    smnkrgr commented #198
  • Sep 14 02:08
    LostBeard commented #9
  • Sep 14 02:07
    LostBeard commented #9
  • Sep 13 22:46
    spazzarama commented #348
  • Sep 13 22:29
    spazzarama commented #348
  • Sep 13 20:47
    cpast opened #348
  • Sep 09 17:19
    UMU618 commented #347
  • Sep 09 16:31
    UMU618 synchronize #347
  • Sep 09 16:29
    UMU618 opened #347
  • Aug 23 05:12
    spazzarama closed #210
  • Aug 23 05:12
    spazzarama commented #210
  • Aug 23 02:14
    joelvaneenwyk commented #210
  • Aug 03 09:27
    Yangff edited #346
  • Aug 03 09:27
    Yangff edited #346
  • Aug 03 09:26
    Yangff opened #346
  • Jul 23 12:43
    abdullahtoqeer523 opened #345
  • Jul 21 22:11
    spazzarama commented #344
  • Jul 21 13:10
    albgen commented #344
  • Jul 21 13:10
    albgen commented #344
Justin Stenning
@spazzarama
it has some details that may help you
823639792
@823639792
okļ¼Œthanks
Green-Wolf
@Green-Wolf
Good Evening all, I just wanted a quick sanity check to ask if it is it possible to use Easyhook to hook .NET dll's that are in the GAC. I'm wanting to hook the system.net.http dll for the httpclient class. Specifically the getAsync method. Is this possible with easyhook?
Justin Stenning
@spazzarama
@Green-Wolf EasyHook cannot hook managed methods. There was a very early proof of concept that was possible by forcing a re-JIT/hooking the JIT compiler however that hasn't been possible since .NET 3.5 (I believe). It is possible to hook delegates, but that doesn't really help in this situation.
Green-Wolf
@Green-Wolf
Thanks @spazzarama , much appreciated
Michael IV
@SasMaster1980_twitter
Hi All. Anybody here encountered any issues when using native C++ based on Windows SDK 10 (10.0.16299.0) ?
I filed an issue on the github page.What happens is that when I switch from 8.1 to 10 SDK the hook can't find its entry point in the hook DLL.
Justin Stenning
@spazzarama
@SasMaster1980_twitter worked fine for me with 10.0.15063.0, can you try that version (I don't have 10.0.16299.0 SDK installed yet)

@SasMaster1980_twitter I assume your native entry point looks something like:

extern "C" void declspec(dllexport) stdcall NativeInjectionEntryPoint(REMOTE_ENTRY_INFO inRemoteInfo);
void __stdcall NativeInjectionEntryPoint(REMOTE_ENTRY_INFO
inRemoteInfo) {...

Michael IV
@SasMaster1980_twitter
Hmm, will try that version. Yeah, the hook entry point in my app looks like that.
Michael IV
@SasMaster1980_twitter
Well,weird stuff.Today tried it again with 10.0.16299.0 and with the 10.0.15063.0 - and it worked ok. No idea what was wrong. I was messing with this issue yesterday ,like, for 2 hours..
Shit
MechanicalPen
@MechanicalPen
I'm trying to use EasyHook .NET to hook a DLL. It works great except the function I am hooking takes a c++ std::string. I can't figure out how to even pass it back into the original function without it crashing. I tried void*, IntPtr. Any ideas?
MechanicalPen
@MechanicalPen
The original function is bool sf::SoundBuffer::loadFromFile ( const std::string & filename )
Justin Stenning
@spazzarama
@MechanicalPen what does your handler signature look like?
32-/64-bit?
MechanicalPen
@MechanicalPen

[UnmanagedFunctionPointer(CallingConvention.ThisCall, SetLastError = true, CharSet = CharSet.Unicode)] [return: MarshalAs(UnmanagedType.Bool)] unsafe delegate bool SmflAudio2_SoundBuffer_loadFromFile(void* filename);

32 bit.

MechanicalPen
@MechanicalPen
Here's the rest of the relevant code, in case it helps. audioOpenFromFileAddress = LocalHook.GetProcAddress("sfml-audio-2.dll", "?openFromFile@InputSoundFile@sf@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z"); smfl_loadFromFile = Marshal.GetDelegateForFunctionPointer<SmflAudio2_SoundBuffer_loadFromFile>(audioOpenFromFileAddress);
unsafe bool SoundGetFromFileHook(void* filename) { return smfl_loadFromFile(filename); }
Justin Stenning
@spazzarama
@MechanicalPen try adding first param as IntPtr self as well (to store the this object). Filename can just be IntPtr also and no need for unsafe (unless you need it for another reason)
i.e.
[UnmanagedFunctionPointer(CallingConvention.ThisCall, SetLastError = true, CharSet = CharSet.Unicode)] [return: MarshalAs(UnmanagedType.Bool)] delegate bool SmflAudio2_SoundBuffer_loadFromFile(IntPtr self, IntPtr filename);
MechanicalPen
@MechanicalPen
@spazzarama Hey, that worked! So we need to store a pointer to the object when we hook a c++ object's method. (self points at the SoundBuffer in this case, correct?)
Justin Stenning
@spazzarama
@MechanicalPen correct
Jan Martin
@catmanjan
im having an issue hooking into the DoDragDrop event, if I return my own function it works in Firefox and IE, but for some reason I have to drag and drop twice to get chromium based browsers to accept my files - any ideas anyone?
Justin Stenning
@spazzarama
Is it hitting your hook each time?
@catmanjan If you have a very simple hook handler with just a call to the original does it still display the same behaviour?
Jan Martin
@catmanjan
@spazzarama yeah definitely, i believe the first drop is the original behavior - the issue is the original behavior of dropping from outlook to chrome is to reject the file so its hard to tell
it works fully in IE so i suspect a chromium issue, but i cant prove it
simon dimitriadis
@simonides
Hi can anyone help me with a hooked VirtualAlloc issue? I described it in more detail on stackoverflow. https://stackoverflow.com/questions/47844170/hooked-virtualalloc-returns-nullptr-when-called-by-system-dlls
simon dimitriadis
@simonides
Hi, is there an easy way through easyhook to call a function in an already injected dll, from the injector's process?
Justin Stenning
@spazzarama
@simonides EasyHook doesn't provide an IPC framework itself. If managed, .NET provides a number of IPC mechanisms for you (remoting etc). If unmanaged, just google to research the various IPC approaches available to you.
simon dimitriadis
@simonides
Already using pipes, thought there could an easy way in the lib :) Thank you.
Ari Seyhun
@Acidic9
Hello! Is EasyHook suited for memory hacking on Windows?
Justin Stenning
@spazzarama
@Acidic9 EasyHook does not provide any memory pattern search / patching tools. It does provide the ability to inject into a target.
simon dimitriadis
@simonides
Hi, I know how to hook VirtualAlloc but how would I hook operator new? Usual overwriting is not really an option.
Mateus Pimentel
@PimentelMateusw_twitter
someone knows if it's possible to hook native functions from a program? ( not DLL functions )
I want to hook this function:
image.png
but this did not work yet:
image.png
Already disabled ASLR btw
image.png
Mateus Pimentel
@PimentelMateusw_twitter
@spazzarama
Mateus Pimentel
@PimentelMateusw_twitter
nvm it worked now
image.png
MechanicalPen
@MechanicalPen
Does anyone have any tips or tricks for accessing a C++ std::string from the C# EasyHook? I'm hooking a method that takes a filename as an argument.
Justin Stenning
@spazzarama
@MechanicalPen what do you need to do with the string? Just read?
@MechanicalPen I THINK in the past I have written a helper structure for dealing with std::string (can't seem to find the code at the moment), but basically you should be able to analyse the memory structure and grab the std::string IntPtr and read into your structure with the help of Marshal.PtrToStringAnsi
MechanicalPen
@MechanicalPen
Yep, I just need to read the string to figure out which file it's trying to load.
putertubbie
@putertubbie
Question: Will having one hooked function calling another hooked function (NtQueryVirtualMemory seems to be calling NtClose internally and I have hooked both) lead to the deadlock I'm seeing? If so; is this due to the "Thread Deadlock Barrier" and, if so; is there anything I can do to work around this? Thanks!