by

## Where communities thrive

• Join over 1.5M+ people
• Join over 100K+ communities
• Free without limits
##### Activity
• May 25 02:12
michaelgorman commented #338
• May 25 02:11
michaelgorman commented #338
• May 23 17:50
Mobles commented #338
• May 23 17:45
Mobles commented #338
• May 23 17:24
Mobles commented #338
• May 05 12:23
michaelgorman edited #338
• May 05 12:22
michaelgorman edited #338
• May 04 20:19
michaelgorman closed #323
• May 04 20:19
michaelgorman commented #323
• May 04 20:07
michaelgorman opened #338
• Apr 26 16:11
zur250 edited #337
• Apr 26 15:54
zur250 opened #337
• Apr 25 16:14
255h opened #336
• Apr 24 16:51
Qibbi commented #335
• Apr 24 16:51
Qibbi commented #335
• Apr 24 16:50
Qibbi commented #335
• Apr 24 16:50
Qibbi commented #335
• Apr 22 05:16

spazzarama on develop

Check for _NativeInjectionEntry… (compare)

• Apr 20 10:58
Crazyx001 commented #335
• Apr 20 10:55
spazzarama commented #335
Justin Stenning
@spazzarama

What could be the possible reasons for this Access Violation error?

@ArunPrasad777 the most common cause is an incorrect method signature or calling convention for your hook handler / delegate.

Hi, I'm having an issue with hooking some 64 bit apis which apparently have an unsupported far jump at the beginning. Is there any way around this limitation? Could EasyHook be extended (by whomever :)) to support this or is there some theoretical reason why supporting it would be infeasible?

@pheber yes it should be possible to extend EasyHook to support this, feel free to raise a feature request.

Completely unrelated I have another question: I have a function in ole32.dll (OleIsCurrentClipboard) which in turn calls another function (GetClipboardOwner) in user32.dll. I want to hook GetClipboardOwner and want the hook to also be called when OleIsCurrentClipboard calls it. API Monitor can hook and modify the underlying call, but when I create a LocalHook in EasyHook, it doesn't get called for the nested call to GetClipboardOwner from OleIsCurrentClipboard. Is there any way to achieve this with the current version of EasyHook?

@pheber what thread ACL do you have setup? I don't see any reason why your scenario wouldn't be supported by EasyHook.

devellysian
@devellysian
hi all, would it be possible to call easyhook from rust?
Justin Stenning
@spazzarama
@devellysian Rust the game? Do you mean would it be possible to use EasyHook to inject and hook into Rust? I haven't tried, injection would depend on whether there are any memory injection protections in place that prevent it. Once injected it should all work correctly.
Philip Heber

@pheber what thread ACL do you have setup? I don't see any reason why your scenario wouldn't be supported by EasyHook.

We have an inclusive ACL for the current thread (SetInclusiveACL(new[] {0})) as API Monitor tells me the nested call is happening on the same thread. Is there anything else that might be wrong with my configuration or could API Monitor be wrong?

Patricio Ferraggi
@Raagh
Is it possible to use easyhook on .net standard library?
Patricio Ferraggi
@Raagh
second question. can I pass an object to the class that we use as interface between the dll and the app? I want to make comunication be hidden behind and interface so it cant be used from different clients
which let me keep a common instance for 2 sides communication and also pass a different interface from each client so that the communication is done different if its from a console, web service or wpf app.
Michael Wegge
@Firedragonweb
Hey there :) Just a quick question: Would it be possible to publish a new nuget version anytime soon-ish, that contains #247 ? We need that functionality and we would rather not switch to our own fork temporarily if possible :)
Justin Stenning
@spazzarama
@Raagh thanks for sharing - might be worth incorporating that into the EasyHook release to make that a bit easier
Justin Stenning
@spazzarama
@Firedragonweb I've merged into develop branch. I am busy until next week - will look at doing a build then.
Nikolaj Mariager
@TinkerWorX
What's the best way to debug an "Unknown error in injected assembler code."? It keeps giving random error codes. I wonder if there's some protection going on: 200209739, 161730857, 100720827
Justin Stenning
@spazzarama
@TinkerWorX does this happen during injection only?
@Raagh I'm looking at that stackoverflow question+answer and I don't see how that differs from just specifying the channelName and allowed client SIDs while passing in the ipcInterface instance.
Justin Stenning
@spazzarama
@Firedragonweb I'm testing the far jump changes for #247 at the moment. Although the changes work in this scenario, I'm not convinced yet that this is a "safe" default behaviour. I'm having a think about enabling a "allow all jumps" flag that allows you to deliberately ignore these conditions under known circumstances.
Justin Stenning
@spazzarama
Since it won't impact existing hooks I'll release the change as-is.
Justin Stenning
@spazzarama
@Firedragonweb that's been released on NuGet
Nikolaj Mariager
@TinkerWorX
@spazzarama Yeah, during injection. I have the simplest code to test it to avoid any other factors.
Justin Stenning
@spazzarama
@TinkerWorX unknown error in assembler code, usually refers to something not working with the code that is injected into the target process. This is a real pain to step through with the debugger, basically you have the target debugged and the host. The starting point is in the host at thread.c line 1292 WriteProcessMemory(hProc, RemoteInjectCode, GetInjectionPtr(), ...). The location is "RemoteInjectCode", so find that location within the target process and open the disassembler and add a break point. That code will be executed by a later call to NtCreateThreadEx.
The remote thread probably is failing to be created...
The ASM that is injected is returned by GetInjectionPtr() - returning either Injection_ASM_x64, or Injection_ASM_x86
Justin Stenning
@spazzarama
@TinkerWorX take a look at this ASM code in HookSpecific_x64/x86.asm, if it is getting as far as running this code then one of the calls in here is probably failing (in the target process - so you will have to have the disassembler window open, and pointing to the correct address from RemoteInjectCode with a break point) .
Nikolaj Mariager
@TinkerWorX
@spazzarama Thanks, I'll see if I can figure it out. Do you think my suspicion of some protection happening could be true?
Justin Stenning
@spazzarama
@TinkerWorX yeah it could be - usually protection will take the form of either allocating memory in the target failing, or LoadLibrary within the ASM code failing.
suncodeer
@suncodeer
Hi everyone , I am a fresher guy on the easyhook
suncodeer
@suncodeer
anybody online?
suncodeer
@suncodeer
anybody online?
Justin Stenning
@spazzarama
Welcome @suncodeer
Just ask questions here if you need to. End of day for me so goodnight
suncodeer
@suncodeer
anybody online?
suncodeer
@suncodeer
suncodeer
@suncodeer
anybody online？
suncodeer
@suncodeer
^_^~~
suncodeer
@suncodeer
@spazzarama I want to use olydb64 to analyze the problem. But hooked method will be canceled. Actually I was a web developer.
I am very fresher guy in the C# area.
You should be busy on some your own problems.
Can you please tell me how to anlayze the problem ? like debug or other tricky methods.
suncodeer
@suncodeer
@spazzarama have a nice day
suncodeer
@suncodeer
-_-~~~ Anybody online ?
suncodeer
@suncodeer
Jerome Haltom
@wasabii
When using EasyHook I consistently get the maanged debugging assistant. Is this normal?
MechanicalPen
@MechanicalPen
@suncodeer If you are hooking into a c++ method of an object, the first memory location is a pointer to the object.
not sure if that is your actual problem but it's what I had to do to get mine working. It looks like:
    [UnmanagedFunctionPointer(CallingConvention.ThisCall, SetLastError = true, CharSet = CharSet.Unicode)]
[return: MarshalAs(UnmanagedType.Bool)]
delegate bool SmflAudio2_SoundBuffer_loadFromFile(IntPtr self, IntPtr filename);

on the c++ side the code looks like;

sf::SoundBuffer buffer; buffer.loadFromFile("sound.wav");

99bobster99
@99bobster99
Hello
How does one convert a project which uses Easyhook (v2.7.6684) to (v2.7.6789)?
Justin Stenning
@spazzarama
6789 is a bug fix release, just update the package from Nuget.
@99bobster99
99bobster99
@99bobster99
Many thanks Justin, I'll try it! Cheers!
99bobster99
@99bobster99
I get his error message, that it is not digitally signed?
\packages\EasyHook.2.7.6789\tools\install.ps1 is not digitally signed. The script will not execute on the system. For more information, see about_Execution_Policies at