Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Mar 29 19:02
    NickAcPT commented #275
  • Mar 29 19:01
    NickAcPT commented #275
  • Mar 29 19:01
    NickAcPT commented #275
  • Mar 29 18:56
    luca2125 opened #332
  • Mar 29 06:58

    spazzarama on develop

    Removing VS2013 from build (compare)

  • Mar 29 06:06

    spazzarama on develop

    Forgot about C# dark ages (compare)

  • Mar 29 05:13

    spazzarama on develop

    Ability to specify EasyHook fil… Merge pull request #331 from sp… (compare)

  • Mar 29 05:13
    spazzarama closed #331
  • Mar 29 05:13
    spazzarama opened #331
  • Mar 29 05:07

    spazzarama on develop

    Restore memory protection on ho… Comment out debug builds for CI Merge pull request #330 from sp… (compare)

  • Mar 29 05:07
    spazzarama closed #330
  • Mar 28 02:21
    spazzarama closed #162
  • Mar 28 02:21
    spazzarama commented #162
  • Mar 25 01:32
    spazzarama closed #18
  • Mar 25 01:31
    spazzarama closed #208
  • Mar 24 09:39
    spazzarama closed #185
  • Mar 24 09:39
    spazzarama closed #184
  • Mar 24 09:38

    spazzarama on develop

    Set minimum NTDDI/WIN32_WINNT t… Update .gitignore (compare)

  • Mar 18 20:29
    spazzarama milestoned #329
  • Mar 18 11:15
    falahati opened #329
Justin Stenning
@spazzarama
@Raagh I'm looking at that stackoverflow question+answer and I don't see how that differs from just specifying the channelName and allowed client SIDs while passing in the ipcInterface instance.
Justin Stenning
@spazzarama
@Firedragonweb I'm testing the far jump changes for #247 at the moment. Although the changes work in this scenario, I'm not convinced yet that this is a "safe" default behaviour. I'm having a think about enabling a "allow all jumps" flag that allows you to deliberately ignore these conditions under known circumstances.
Justin Stenning
@spazzarama
Since it won't impact existing hooks I'll release the change as-is.
Justin Stenning
@spazzarama
@Firedragonweb that's been released on NuGet
Nikolaj Mariager
@TinkerWorX
@spazzarama Yeah, during injection. I have the simplest code to test it to avoid any other factors.
Justin Stenning
@spazzarama
@TinkerWorX unknown error in assembler code, usually refers to something not working with the code that is injected into the target process. This is a real pain to step through with the debugger, basically you have the target debugged and the host. The starting point is in the host at thread.c line 1292 WriteProcessMemory(hProc, RemoteInjectCode, GetInjectionPtr(), ...). The location is "RemoteInjectCode", so find that location within the target process and open the disassembler and add a break point. That code will be executed by a later call to NtCreateThreadEx.
The remote thread probably is failing to be created...
The ASM that is injected is returned by GetInjectionPtr() - returning either Injection_ASM_x64, or Injection_ASM_x86
Justin Stenning
@spazzarama
@TinkerWorX take a look at this ASM code in HookSpecific_x64/x86.asm, if it is getting as far as running this code then one of the calls in here is probably failing (in the target process - so you will have to have the disassembler window open, and pointing to the correct address from RemoteInjectCode with a break point) .
Nikolaj Mariager
@TinkerWorX
@spazzarama Thanks, I'll see if I can figure it out. Do you think my suspicion of some protection happening could be true?
Justin Stenning
@spazzarama
@TinkerWorX yeah it could be - usually protection will take the form of either allocating memory in the target failing, or LoadLibrary within the ASM code failing.
suncodeer
@suncodeer
Hi everyone , I am a fresher guy on the easyhook
suncodeer
@suncodeer
anybody online?
suncodeer
@suncodeer
anybody online?
Justin Stenning
@spazzarama
Welcome @suncodeer
Just ask questions here if you need to. End of day for me so goodnight
suncodeer
@suncodeer
anybody online?
suncodeer
@suncodeer
Could you please help me on the problem of Issue "after hook com & Iexplorer.exe crash"
suncodeer
@suncodeer
anybody online?
suncodeer
@suncodeer
^_^~~
suncodeer
@suncodeer
@spazzarama I want to use olydb64 to analyze the problem. But hooked method will be canceled. Actually I was a web developer.
I am very fresher guy in the C# area.
You should be busy on some your own problems.
Can you please tell me how to anlayze the problem ? like debug or other tricky methods.
suncodeer
@suncodeer
@spazzarama have a nice day
suncodeer
@suncodeer
-_-~~~ Anybody online ?
suncodeer
@suncodeer
@MechanicalPen I find you have got the same problem. can you please help on self pointer?
Jerome Haltom
@wasabii
When using EasyHook I consistently get the maanged debugging assistant. Is this normal?
MechanicalPen
@MechanicalPen
@suncodeer If you are hooking into a c++ method of an object, the first memory location is a pointer to the object.
not sure if that is your actual problem but it's what I had to do to get mine working. It looks like:
    [UnmanagedFunctionPointer(CallingConvention.ThisCall, SetLastError = true, CharSet = CharSet.Unicode)]
    [return: MarshalAs(UnmanagedType.Bool)]
    delegate bool SmflAudio2_SoundBuffer_loadFromFile(IntPtr self, IntPtr filename);

on the c++ side the code looks like;

sf::SoundBuffer buffer; buffer.loadFromFile("sound.wav");

99bobster99
@99bobster99
Hello
How does one convert a project which uses Easyhook (v2.7.6684) to (v2.7.6789)?
Justin Stenning
@spazzarama
6789 is a bug fix release, just update the package from Nuget.
@99bobster99
99bobster99
@99bobster99
Many thanks Justin, I'll try it! Cheers!
99bobster99
@99bobster99
I get his error message, that it is not digitally signed?
\packages\EasyHook.2.7.6789\tools\install.ps1 is not digitally signed. The script will not execute on the system. For more information, see about_Execution_Policies at
http://go.microsoft.com/fwlink/?LinkID=135170.
At line:1 char:3
  • & 'D:\test100\Source (Zhook 2.7.6684 - WinFS v180906)\Win-FS-Reg-Redirect\packag ...
  • ~~~~~~~~~~~~~~~~
    • CategoryInfo : SecurityError: (:) [], PSSecurityException
    • FullyQualifiedErrorId : UnauthorizedAccess
99bobster99
@99bobster99
I was still able to build, but with this newer Easyhook library I now get this error (never got this error on the older 6684 version), would it be because of the lack of digital signature?
There was an error while injecting into target:
System.ApplicationException: STATUS_INTERNAL_ERROR: Unknown error in injected C++ completion routine. (Code: 15)
at EasyHook.RemoteHooking.CreateAndInject(String InEXEPath, String InCommandLine, Int32 InProcessCreationFlags, InjectionOptions InOptions, String InLibraryPath_x86, String InLibraryPath_x64, Int32& OutProcessId, Object[] InPassThruArgs)
at test1.Program.Main(String[] args) in D:\projects\test1\Program.cs:line 57
99bobster99
@99bobster99
This is line 57, which hasn't changed from v2.7.6684, which use to work??
                    // start and inject into a new process
                    EasyHook.RemoteHooking.CreateAndInject(
                        targetExe, // executable to run
                        targetArg, // command line arguments for target
                        0, // additional process creation flags to pass to CreateProcess
                        EasyHook.InjectionOptions.DoNotRequireStrongName, // allow injectionLibrary to be unsigned
                        injectionRegLibrary, // 32-bit library to inject (if target is 32-bit)
                        injectionRegLibrary, // 64-bit library to inject (if target is 64-bit)
                        out targetPID, // retrieve the newly created process ID
                        regChannelName // the parameters to pass into injected library
                                       // ...
                    );
99bobster99
@99bobster99
Never mind, I got it to work out for me! I am a newbie at this and I just learned a great deal about "Set-ExecutionPolicy Unrestricted -Scope Process -Force" and "Update-Package -Reinstall"! Thank you for helping me out on my adventure. :)
Patricio Ferraggi
@Raagh
Is There a way to change the place where you drop the libraries? unless I have them all the in root of my client application
it justs fails on injection
even if I pass the address as a parameter
rgutherz
@rgutherz

Hi,

I'm using the latest EasyHook dll (32 and 64 v2.7.6789.0 ) and I'm hooking WriteConsoleW API successfully on Windows 7. I'm using the same 64 bit dll on Windows 10 and my dll is injected successfully but my hooked function is never called when running on Windows 10.
The LhInstallHook returned successfully when hooked WriteConsoleW from kernel32.dll
The process that I'm trying to hook is cmd.exe on Windows 10.
I debugged the process after my dll was injected and saw that the WindowsConsoleW entry does not contain the trampoline code to point to my WriteConsoleW function.

What can be the problem?
How can I debug it?

Any input on this would be appreciated!

Thanks,
Rony.

I'm using unmanaged code in c++
tostercx
@tostercx
Hey, I just read the tutorials, but I'm a bit confused. The ServerInterface stuff is compiled in the injectable dll but then it seems to be running in the host for the message output? Am I getting this right?
How would I go about getting the data back to the main process that did the injection?
I guess I could make a static list and poll it for data or?
tostercx
@tostercx
I must be missing something here...
tostercx
@tostercx