Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Sep 19 21:29
    pepeu93 closed #390
  • Sep 19 21:29
    pepeu93 commented #390
  • Sep 19 21:21
    pepeu93 commented #260
  • Sep 19 14:52
    pepeu93 commented #390
  • Sep 19 14:52
    pepeu93 commented #390
  • Sep 19 03:05
    spazzarama commented #390
  • Sep 19 03:04
    spazzarama commented #390
  • Sep 19 03:03
    spazzarama commented #390
  • Sep 19 02:52
    pepeu93 commented #390
  • Sep 19 02:51
    pepeu93 commented #390
  • Sep 19 02:51
    pepeu93 commented #390
  • Sep 19 02:38
    spazzarama commented #390
  • Sep 18 02:30
    pepeu93 commented #390
  • Sep 18 02:29
    pepeu93 commented #390
  • Sep 18 00:18
    pepeu93 commented #390
  • Sep 18 00:18
    spazzarama commented #390
  • Sep 18 00:15
    pepeu93 commented #390
  • Sep 17 23:29
    spazzarama commented #390
  • Sep 17 23:25
    pepeu93 commented #390
  • Sep 17 20:54
    pepeu93 commented #390
Justin Stenning
@spazzarama
@fmiceli24 I’ve replied to your issue, basically that is what RhCreateAndInject is for. When and where do you call RhWakeUpProcess?
Franco Miceli
@fmiceli24
I call RhWakeUpProcess right after all hooks are installed within NativeInjectionEntryPoint.
Icesythe7
@Icesythe7
doesnt look like anyone uses this but im trying to inject a c++ dll using c# however i keep getting badimageformat
the dll injects and works fine with any public injector btw even my own coded in c++
Justin Stenning
@spazzarama
@Icesythe7 you will need to use the native exports directly instead of the managed helper, otherwise it will assume a managed assembly
E.g
Ie RhInstallLibrary/Ex in NativeAPI namespace - check docs
@fmiceli24 and are you using RhCreateAndInject?
Icesythe7
@Icesythe7
@spazzarama I looked at them yes but the way it is setup it is hard to find stuff as it is just function names and no descriptions...I'm assuming ex frome here http://easyhook.github.io/api/html/M_EasyHook_NativeAPI_RhInjectLibraryEx.htm stands for external? also what do the params expect since I dont need x86 can it be null? whats inpassthrubuffer? can I load it as a byte array? 'm not sure what In wakeuptid is either
Justin Stenning
@spazzarama
@Icesythe7 take a look at the native remote hooking tutorial, yes just use null for 32-bit if not needed
Icesythe7
@Icesythe7
@spazzarama ah thank you, is there currently a way (in c# using easyhook) to inject dll as byte array? trying to store dll as byte array and just read url and inject it
this way user doesn't have to download a physical dll and have it in correct folder plus will be simple to push updates etc
Icesythe7
@Icesythe7
ok clearly im too dumb to figure this out can someone just post a c# example of how to simply inject a c++ dll because i cant figure it out
        NativeAPI.RhInjectLibraryEx(proc.Id, 0, 0, null, "path to dll", IntPtr.Zero, 0);
0 errors just does nothing
Franco Miceli
@fmiceli24
@spazzarama Hi. I tried both RhCreateAndInject, and CreateProcess(CREATE_SUSPENDED) -> RhInjectLibrary() -> ResumeThread() and also with RhCreateAndInject() -> RhWakeUpProcess(). None worked. I ended up changing the behavior of the program via alteration to the environment variables and registry keys at the moment of creation. Reverting back as soon as the alteration was successful.
@spazzarama Something that is happening now is that on Windows server 2019, some programs that were correctly injected on Windows 8 give the error 5 on RhInjectLibrary(). Any ideas what this error means?
Justin Stenning
@spazzarama
@Icesythe7 that code looks correct, do you have an EasyHook entrypoint defined in your native dll?
@fmiceli24 code 5 is usually access denied
@fmiceli24 someone posted recently in a github issue how they used WaitForIdle and then injected/resumed, perhaps that can help in your situation.
Icesythe7
@Icesythe7
@spazzarama idk what that is i can use any injector like extreme injector ant it works fine i just wanna use c# to call load library basically
the dll is c++ and just creates a thread on process attach i dont need the injector to call any functions the dll handles itself just litterally simply need to inject it
Franco Miceli
@fmiceli24
@spazzarama I am not familiar with WaitForIdle on C++. I will investigate and check it out.
@spazzarama What does access denied error code means? Is it related to user's permissions or not being able to access the injection DLL?
Justin Stenning
@spazzarama
@fmiceli24 usually the access denied it from trying to allocate memory in the target process (some processes run in limited security context etc).
Justin Stenning
@spazzarama
@Icesythe7 EasyHook is designed to run the exported entry point, it does try to free the library once the easyhook entry point returns. If you don't provide it then it cannot block the freeing logic (i.e. you add a while loop with whatever exit logic you need). The remove native hooking example shows you an example. It sounds like you might be better served with one of the other libraries you mentioned that are specifically for injection (just create your own managed wrapper to call the native methods if you want to use from .NET).
Franco Miceli
@fmiceli24
@spazzarama, I understand. The same process does not present this problem if run on Windows 8.1. It only happens on Windows 10 or Server 2019. Is there a way to specify the security context for a process at the moment of Creating it?
MrCat32214
@MrCat32214
hay i just downloaded the easy hook stuff but im not quite sure how to use it anyone mind explaining how to bring the program up in the first place xD
Justin Stenning
@spazzarama
@MrCat32214 take a look at the tutorials on easyhook.github.io
@fmiceli24 not sure sorry.
Adam Xavier
@AdamXavier_gitlab
Anybody ever use JNI to call EasyHook functions from within a Java app?
sajid36
@sajid36
Hi, Is it possible to allow only trusted application to install hook? For example, I just want to allow my written program/application to be able to install hook (given that my application admin privilege). but other application won't be able to install hook. I want to prevent other applications to be able to install hook.
Andrew
@zezba9000
I'm getting "The given trace handle seems to already be associated with a hook."
Is there a way to override the method anyway?
Method signature is "VR_INTERFACE bool VR_CALLTYPE VR_IsInterfaceVersionValid( const char *pchInterfaceVersion );"
Where
  • VR_INTERFACE extern "C" __declspec( dllimport )
  • VR_CALLTYPE __cdecl
Joel Van Eenwyk
@joelvaneenwyk
@spazzarama , I may have some "spare" time in the coming months and was looking to do a bit of minor improvements/cleanup to EasyHook e.g. EasyHook/EasyHook#287, unify tabs/whitespace, add additional unit tests, fix VS2019 support, etc. If I were to do that, would you have time to review pull requests and such? Rather not invest in this if it's not going to get merged back.
Justin Stenning
@spazzarama
@joelvaneenwyk 👍
@joelvaneenwyk use the dev branch please
Joel Van Eenwyk
@joelvaneenwyk
great, ok, i'll see what i can do :)
Joel Van Eenwyk
@joelvaneenwyk
@spazzarama , can you please export an appveyor.yml file from your config? For whatever reason I can't find out how to do that on a project I don't own e.g. https://ci.appveyor.com/project/spazzarama/easyhook/branch/master
Joel Van Eenwyk
@joelvaneenwyk
Justin Stenning
@spazzarama
@joelvaneenwyk pm'd
@joelvaneenwyk I may have time also in the next month or two to get a few things done. Will see how everything pans out.
Joel Van Eenwyk
@joelvaneenwyk
awesome, thanks @spazzarama ! it is now up and running on my custom branch: https://ci.appveyor.com/project/joelvaneenwyk/easyhook
mt
@machinetherapist
hi guys, is there any way to get module base address without winapi such as getmodulehandle ?
for x64, i looktup some walking peb codes but there are not so many sources..
Intolerable Politics
@TantraWraith_twitter
can someone explain to me dword ptr and byte ptr and how to use easyhook to hook the sub function for this?
Derzsi Dániel
@darktohka
Is there any way to set up an exclusive ACL so that all graphics drivers (for example AMD's amdxc32.dll) are excluded from hooks?
Right now, I'm getting C0000005 ACCESS_VIOLATION crashes as soon as I hook GetSystemInfo on amdxc32.dll and attempt to run a DirectX game
Jana Mohn
@Qibbi
Hi, I'm trying to inject into an application which I start with CreateProcessW in a suspended state. Now when I call RemoteHooking.Inject I get a Code: 5 in return (I guess C0000005?) When I start it in an unsuspended state the hook works, but I need to catch something that's called pretty much immediately in the main function
(I'm using C#)