Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Oct 16 23:18
    spazzarama closed #391
  • Oct 16 23:18
    spazzarama commented #391
  • Oct 16 23:17
    spazzarama commented #392
  • Oct 16 13:35
    danyhm opened #392
  • Oct 16 13:26
    danyhm opened #391
  • Sep 19 21:29
    pepeu93 closed #390
  • Sep 19 21:29
    pepeu93 commented #390
  • Sep 19 21:21
    pepeu93 commented #260
  • Sep 19 14:52
    pepeu93 commented #390
  • Sep 19 14:52
    pepeu93 commented #390
  • Sep 19 03:05
    spazzarama commented #390
  • Sep 19 03:04
    spazzarama commented #390
  • Sep 19 03:03
    spazzarama commented #390
  • Sep 19 02:52
    pepeu93 commented #390
  • Sep 19 02:51
    pepeu93 commented #390
  • Sep 19 02:51
    pepeu93 commented #390
  • Sep 19 02:38
    spazzarama commented #390
  • Sep 18 02:30
    pepeu93 commented #390
  • Sep 18 02:29
    pepeu93 commented #390
  • Sep 18 00:18
    pepeu93 commented #390
Justin Stenning
@spazzarama
@fmiceli24 usually the access denied it from trying to allocate memory in the target process (some processes run in limited security context etc).
Justin Stenning
@spazzarama
@Icesythe7 EasyHook is designed to run the exported entry point, it does try to free the library once the easyhook entry point returns. If you don't provide it then it cannot block the freeing logic (i.e. you add a while loop with whatever exit logic you need). The remove native hooking example shows you an example. It sounds like you might be better served with one of the other libraries you mentioned that are specifically for injection (just create your own managed wrapper to call the native methods if you want to use from .NET).
Franco Miceli
@fmiceli24
@spazzarama, I understand. The same process does not present this problem if run on Windows 8.1. It only happens on Windows 10 or Server 2019. Is there a way to specify the security context for a process at the moment of Creating it?
MrCat32214
@MrCat32214
hay i just downloaded the easy hook stuff but im not quite sure how to use it anyone mind explaining how to bring the program up in the first place xD
Justin Stenning
@spazzarama
@MrCat32214 take a look at the tutorials on easyhook.github.io
@fmiceli24 not sure sorry.
Adam Xavier
@AdamXavier_gitlab
Anybody ever use JNI to call EasyHook functions from within a Java app?
sajid36
@sajid36
Hi, Is it possible to allow only trusted application to install hook? For example, I just want to allow my written program/application to be able to install hook (given that my application admin privilege). but other application won't be able to install hook. I want to prevent other applications to be able to install hook.
Andrew
@zezba9000
I'm getting "The given trace handle seems to already be associated with a hook."
Is there a way to override the method anyway?
Method signature is "VR_INTERFACE bool VR_CALLTYPE VR_IsInterfaceVersionValid( const char *pchInterfaceVersion );"
Where
  • VR_INTERFACE extern "C" __declspec( dllimport )
  • VR_CALLTYPE __cdecl
Joel Van Eenwyk
@joelvaneenwyk
@spazzarama , I may have some "spare" time in the coming months and was looking to do a bit of minor improvements/cleanup to EasyHook e.g. EasyHook/EasyHook#287, unify tabs/whitespace, add additional unit tests, fix VS2019 support, etc. If I were to do that, would you have time to review pull requests and such? Rather not invest in this if it's not going to get merged back.
Justin Stenning
@spazzarama
@joelvaneenwyk 👍
@joelvaneenwyk use the dev branch please
Joel Van Eenwyk
@joelvaneenwyk
great, ok, i'll see what i can do :)
Joel Van Eenwyk
@joelvaneenwyk
@spazzarama , can you please export an appveyor.yml file from your config? For whatever reason I can't find out how to do that on a project I don't own e.g. https://ci.appveyor.com/project/spazzarama/easyhook/branch/master
Joel Van Eenwyk
@joelvaneenwyk
Justin Stenning
@spazzarama
@joelvaneenwyk pm'd
@joelvaneenwyk I may have time also in the next month or two to get a few things done. Will see how everything pans out.
Joel Van Eenwyk
@joelvaneenwyk
awesome, thanks @spazzarama ! it is now up and running on my custom branch: https://ci.appveyor.com/project/joelvaneenwyk/easyhook
mt
@machinetherapist
hi guys, is there any way to get module base address without winapi such as getmodulehandle ?
for x64, i looktup some walking peb codes but there are not so many sources..
Intolerable Politics
@TantraWraith_twitter
can someone explain to me dword ptr and byte ptr and how to use easyhook to hook the sub function for this?
Derzsi Dániel
@darktohka
Is there any way to set up an exclusive ACL so that all graphics drivers (for example AMD's amdxc32.dll) are excluded from hooks?
Right now, I'm getting C0000005 ACCESS_VIOLATION crashes as soon as I hook GetSystemInfo on amdxc32.dll and attempt to run a DirectX game
Jana Mohn
@Qibbi
Hi, I'm trying to inject into an application which I start with CreateProcessW in a suspended state. Now when I call RemoteHooking.Inject I get a Code: 5 in return (I guess C0000005?) When I start it in an unsuspended state the hook works, but I need to catch something that's called pretty much immediately in the main function
(I'm using C#)
Jana Mohn
@Qibbi
it actually does work... sometimes, seems sometimes the main module is loaded, sometimes it's not
Justin Stenning
@spazzarama
@darktohka I don't know of one
@Qibbi are you using the easyhook's RemoteHooking.CreateAndInject ? If not, try that instead.
Jana Mohn
@Qibbi
It's the same result, seems Win10's lazy loading is at work, I currently do a loop... start, inject, if it worked break if not terminate and try again
I also need to use CreateProcessW in my case as I need to set bInheritHandles to true, but as said, it doesn't matter as it's the same result regardless
Acidical
@Acidical

I am attempting to hook a 32bit test process with a 32bit dll and injector, just like in the native c++ beep tutorial, but i am getting the error code -1073741582 with the error Unable to find the required native entry point in the given 32-bit library.

I have followed the tutorial exactly and clearly have the entry point defined in the dll:

extern "C" void __declspec(dllexport) __stdcall NativeInjectionEntryPoint(REMOTE_ENTRY_INFO * inRemoteInfo);

void __stdcall NativeInjectionEntryPoint(REMOTE_ENTRY_INFO *inRemoteInfo)
{
    ...etc
}
If i compile everything to 64 bit instead, and move the dll path to the 64bit library path argument in RhInjectLibrary, it is capable of injecting into a 64bit process
I dont see the reason why it is unable to find the entry point in the 32bit version since i followed the tutorial exactly, and the exact same code works for 64bit
joedemax
@joedemax
Hi
With EasyHook, can i hook keys on a specific keyboard?
I'm using C#
Ron Sigal
@ronsig_gitlab

Hi,I modified the BeepHook sample to hook CreateFileW & CreateFileA (as well as ReadFile & ReadFileEx). The call to RhInjectLibrary succeeds, but the new hooks never get called when the sample process opens & reads files.

Any idea why? (tried both 32 and 64 bit).

Justin Stenning
@spazzarama
@Acidical are you using latest NuGet? The issue is probably related to what the export name ends up in 32-bit e.g. _NativeInjectionEntryPoint@4 . Check the export name using one of many dll export tools out there
Justin Stenning
@spazzarama
@joedemax no, you can simple use a the SetWindowsHookEx Win32 API function for that (plenty of C# examples out there)
@ronsig_gitlab are you certain that the code you have written in Target.cpp actually results in calling those underlying APIs?
Justin Stenning
@spazzarama
@ronsig_gitlab I don't see anything obviously wrong with the code you sent through. One thing I would try is call the API method CreateFileW directly and see if that gets intercepted. From there I would try it all within the same process to see if that works.
@ronsig_gitlab have you attempted debugging and setting break points in the hook handler?
Justin Stenning
@spazzarama
@Acidical to clarify, in 32-bit mode the native export is assumed to be _NativeInjectionEntryPoint@4 . I'm adding support for this to be changed in a .def EXPORTS section to NativeInjectionEntryPoint just in case.
Acidical
@Acidical
image.png
I have checked the 32bit dlls export and it seems to be correct
And i am using a version i built myself from the github develop branch, ill try rebuilding with your new commit and see if it fixes the issue
Just read your commit and it does seem that would fix it, ill build it now
Justin Stenning
@spazzarama
@Acidical yeah develop branch had a bug that would have broken it
Acidical
@Acidical
confirmed working, thanks for the help