Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Apr 28 18:05
    giesalabs commented #380
  • Apr 19 03:38
    zhaokaixs opened #397
  • Apr 01 14:22
    Nickert1337 edited #396
  • Apr 01 14:22
    Nickert1337 opened #396
  • Mar 15 03:48
    bwmaples commented #395
  • Mar 13 09:54
    bwmaples commented #395
  • Mar 13 09:36
    bwmaples commented #395
  • Mar 13 09:32
    bwmaples commented #395
  • Mar 13 07:33
    bwmaples commented #395
  • Mar 13 07:33
    bwmaples commented #395
  • Mar 13 07:29
    bwmaples commented #395
  • Mar 13 07:25
    bwmaples edited #395
  • Mar 13 07:21
    bwmaples edited #395
  • Mar 13 07:16
    spazzarama commented #395
  • Mar 13 07:10
    bwmaples edited #395
  • Mar 13 07:09
    bwmaples edited #395
  • Mar 13 07:07
    bwmaples opened #395
  • Mar 11 15:18
    violarulan commented #367
  • Mar 08 17:32
    danyhm commented #366
  • Mar 08 17:31
    danyhm commented #24
James Stine
@LeonBlade
@spazzarama I run into an issue where it reports an unknown error code 15. I don't know if maybe I can do something with the already injected dll somehow to load in another library or something, I haven't looked into it yet. I know it's not supported natively though.
I'll have to double check if the versions are the same. I know when I tried initially easyhook64.dll wasn't being created so I'll just have to look into that as well.
James Stine
@LeonBlade
I tried with the same version of EasyHook as the one already injected but still no luck. "STATUS_INTERNAL_ERROR Unknown error in injected C++ completion routine. (Code: 15)" sadly.
Justin Stenning
@spazzarama
@LeonBlade I’m not convinced it being there already is the cause of the issue, could you try with something else you are able to inject jnto, and try injecting two different libraries from two test apps. Also check getting the error string from EasyHook.
James Stine
@LeonBlade
The error string seems to just be "Unknown error in injected C++ completion routine."
James Stine
@LeonBlade
@spazzarama I haven't tested another process to inject into, but I have verified that either or of my DLLs can be injected fine but not both at once as they both get the same error.
It is an older version of EasyHook though, so I'll try looking into updating them.
James Stine
@LeonBlade
Can't really do that, I'll have to keep trying something.
Justin Stenning
@spazzarama
If you are in control of them both, then can you not just load the 2nd from the first rather than trying to inject again?
James Stine
@LeonBlade
Not exactly, it's related to a modding system. The first one is injected at runtime. My secondary injection takes place after runtime as a separate project.
I was looking into injecting the DLL and calling easyload functions manually somehow but I haven't done a great deal of research into it yet.
Justin Stenning
@spazzarama
Once injected you can just use local hooks for additional hook, so the first always succeeds then, weird. If you prep a tedt the reproduces i can have a look
Prepare a test...
James Stine
@LeonBlade
I wasn't able to reproduce it with a console app injecting two separate DLLs with with two separate injections. There must be something unique with this setup.
James Stine
@LeonBlade

I am able to get a separate error when trying to do two separate injections in the process I'm attempting this on.

Unknown error code (-1073740008): The service is already registered. Use the service control manager to remove it! (Code: 1072)

James Stine
@LeonBlade
I don't think it really matters though given that it's not the main problem.
Praying
@Praying
How can I write a dll to hook the "OpenFileW" ?
with cpp
Jana Mohn
@Qibbi
@spazzarama in C#, what could cause a LocalHook to be collected without my code triggering it?
jackwolail
@jackwolail
any one here
Why is it that the first instruction is jmp, so it can't be hooked?
Why is it that the first instruction is jmp, so it can't be hooked?
jackwolail
@jackwolail
@spazzarama are you here?
jackwolail
@jackwolail
anyone here??
bgxb
@bgxb:matrix.org
[m]
Hello! With this library would be possible to make a custom open/save file dialog?
I mean, customize the open/save file dialog of an app that I don'thave the source code of.
Justin Stenning
@spazzarama
@Qibbi if it is collected by GC it will be freed, keep a reference alive
@jackwolail commented in your issue in github
@bgxb:matrix.org in theory yes, if you find the correct hook points
Connor
@Meigs2
Hi, I'm having some really bad issues Hooking CreateProcess? currently I've found no way to get easyhook to ever hook locally CreateProcess in kernel32. The hook installs but it is just never called back no matter what signature I give it. I will link a really basic sample program to demonstrate what I'm trying to do in my larger program.
https://gist.github.com/Meigs2/4dc57aaf2462b59f1545671050840b4c
Notepad launches but the callback is never called.
I'll make a github issue too
Justin Stenning
@spazzarama
@Meigs2 try changing createProcessHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 }); to createProcessHook.ThreadACL.SetExclusiveACL(new Int32[] { });
Using 0 means that the hook will not intercept the current thread (i.e. the thread that installed the hook)
Connor
@Meigs2
I'll give it a shot.
Connor
@Meigs2
That worked... of course it was that easy 🤦‍♂️
Connor
@Meigs2
Well the callback works but the parameters its passing in are mangled or incorrect, so processes wont spawn when CreateProcess is hooked. Strange. Maybe my signature is messed up.
Connor
@Meigs2
Yeah it seems adding the hook is breaking something. Here's my gist: https://gist.github.com/Meigs2/34b903d63567aad0572ee99101f84ab1
Connor
@Meigs2
either way it seems the process that I'm hooking into isnt spawning processes through CreateProcess so its not a huge deal. Would like to know why its not working but oh well.
Connor
@Meigs2
Wait no, it totally does! It's just not calling it still...
image.png
Do I have to hook that module to intercept that call?
Connor
@Meigs2
What would cause the installed hook to miss the hook or have it pass the incorrect paramaters?
Justin Stenning
@spazzarama
try setting charset
or explicitly tell it how to interpret the string
Justin Stenning
@spazzarama
Are you hooking the CreateProcess or CreateProcessW, be sure you have the right address
Connor
@Meigs2
CreateProcessW ill try the charset
Also it seems to be called far more in my hook than in APIMonitor
Connor
@Meigs2
CreateProcessW is set to unicode, still not working