Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jul 05 20:24
    IvanJRCH opened #398
  • Apr 28 18:05
    giesalabs commented #380
  • Apr 19 03:38
    zhaokaixs opened #397
  • Apr 01 14:22
    Nickert1337 edited #396
  • Apr 01 14:22
    Nickert1337 opened #396
  • Mar 15 03:48
    bwmaples commented #395
  • Mar 13 09:54
    bwmaples commented #395
  • Mar 13 09:36
    bwmaples commented #395
  • Mar 13 09:32
    bwmaples commented #395
  • Mar 13 07:33
    bwmaples commented #395
  • Mar 13 07:33
    bwmaples commented #395
  • Mar 13 07:29
    bwmaples commented #395
  • Mar 13 07:25
    bwmaples edited #395
  • Mar 13 07:21
    bwmaples edited #395
  • Mar 13 07:16
    spazzarama commented #395
  • Mar 13 07:10
    bwmaples edited #395
  • Mar 13 07:09
    bwmaples edited #395
  • Mar 13 07:07
    bwmaples opened #395
  • Mar 11 15:18
    violarulan commented #367
  • Mar 08 17:32
    danyhm commented #366
James Stine
@LeonBlade
I don't think it really matters though given that it's not the main problem.
Praying
@Praying
How can I write a dll to hook the "OpenFileW" ?
with cpp
Jana Mohn
@Qibbi
@spazzarama in C#, what could cause a LocalHook to be collected without my code triggering it?
jackwolail
@jackwolail
any one here
Why is it that the first instruction is jmp, so it can't be hooked?
Why is it that the first instruction is jmp, so it can't be hooked?
jackwolail
@jackwolail
@spazzarama are you here?
jackwolail
@jackwolail
anyone here??
bgxb
@bgxb:matrix.org
[m]
Hello! With this library would be possible to make a custom open/save file dialog?
I mean, customize the open/save file dialog of an app that I don'thave the source code of.
Justin Stenning
@spazzarama
@Qibbi if it is collected by GC it will be freed, keep a reference alive
@jackwolail commented in your issue in github
@bgxb:matrix.org in theory yes, if you find the correct hook points
Connor
@Meigs2
Hi, I'm having some really bad issues Hooking CreateProcess? currently I've found no way to get easyhook to ever hook locally CreateProcess in kernel32. The hook installs but it is just never called back no matter what signature I give it. I will link a really basic sample program to demonstrate what I'm trying to do in my larger program.
Notepad launches but the callback is never called.
I'll make a github issue too
Justin Stenning
@spazzarama
@Meigs2 try changing createProcessHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 }); to createProcessHook.ThreadACL.SetExclusiveACL(new Int32[] { });
Using 0 means that the hook will not intercept the current thread (i.e. the thread that installed the hook)
Connor
@Meigs2
I'll give it a shot.
Connor
@Meigs2
That worked... of course it was that easy 🤦‍♂️
Connor
@Meigs2
Well the callback works but the parameters its passing in are mangled or incorrect, so processes wont spawn when CreateProcess is hooked. Strange. Maybe my signature is messed up.
Connor
@Meigs2
Yeah it seems adding the hook is breaking something. Here's my gist: https://gist.github.com/Meigs2/34b903d63567aad0572ee99101f84ab1
Connor
@Meigs2
either way it seems the process that I'm hooking into isnt spawning processes through CreateProcess so its not a huge deal. Would like to know why its not working but oh well.
Connor
@Meigs2
Wait no, it totally does! It's just not calling it still...
image.png
Do I have to hook that module to intercept that call?
Connor
@Meigs2
What would cause the installed hook to miss the hook or have it pass the incorrect paramaters?
Justin Stenning
@spazzarama
try setting charset
or explicitly tell it how to interpret the string
Justin Stenning
@spazzarama
Are you hooking the CreateProcess or CreateProcessW, be sure you have the right address
Connor
@Meigs2
CreateProcessW ill try the charset
Also it seems to be called far more in my hook than in APIMonitor
Connor
@Meigs2
CreateProcessW is set to unicode, still not working
Im going to hook the same app without the easyhook in ApiMonitor and see if it returns correctly
Connor
@Meigs2
image.png
notepad launch without easyhook installed
image.png
failed launch with easyhook installed
Connor
@Meigs2
Any ideas?
Justin Stenning
@spazzarama
Your signature is the issue
@Meigs2 If I am having issues with signatures I try dumbing it down and use IntPtr for any pointers (e.g. LPWSTR etc). If it then works then go back and sort that out. Perhaps you need to provide some marshalling attributes to ensure the strings come through correctly
e.g. add this to the string parameters [MarshalAs(UnmanagedType.LPWStr)]
Connor
@Meigs2
I will give it a shot right now.
Connor
@Meigs2
I got it figured out, it seems I didnt have the delegate set to marshal the charset to auto
[UnmanagedFunctionPointer(CallingConvention.StdCall, SetLastError = true, CharSet = CharSet.Auto)]
thats.. so annoying haha
Thank you for the help. I appreciate it