Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jan 17 08:46
    justinstenning commented #347
  • Jan 17 07:11
    UMU618 closed #347
  • Jan 17 07:11
    UMU618 commented #347
  • Jan 17 07:09
    UMU618 opened #402
  • Jan 17 07:06
    UMU618 commented #393
  • Nov 27 2022 02:32
    justinstenning commented #401
  • Oct 18 2022 16:53
    0xQQa commented #400
  • Sep 22 2022 07:50
    ATLaptic commented #401
  • Sep 21 2022 21:47
    justinstenning commented #401
  • Sep 21 2022 06:09
    ATLaptic opened #401
  • Sep 11 2022 00:32
    SunnyDesignor commented #400
  • Sep 10 2022 22:39
    justinstenning commented #400
  • Sep 10 2022 17:04
    SunnyDesignor opened #400
  • Sep 10 2022 16:02
    SunnyDesignor commented #375
  • Sep 07 2022 15:07
    StephMoodyEmpowered opened #399
  • Jul 05 2022 20:24
    IvanJRCH opened #398
  • Apr 28 2022 18:05
    giesalabs commented #380
  • Apr 19 2022 03:38
    zhaokaixs opened #397
  • Apr 01 2022 14:22
    Nickert1337 edited #396
  • Apr 01 2022 14:22
    Nickert1337 opened #396
Connor
@Meigs2
image.png
failed launch with easyhook installed
Connor
@Meigs2
Any ideas?
Justin Stenning
@justinstenning
Your signature is the issue
@Meigs2 If I am having issues with signatures I try dumbing it down and use IntPtr for any pointers (e.g. LPWSTR etc). If it then works then go back and sort that out. Perhaps you need to provide some marshalling attributes to ensure the strings come through correctly
e.g. add this to the string parameters [MarshalAs(UnmanagedType.LPWStr)]
Connor
@Meigs2
I will give it a shot right now.
Connor
@Meigs2
I got it figured out, it seems I didnt have the delegate set to marshal the charset to auto
[UnmanagedFunctionPointer(CallingConvention.StdCall, SetLastError = true, CharSet = CharSet.Auto)]
thats.. so annoying haha
Thank you for the help. I appreciate it
Connor
@Meigs2
Now I've got a new set of issues, my main app that launches a process and installs hook wont call back, but my test app will 😅 It's never easy is it
Justin Stenning
@justinstenning
Hah, yep its never easy
Connor
@Meigs2
Yeah I don't really know what to do, the hook installs in the remote but its never called like it is in the test app.
Connor
@Meigs2
hm, it seems my target process crashes after some time if I install any hooks into it, otherwise the hooks seem to work better
Connor
@Meigs2
Huh, it seems my IPC to communicate back to my host process is too slow? Or something so if I message back the hooked program either times out or crashes. Strange.
Connor
@Meigs2
But CreateProcessW callback is called in my debugger!! So it works, I just have to solve my IPC issues.
Thanks @spazzarama
Im using the Direct3DHook project as a base and that IPC is crashing the remote sometimes for whatever reason.
Connor
@Meigs2
I need to re-implement it anyways, I dont think calling directly back into the remote host is great for what I need where the host may close and may need to re-connect to its clients
Connor
@Meigs2
Is there any threading/invoking implications with calling remote functions from within a hooked function call? I'm unable for the life of me to get any IPC working within the CreateProcessW callback. I'm using the Direct3D hook project as scaffolding, the other functions work with the RemoteHooking.IpcConnectClient client to call back to the host but whenever I message from the hooked CreateProcessW the process crashes.
Justin Stenning
@justinstenning
@Meigs2 ideally the hook does as little as possible. If the IPC is simply notifications to the host, add to a queue and process separately. If you need to perform IPC in order to make a decision within the hook, be as light weight as possible (and perhaps use some thread blocking/sync to perform the actual IPC within a separate thread). I have seen issues in complicated hooks due to thread creation etc...
Connor
@Meigs2
I'll give some sort of queue a try, I did try spawning a thread to notify the host, which seemed to help, but the UI of the entire app wouldnt load
I also had a VERY strange issue where even if I had a SendMessage in the hook, even when the code was unreachable in a if(false), it would still crash. commenting out the line fixed it. Maybe its an object creation thing.
Allocating in the hook is probably bad
Connor
@Meigs2
At some point though I've had so many little issues like this getting IPC to just work I'm considering just... writing this in C++
¯\_(ツ)_/¯
Connor
@Meigs2
Okay, I've mad progress, I've injected into the process at runtime instead of at creation like I was before and have attached the debugger to the process. Do when I have ANYTHING other than the hook callback in my hooked function, even after the hook, the call to the actual function breaks.
Giving an An unhandled exception of type 'System.AccessViolationException' occurred in Unknown Module.
var result = false;

            result = CreateProcessW(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, 
                bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, out lpProcessInformation); // THROWS HERE
            try
            {
                messageQueue.Enqueue("Text");
            }
            catch
            {
                // swallow exceptions so that any issues caused by this code do not crash target process
            }
            return result;
var result = false;

            result = CreateProcessW(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, 
                bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, out lpProcessInformation); // DOES NOT THROW AFTER COMMENTING OUT BELOW
            try
            {
                //messageQueue.Enqueue("Text");
            }
            catch
            {
                // swallow exceptions so that any issues caused by this code do not crash target process
            }
            return result;
I guess the signature could still be messed up?
I dont know why interaction... after the actual API call would break the call itself, unless the process I've hooked is checking for this?
Connor
@Meigs2
Maybe?
Connor
@Meigs2
If that enqueue is placed before the CreateProcessW call then it gets enqueued properly as well
Connor
@Meigs2
Welp, it's a signature issue. Change some params to intptrs and im golden.
Justin Stenning
@justinstenning
@Meigs2 ok cool. Btw for ipc you could use the RpcBuffer in SharedMemory library that is fairly light weight
Connor
@Meigs2
I'm taking a look at a little custom named pipe implementation
Lioncat2002
@Lioncat2002
Hello is it possible to disable the windows key, alt key, f4 key, tab keys with easyhook?
Justin Stenning
@justinstenning
@Lioncat2002 it is not the right tool for that. You will need to look at SetWindowsHook WinAPI instead
Murmelmann
@Murmelmann
How can I set a hook on "SendMessage" Win Api function? I tried _HookOnSendMessage = EasyHook.LocalHook.Create(EasyHook.LocalHook.GetProcAddress("user32.dll", "SendMessage"), New PostMessageDelegate(AddressOf SendMessageHook), Nothing) but I get an error saying "the method does not exist". Thanks!
2 replies
Murmelmann
@Murmelmann
I am currently toying around with the C# tutorial on "Creating a remote file monitor". I got it working but in the tutorial the client process is only sending messages to the server program. I would like to send an object (e.g. some class) from my hooked method in the target application back to program.cs (the FileMonitor). I could not find any instructions on how to do this, can anybody help me out with this?
Justin Stenning
@justinstenning
@Murmelmann look at docs on .NET Remoting and how to pass objects by reference (eg MarshalByRef)
Keytrap
@varKeytrap
Hey @spazzarama , could you check my issue whenever you have few minutes. Thanks ! #371
Swung
@Swung0x48
Hi there! I have a program and it have called a few win32 apis that I’d like to hook. I’d like to make my hack as a dll to be loaded by the host program. Is it possible by easyhook?
bclothier
@bclothier
Hi, just confirming --- am I correct in assuming the EasyHook can only work on win32 and win64? I don't see anything indicating that it can run on an ARM-based device.
Justin Stenning
@justinstenning
@bclothier correct, only x86/x86-64
bclothier
@bclothier
Thanks for confirming. Would the developers of EasyHook consider compiling an ARM build?
Justin Stenning
@justinstenning
@bclothier it is not as simple as just doing an ARM build, the assembler instructions will all be different that perform the hook trampoline etc. It is not on the roadmap currently.
bclothier
@bclothier
I suspected that it would be a difficult endeavor. Thanks for the confirmation!