failed launch with easyhook installed
@Meigs2 If I am having issues with signatures I try dumbing it down and use IntPtr for any pointers (e.g. LPWSTR etc). If it then works then go back and sort that out. Perhaps you need to provide some marshalling attributes to ensure the strings come through correctly
e.g. add this to the string parameters
[MarshalAs(UnmanagedType.LPWStr)]
[UnmanagedFunctionPointer(CallingConvention.StdCall, SetLastError = true, CharSet = CharSet.Auto)]
thats.. so annoying haha
Thank you for the help. I appreciate it
Thanks @spazzarama
Im using the Direct3DHook project as a base and that IPC is crashing the remote sometimes for whatever reason.
Is there any threading/invoking implications with calling remote functions from within a hooked function call? I'm unable for the life of me to get any IPC working within the CreateProcessW callback. I'm using the Direct3D hook project as scaffolding, the other functions work with the RemoteHooking.IpcConnectClient client to call back to the host but whenever I message from the hooked CreateProcessW the process crashes.
@Meigs2 ideally the hook does as little as possible. If the IPC is simply notifications to the host, add to a queue and process separately. If you need to perform IPC in order to make a decision within the hook, be as light weight as possible (and perhaps use some thread blocking/sync to perform the actual IPC within a separate thread). I have seen issues in complicated hooks due to thread creation etc...
I also had a VERY strange issue where even if I had a SendMessage in the hook, even when the code was unreachable in a if(false), it would still crash. commenting out the line fixed it. Maybe its an object creation thing.
Allocating in the hook is probably bad
¯\_(ツ)_/¯
Okay, I've mad progress, I've injected into the process at runtime instead of at creation like I was before and have attached the debugger to the process. Do when I have ANYTHING other than the hook callback in my hooked function, even after the hook, the call to the actual function breaks.
Giving an
An unhandled exception of type 'System.AccessViolationException' occurred in Unknown Module.
var result = false;
result = CreateProcessW(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes,
bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, out lpProcessInformation); // THROWS HERE
try
{
messageQueue.Enqueue("Text");
}
catch
{
// swallow exceptions so that any issues caused by this code do not crash target process
}
return result;var result = false;
result = CreateProcessW(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes,
bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, out lpProcessInformation); // DOES NOT THROW AFTER COMMENTING OUT BELOW
try
{
//messageQueue.Enqueue("Text");
}
catch
{
// swallow exceptions so that any issues caused by this code do not crash target process
}
return result;
I guess the signature could still be messed up?
I dont know why interaction... after the actual API call would break the call itself, unless the process I've hooked is checking for this?
How can I set a hook on "SendMessage" Win Api function? I tried _HookOnSendMessage = EasyHook.LocalHook.Create(EasyHook.LocalHook.GetProcAddress("user32.dll", "SendMessage"), New PostMessageDelegate(AddressOf SendMessageHook), Nothing) but I get an error saying "the method does not exist". Thanks!
2 replies
I am currently toying around with the C# tutorial on "Creating a remote file monitor". I got it working but in the tutorial the client process is only sending messages to the server program. I would like to send an object (e.g. some class) from my hooked method in the target application back to program.cs (the FileMonitor). I could not find any instructions on how to do this, can anybody help me out with this?
