Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting... Please check out the Community Guidelines in the
Announcements and Administration Category.

EasyHook problem

I create a .exe resolution and use EasyHook to hook user-mode diaplay driver's OpenAdapter function .

After hooking function successfully, I restart the display adapter but my hook function does not be called .

The two function below is called in my project,
LhInstallHook
LhSetInclusiveACL

What is wrong ?

thanks for your reply .

Comments

  • EasyHook is for easily setting hooks but this doesn't mean you should use it without understanding how API hooking works. I recommend you study API hooking without using libraries like these and then go back to them afterwards because a proper understanding on how they are implemented will help you greatly.

    About your problem, you are saying that you are using EasyHook to hook a user-mode API, but are then restarting the target which you had hooked. This will cause the hook to vanish, because the virtual memory for the target is reset due to the restart. You'll need to re-hook the target on each instance as it is being started up.

    You should let us know what you're actually trying to achieve here, because hooking a display adapter sounds like a really silly thing to do. There could be a much better way to do what you may be trying to do, or a better idea to accomplish the end result. If you don't know what you are doing, which is evident, then using hooking techniques (especially on sensitive targets) can cause many issues.
  • Thanks for your reply.

    I think I had understand how to hook and I code a project inject dll to another process successfully.
    I understand why hooking to OpenAdapter is failed yet.





    xxxxx@foxmail.com

    From: xxxxx@gmail.com
    Date: 2018-01-10 21:43
    To: Windows System Software Devs Interest List
    Subject: RE:[ntdev] EasyHook problem
    EasyHook is for easily setting hooks but this doesn't mean you should use it without understanding how API hooking works. I recommend you study API hooking without using libraries like these and then go back to them afterwards because a proper understanding on how they are implemented will help you greatly.

    About your problem, you are saying that you are using EasyHook to hook a user-mode API, but are then restarting the target which you had hooked. This will cause the hook to vanish, because the virtual memory for the target is reset due to the restart. You'll need to re-hook the target on each instance as it is being started up.

    You should let us know what you're actually trying to achieve here, because hooking a display adapter sounds like a really silly thing to do. There could be a much better way to do what you may be trying to do, or a better idea to accomplish the end result. If you don't know what you are doing, which is evident, then using hooking techniques (especially on sensitive targets) can cause many issues.

    ---
    NTDEV is sponsored by OSR

    Visit the list online at:

    MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
    Details at

    To unsubscribe, visit the List Server section of OSR Online at
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!