EasyHook problem

I create a .exe resolution and use EasyHook to hook user-mode diaplay driver’s OpenAdapter function .

After hooking function successfully, I restart the display adapter but my hook function does not be called .

The two function below is called in my project,
LhInstallHook
LhSetInclusiveACL

What is wrong ?

thanks for your reply .

EasyHook is for easily setting hooks but this doesn’t mean you should use it without understanding how API hooking works. I recommend you study API hooking without using libraries like these and then go back to them afterwards because a proper understanding on how they are implemented will help you greatly.

About your problem, you are saying that you are using EasyHook to hook a user-mode API, but are then restarting the target which you had hooked. This will cause the hook to vanish, because the virtual memory for the target is reset due to the restart. You’ll need to re-hook the target on each instance as it is being started up.

You should let us know what you’re actually trying to achieve here, because hooking a display adapter sounds like a really silly thing to do. There could be a much better way to do what you may be trying to do, or a better idea to accomplish the end result. If you don’t know what you are doing, which is evident, then using hooking techniques (especially on sensitive targets) can cause many issues.

Thanks for your reply.

I think I had understand how to hook and I code a project inject dll to another process successfully.
I understand why hooking to OpenAdapter is failed yet.

xxxxx@foxmail.com

From: xxxxx@gmail.com
Date: 2018-01-10 21:43
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] EasyHook problem
EasyHook is for easily setting hooks but this doesn’t mean you should use it without understanding how API hooking works. I recommend you study API hooking without using libraries like these and then go back to them afterwards because a proper understanding on how they are implemented will help you greatly.

About your problem, you are saying that you are using EasyHook to hook a user-mode API, but are then restarting the target which you had hooked. This will cause the hook to vanish, because the virtual memory for the target is reset due to the restart. You’ll need to re-hook the target on each instance as it is being started up.

You should let us know what you’re actually trying to achieve here, because hooking a display adapter sounds like a really silly thing to do. There could be a much better way to do what you may be trying to do, or a better idea to accomplish the end result. If you don’t know what you are doing, which is evident, then using hooking techniques (especially on sensitive targets) can cause many issues.


NTDEV is sponsored by OSR

Visit the list online at: http:

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at http:</http:></http:></http:>