Comments (7)
stevemk14ebr
commented on August 11, 2024
you can find an example usage here:
you also mist not run under a debugger. Can you verify again, and if it doesn't work, post your code.
from polyhook_2_0.
ph0t0shop
commented on August 11, 2024
Yes I verified that.
.exe I'm injecting into (/Od and /Ob0 compiler flags, before you ask):
#include <iostream>
#include <thread>
static std::string modstring(std::string inStr) {
return inStr + "o";
}
void thread1() {
std::string kutshit = "Y";
while (true) {
std::cout << kutshit;
std::cin.ignore(1000000, 'd');
kutshit = std::string(modstring(kutshit));
}
}
int main()
{
thread1();
}
.dll I'm injecting:
const uintptr_t injectionPracticeBase = (uintptr_t)GetModuleHandleW(L"injectionpractice.exe");
uint64_t modString = injectionPracticeBase + 0x1480; // change this to whatever value it becomes when compiled
uint64_t modStringOrig = NULL;
std::shared_ptr<PLH::BreakPointHook> bpHook;
NOINLINE std::string modStringDetour() {
auto protObj = bpHook->getProtectionObject();
return "test";
}
void tmain() {
std::cout << std::string("hooked") << std::endl;
bpHook = std::make_shared<PLH::BreakPointHook>((uint64_t)modString, (uint64_t)modStringDetour);
std::cout << (bpHook->hook() ? "yes" : "no") << std::endl;
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
DisableThreadLibraryCalls(hModule);
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)tmain, NULL, 0, NULL); // before you ask, I also tried executing tmain without createthread, doesn't work either
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
from polyhook_2_0.
ph0t0shop
commented on August 11, 2024
That is the BreakPointHook, obviously, which works, but using HWBreakPointHook it doesn't.
from polyhook_2_0.
stevemk14ebr
commented on August 11, 2024
ok, when I get time I'll look into this issue. I don't see any obvious errors in your code
from polyhook_2_0.
ph0t0shop
commented on August 11, 2024
Thank you, tell me if you need clarification
from polyhook_2_0.
stevemk14ebr
commented on August 11, 2024
Ok found the problem, this is actually an exact duplicate of the other issue you linked so i suggest a quick re-read of that in addition to my comments here. Per design, the HWBP hook only hooks the function on the thread that calls hook(). The debug registers are local to the thread, and must be set per each thread. Regardless of you calling create thread in dllmain or not, you're likely on a different thread than the application due to how dll injectors work (virtualalloc + create remote thread usually). To fix this you need to call hook from the context of the thread. You can hook with another type first and setup your hwbp inside that handler, or you can modify polyhook to enumerate threads and hook each of them instead of just GetCurrentThread(). Just to prove it to yourself you can place the line:
printf("thread id: %X", GetThreadId(GetCurrentThread()));
in both your dll function where you call hook, and the loop inside your target. Also!!! Your function typdef must match:
NOINLINE std::string modStringDetour() {
auto protObj = bpHook->getProtectionObject();
return "test";
}
it's missing the std::string argument. Beware that allocating objects across dll boundaries is dangerous if the runtimes are not sharing a heap. https://stackoverflow.com/questions/35310117/debug-assertion-failed-expression-acrt-first-block-header
I personally modified your example to the following for simplification:
// DLL
uint32_t modString = // read from console and compile;
uint32_t modStringOrig = NULL;
std::shared_ptr<PLH::HWBreakPointHook> bpHook;
NOINLINE int modStringDetour(int unused) {
UNREFERENCED_PARAMETER(unused);
auto protObj = bpHook->getProtectionObject();
return 1337;
}
// TARGET
static __declspec(noinline) int modInt(int intIn) {
return intIn + 1;
}
void thread1() {
uint64_t intIn = 0;
printf("thread id: %X", GetThreadId(GetCurrentThread()));
printf("Place hook at: %X\n", (uint32_t)&modInt);
while (true) {
std::cout << intIn << std::endl;
intIn = modInt(intIn);
std::this_thread::sleep_for(std::chrono::seconds(1));
}
}
from polyhook_2_0.
ph0t0shop
commented on August 11, 2024
Hmm okay thank you, although the ThreadID I get from the DLL seems to be a garbage value. But that has nothing to do with PolyHook. Thanks for your answer
EDIT: Nevermind, that was just me not printing a newline. Thanks again for your answer
from polyhook_2_0.
Related Issues (20)
- Updating VCPKG version HOT 7
- Outdated example HOT 2
- In the unHook function, m_userTrampVar is clear, cause crash when hook again HOT 2
- `VirtualAlloc2` with `MEM_ADDRESS_REQUIREMENTS` must respect min/max application addresses HOT 3
- dll doesnt attach to process HOT 3
- PLH::findPattern fails due to issue with _alloca HOT 1
- [Question] PreHook, PostHook HOT 4
- [Question, Help Wanted, Feature Request] Hooking a class member function HOT 1
- Including polyhook makes my code crash on launch HOT 7
- Expose m_hooked boolean HOT 1
- Non DS segment relative memory operands crash reading destination HOT 1
- Disassembler may go out of bounds into unmapped region HOT 1
- Detours getting automatically removed HOT 9
- Crash on VFuncSwapHook/VTableSwapHook Constructor HOT 1
- A windows app that uses std::stringstream crashes when PolyHook_2.lib is included in the link. HOT 8
- MessageBoxW & EatHook
- Cannot compile polyhook on linux using cmake HOT 4
- VEH Hook function HOT 1
- Stack overflow in PLH::ErrorLog::log HOT 3
- fail on link when use vcpkg with x64-windows-static HOT 17
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from polyhook_2_0.