Comments (4)
stevemk14ebr
commented on August 11, 2024
Hey, I cannot reproduce this. I've modified your example a little, it's possible your injected DLL is causing memory corruption, try it with a system DLL that's already loaded. Also, no need for the getch_noblock thing, just use getchar()
Make sure you are compiling as x64 as well, you will have weird bugs if you unexpectedly use x64 mode when compiling as x86
#include <Windows.h>
#include <polyhook2/ZydisDisassembler.hpp>
#include <polyhook2/Detour/x64Detour.hpp>
#include <cstdarg>
#include <conio.h>
uint64_t hookLoadLibrary = NULL; // original LoadLibrary
// IDA: LoadLibraryExW(LPCWSTR lpLibFileName, HANDLE hFile, DWORD dwFlags)
HMODULE WINAPI hk_LoadLibrary(LPCWSTR lpLibFileName, HANDLE hfile, DWORD dwFlags)
{
printf("Loading file: %ws\n", lpLibFileName);
return PLH::FnCast(hookLoadLibrary, &LoadLibraryExW)(lpLibFileName, hfile, dwFlags);
}
int main()
{
auto error_log = std::make_shared<PLH::ErrorLog>();
PLH::Log::registerLogger(error_log);
PLH::ZydisDisassembler dis(PLH::Mode::x64);
HMODULE k32 = GetModuleHandleA("kernelbase.dll");
if (k32 == NULL)
return 0;
// all of the loadlibrary functions in kernel32/kernelbase end up calling LoadLibraryExW, which is the last step before ntdll.
auto load_lib_addr = GetProcAddress(k32, "LoadLibraryExW");
if (load_lib_addr == NULL)
return 0;
printf("LoadLibraryExW address in kernelbase.dll: %p\n", load_lib_addr);
PLH::x64Detour loadlib_detour(reinterpret_cast<uint64_t>(load_lib_addr), reinterpret_cast<uint64_t>(&hk_LoadLibrary), &hookLoadLibrary, dis);
loadlib_detour.hook();
LoadLibraryExW(L"kernel32.dll", 0, 0);
while (true)
{
if (getchar())
break;
}
loadlib_detour.unHook();
return 0;
}from polyhook_2_0.
m3chanical
commented on August 11, 2024
Thanks for the quick response!
I matched my code to yours and I still get the same errors. I forgot to mention previously that this occurs even when I comment out the LoadLibrary with my dll. For reference, its code is below.
I'm fairly certain I built PLH and Zydis for 64 bit but I'll rebuild them to see if I indeed screwed that up. In any case, I checked them with PE Bear and both had AMD64 flags I thought. Regardless, I'm going to build them again. In the meantime I'll also see if my win10 vm has problems with this as well.
Thanks!
// dllmain.cpp : Defines the entry point for the DLL application.
#include "pch.h"
DWORD WINAPI run(LPVOID lpParam)
{
MessageBoxA(NULL, "DLL Attached!\n", "leet h4x0r", MB_OK | MB_TOPMOST);
FreeLibraryAndExitThread(HMODULE(lpParam), 0);
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
CreateThread(NULL, 0, &run, hModule, 0, NULL);
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}from polyhook_2_0.
stevemk14ebr
commented on August 11, 2024
Try the vcpkg installation instead, you may have linking or header incompatibilities
from polyhook_2_0.
m3chanical
commented on August 11, 2024
Alright I installed PLH using vcpkg (I followed the guy who found the veh issue's code) and modified my build accordingly, and now it doesn't crash at all and seems like it's working pretty nicely.
I suspect I may have screwed up the Zydis build or something. Maybe I can indeed re-build all this and see what I missed.
Thank for the help!
from polyhook_2_0.
Related Issues (20)
- Disassembler may go out of bounds into unmapped region HOT 1
- Detours getting automatically removed HOT 9
- Crash on VFuncSwapHook/VTableSwapHook Constructor HOT 1
- A windows app that uses std::stringstream crashes when PolyHook_2.lib is included in the link. HOT 8
- MessageBoxW & EatHook
- Cannot compile polyhook on linux using cmake HOT 4
- VEH Hook function HOT 1
- Stack overflow in PLH::ErrorLog::log HOT 3
- fail on link when use vcpkg with x64-windows-static HOT 17
- Does x86Detour seem not to work for external DLL calls? HOT 6
- A question about how to hook into external libraries. HOT 1
- When I tried to hook some functions, it caused the program to crash HOT 4
- Link issue with x86-windows-static HOT 1
- Calling the original function fails after hooking the same function twice or more HOT 2
- Crashes when hooking e.g. QueryPerformanceCounter in x64 but works with x86 HOT 1
- Design issues with bool hook() and bool unHook() HOT 1
- Hooking function fails with "Warn: Couldn't decompile instructions at followed jmp" and "Error: Prologue jmp resolution failed" HOT 9
- Improper hooks when RSP instructions are in the prologue HOT 1
- Crash caused by unsafe read HOT 4
- Implement detour unit tests with emulator HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from polyhook_2_0.