hoshimin / hooklib Goto Github PK

The functions interception library written on pure C and NativeAPI with UserMode and KernelMode support

License: MIT License

C 76.13% C++ 23.87%

x86-64 hooking hook x86 intercept-calls intercept hooklib hook-api hooks hooks-api

hooklib's Issues

Сделать хук для другого процесса

Возможно ли использовать вашу библиотеку для хука другого процесса?
Если да то подскажите пожалуйста что надо поменять в коде
hProc = OpenProcess(PROCESS_ALL_ACCESS, false, pid);
#define NtCurrentProcess() (hProc)

how to fix

please help

Breaks on W11

Build failed due to identifier "_Original" and "_State" is not defined

I have created a PR #7 for this issue .
Could you please check this? Thanks!

Hi, Александр,
I just downloaded your code (NOT git clone) and try to build the solution.
However, the compiler complained

C3861- '_Original' :  identifier is not defined
C3861- '_State' :  identifier is not defined

In file HookLib.h

I believed the the line 60

        return _Original;

should be

        return m_Original;

and line 82

        if (_State) return FALSE;

should be

        if (m_State) return FALSE;

After I corrected _Original to m_Original and _State to m_State, the project was built successfully.

Seems that This issue was introduced by commit
4576e43

I have created a PR #7 for this issue .
Could you please check this? Thanks!

cant find dynamic library in current folder

Is there an easy solution for this or am i fucked?

is my test doing good? xD i dont know what im looking at

32 bit

C:\Users\Administrator>"D:\github\HookLib-master\Release\HookLibTests.exe"
`anonymous-namespace'::testHookOnce:
Hook: 0 0 0.123000
[X] orig0 != nullptr


`anonymous-namespace'::testHookOnce:
Hook: 0 0 0.123000
Hook: 0 0 0.000000
Hook: 0 0 0.000000
Hook: 0 0 0.000000

`anonymous-namespace'::testSerialHooks:
Hook: 1 1 0.100000
Orig: 1 1 0.100000
Hook: 2 2 0.200000
Orig: 2 2 0.200000
Orig: 2 2 0.200000
Orig: 1 1 0.100000

`anonymous-namespace'::testSerialHooksMultiunhook:
Hook: 1 1 0.100000
Orig: 1 1 0.100000
Hook: 2 2 0.200000
Orig: 2 2 0.200000
Orig: 1 1 0.100000
Orig: 2 2 0.200000

`anonymous-namespace'::testMultihook:
Hook: 1 1 0.100000
Orig: 1 1 0.100000
Hook: 2 2 0.200000
Orig: 2 2 0.200000
Orig: 1 1 0.100000
Orig: 2 2 0.200000

`anonymous-namespace'::testContextsFixup:
[X] ctx.Rip == reinterpret_cast<size_t>(orig)

also i use the new zydis

and only change this part

    ZydisDecoder decoder;
    if (arch == x64)
    {
        ZydisDecoderInit(&decoder, ZYDIS_MACHINE_MODE_LONG_64, ZYDIS_ADDRESS_SIZE_HINT_64);
    }
    else
    {
        ZydisDecoderInit(&decoder, ZYDIS_MACHINE_MODE_LEGACY_32, ZYDIS_ADDRESS_SIZE_HINT_32);
    }
    ```
    
    address width is not exist anymore

hook failed with DbgkpCloseObject

nt!DbgkpCloseObject:
fffff804`566493f0 4983f901        cmp     r9,1
fffff804`566493f4 0f87fb000000    ja      nt!DbgkpCloseObject+0x105 (fffff804`566494f5)
fffff804`566493fa 488bc4          mov     rax,rsp
fffff804`566493fd 48895808        mov     qword ptr [rax+8],rbx
fffff804`56649401 48896810        mov     qword ptr [rax+10h],rbp
fffff804`56649405 48897018        mov     qword ptr [rax+18h],rsi
fffff804`56649409 48897820        mov     qword ptr [rax+20h],rdi
fffff804`5664940d 4156            push    r14

because of relocateBeginning() return false.

You cannot directly copy the bytecode of the jump instruction, This caused the redirect address to be incorrect

win 11 22000 bsod

Run test with kernel mode, get bsod. compiled with sdk 22621 and wdk 10

022023-9437-01.zip

help ASAP

i am new to the scripting so i need help.. i use visual studio code ik that but idk how to use it.. u talked about submodeling or smth in the 2nd before last issue u helped and I didn't understand anything. what do I have to do?..

Странный баг

Заметил странное поведение функции hook. Использую следующим образом в контексте обработки IRP:
OrigZwTerminateProcess = hook(ZwTerminateProcess, HookedZwTerminateProcess);
По какой-то причине может не работать и возвращает 0 и не хукает функцию. После перезагрузки пк(не пересобирая драйвер) начинает нормально работать. Есть какие либо идеи?

StopProcessors or ResumeProcessors freezes windows 10

second call to function that uses these two mentioned in title just makes windows 10 (1903) to freeze and there is no bsod
i personally tested it with kdmapper and my own driver
any help will be appreciated

Problem with hooking windows api

So when I tried to hook an windows API function example

	void* orginalSetCursor = nullptr;
	hook(SetCursor, hkSetCursor, &orginalSetCursor);

this throws an access violation at 0x0000000000000000 lol

hooking other functions works just fine, just the Windows API does not work

win10 KiDispatchException

win10 will cause the system to be unresponsive, not bsod.win7 is normal

[Help]HookLib.lib(HookLib.obj) : warning LNK4257: Object file was not compiled for kernel mode

I am trying to hook NtCreateUserProcess in the driver using hooklib, but I have encountered the following problem:

3>Building 'HookSysDemo' with toolset 'WindowsKernelModeDriver10.0' and the 'Desktop' target platform.
3>main.cpp
3>HookLib.lib(HookLib.obj) : warning LNK4257: object file was not compiled for kernel mode; the image might not run
3>LINK : error LNK1218: warning treated as error; no output file generated
3>Done building project "HookSysDemo.vcxproj" -- FAILED.

source code: frendguo@74a33f8

I see that the project's readme supports kernel mode. Am I using it incorrectly? Please help me.

windows 10 1809 page_fault_in_nonpaged_area

hello, this library is very useful, thank you for that. Today im try to test with windows 10 1809(x64) and got page_fault_in_nonpaged_area bugcheck error, anyways to fix it? sorry i just begining in kernel development.

This project doesn't contain the Configuration and Platform combination Release|x64

I have following error in my project while building when add reference to HookLib. What did I do wrong?

External dep(Zydis) is not resolved

Hello, first of all, thanks for your useful release!
Looks like u forgot to make zydis opensource? Module cannot be found on github

Cloning into 'HookLib'...
remote: Enumerating objects: 21, done.
remote: Counting objects: 100% (21/21), done.
remote: Compressing objects: 100% (17/17), done.
remote: Total 21 (delta 3), reused 21 (delta 3), pack-reused 0
Unpacking objects: 100% (21/21), done.
Submodule 'HookLib/Zydis' (https://github.com/zyantific/zydis.git) registered for p
ath 'HookLib/Zydis'
Cloning into '/home/a47/HookLib/HookLib/Zydis'...
remote: Enumerating objects: 184, done.
remote: Counting objects: 100% (184/184), done.
remote: Compressing objects: 100% (77/77), done.
remote: Total 5581 (delta 96), reused 165 (delta 91), pack-reused 5397
Receiving objects: 100% (5581/5581), 10.35 MiB | 10.77 MiB/s, done.
Resolving deltas: 100% (3863/3863), done.
error: Server does not allow request for unadvertised object 14808b0308fc01b804b7f5
4b2578f74d396ca653
Fetched in submodule path 'HookLib/Zydis', but it did not contain 14808b0308fc01b80
4b7f54b2578f74d396ca653. Direct fetching of that commit failed.

hoshimin / hooklib Goto Github PK

hooklib's Issues

Recommend Projects

Recommend Topics

Recommend Org

Jobs