mhook icon indicating copy to clipboard operation
mhook copied to clipboard
verified publisher icon martona

It's not work with Mhook_Unhook

Open RelicOfTesla opened this issue 11 years ago • 2 comments

Only hook one api, and call the Mhook_Unhook to restore it, It's bad to TrampolineGet return NULL.

RelicOfTesla avatar Sep 19 '14 17:09 RelicOfTesla

@poizan42 @martona This problem is only after merge e58a58ca31dbe14f202b9b26315bff9f7a32598c (Merge branch 'fix-remove-max-limit-patch' ) When I switch to efa4d7e7695a1fd934250b1acadf8a630f081b5f (remove @poizan42 change), IT'S OK. My OS is win7 x64,( but build in x86 mode) //////////////////

#include <mhook-lib/mhook.h>

int (WINAPI* OldMessageBoxA)( __in_opt HWND hWnd, __in_opt LPCSTR lpText, __in_opt LPCSTR lpCaption, __in UINT uType) = MessageBoxA;

int WINAPI NewMessageBoxA( __in_opt HWND hWnd, __in_opt LPCSTR lpText, __in_opt LPCSTR lpCaption, __in UINT uType) { return 0; }

int _tmain(int argc, _TCHAR* argv[]) { Mhook_SetHook((void**)&OldMessageBoxA, NewMessageBoxA); Mhook_Unhook((void**)&OldMessageBoxA); MessageBoxA(0, 0, 0, 0);

return 0;

}

RelicOfTesla avatar Sep 23 '14 08:09 RelicOfTesla

In function Mhook_SetHook, *ppSystemFunction is assigned to pTrampoline->codeTrampoline. In Mhook_Unhook, *ppSystemFunction is passed to TrampolineGet, by comparing with pCurrent->pHookFunction to get owned pTrampoline.

In my test, unhook always return FALSE because TrampolineGet always return NULL.

This bug can be fixed by modifying function TrampolineGet pCurrent->pHookFunction to pCurrent->codeTrampoline

gmmybu avatar Dec 18 '15 03:12 gmmybu