Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CreateWindowExW Hook fails? #41

Open
ci70 opened this issue Dec 30, 2016 · 5 comments
Open

CreateWindowExW Hook fails? #41

ci70 opened this issue Dec 30, 2016 · 5 comments

Comments

@ci70
Copy link

ci70 commented Dec 30, 2016
edited
Loading

Hi this hook fails when injected in Explorer.exe on Windows 8.1 x64. Maybe because of trampoline size?
To test compile and inject in to Explorer.exe using ProcessHacker x64.

library Hook64;

uses
  System.SysUtils,
  System.Classes,
  Winapi.Windows,
  DDetours;

type
  HINST = NativeUInt;
  HMENU = type UINT_PTR;

var
_CreateWindowExW: function(
  dwExStyle: DWORD;
  lpClassName: LPCWSTR;
  lpWindowName: LPCWSTR;
  dwStyle: DWORD;
  x: Integer;
  y: Integer;
  nWidth: Integer;
  nHeight: Integer;
  hWndParent: HWND;
  hMenu: HMENU;
  hInstance: HINST;
  lpParam: LPVOID
): HWND; WINAPI = nil;


function __CreateWindowExW(
  dwExStyle: DWORD;
  lpClassName: LPCWSTR;
  lpWindowName: LPCWSTR;
  dwStyle: DWORD;
  x: Integer;
  y: Integer;
  nWidth: Integer;
  nHeight: Integer;
  hWndParent: HWND;
  hMenu: HMENU;
  hInstance: HINST;
  lpParam: LPVOID
): HWND; WINAPI;

begin
  if (lpClassName = 'Worker Window') then
  WriteLn('Intercepted!');

  Result := _CreateWindowExW(dwExStyle, lpClassName, lpWindowName, dwStyle, x, y, nWidth, nHeight, hWndParent, hMenu, hInstance, lpParam);
end;

begin
  AllocConsole;
  @_CreateWindowExW := InterceptCreate(@CreateWindowExW, @__CreateWindowExW);
end.
@ci70 ci70 changed the title CreateWindowEx Hook fails? CreateWindowExW Hook fails? Dec 30, 2016
@MahdiSafsafi
Copy link
Owner

Hi joeparkerz ,
Can you please specify type of error you got ?

@ci70
Copy link
Author

ci70 commented Dec 30, 2016
edited
Loading

It seems it just keeps restarting the process. It seems the library cannot handle trampoline that is bigger than a single line. This works for example.

function __CreateWindowExW(
  dwExStyle: DWORD;
  lpClassName: LPCWSTR;
  lpWindowName: LPCWSTR;
  dwStyle: DWORD;
  x: Integer;
  y: Integer;
  nWidth: Integer;
  nHeight: Integer;
  hWndParent: HWND;
  hMenu: HMENU;
  hInstance: HINST;
  lpParam: LPVOID
): HWND; WINAPI;
begin
  Result := _CreateWindowExW(dwExStyle, lpClassName, lpWindowName, dwStyle, x, y, nWidth, nHeight, hWndParent, hMenu, hInstance, lpParam);
end;

@MahdiSafsafi
Copy link
Owner

No it's not related to trampoline line's size ... Detours is totally independent on lines !
Can you test hooking CreateWindowExW function on your process (no injection) ?
Also consider using BeginHook/EndHooks frame. I got a lot of bug report because people didn't use them.

@ci70
Copy link
Author

ci70 commented Dec 30, 2016

No still don't work. :/

@callmeteus
Copy link

callmeteus commented Oct 17, 2021
edited
Loading

I know this is an old issue, but it is happening with me too.
The application just crashes when CreateWindowExW is called.

@callmeteus callmeteus mentioned this issue Oct 18, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@callmeteus @ci70 @MahdiSafsafi