How to Hook like this?

Oct 9, 2010 at 6:29 PM

Hi!

Suppose I know an entry of a function in  an Exe

how do I hook this function with EasyHook?

My code is as below:

namespace LibraryTest
{
    public class Main : EasyHook.IEntryPoint
    {
        Mywork.Interface Interface;
        LocalHook HookTest;
        public static IntPtr MessageHandler = new IntPtr(0x407250);//This is the entry point
        public Main(
            RemoteHooking.IContext InContext,
            String InChannelName)
        {
            // connect to host...
            Interface = RemoteHooking.IpcConnectClient<Mywork.Interface>(InChannelName);

            Interface.Ping();

        }
        public void Run(
             RemoteHooking.IContext InContext,
             String InChannelName)
        {
            try
            {
                HookTest = LocalHook.Create(
                   MessageHandler,
                   new DataHandler(MyHandler),
                   this);
                HookTest.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
            }
            catch (System.Exception ex)
            {
                Interface.ReportException(ex);
                return;
            }

            Interface.IsInstalled(RemoteHooking.GetCurrentProcessId());
            RemoteHooking.WakeUpProcess();
            while (true)
            {
                Thread.Sleep(500);
            }
        }
        [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
        public delegate uint DataHandler(uint zero, uint timestamp);

       
        static uint MyHandler(uint zero, uint timestamp)
        {
            Main This = (Main)HookRuntimeInfo.Callback;

            return 0;//Question here,how do I return?
        }

    }
}

I don't know how to get an funtion pointer in C#, So I don't know how to return from the Hook function

Thank you!

Oct 12, 2010 at 2:56 AM

Add something like this:

private DataHandler OrgDataHandler = (DataHandler)Marshal.GetDelegateForFunctionPointer(MessageHandler, typeof(DataHandler));

You can now do this:

return OrgDataHandler(zero, timestamp);
Hope this helps.