Hook successful but my proc was not called

Jul 5, 2011 at 6:14 AM
Edited Jul 5, 2011 at 6:18 AM


 Hi,

I am trying to use the easyhook in my practiced project. I used following codes . It is in the dllmain() of the dll injected. In the execution, it shows the functions returned success, but the hook procedure is never called. I tried 32&64 bit software with respective dll on win7 x64, the result is same.

Is something wrong my codes?

Thanks,

W.


    HMODULE                 hUser32 = LoadLibraryA("user32.dll");   

TRACED_HOOK_HANDLE      hHook = new HOOK_TRACE_INFO();   

NTSTATUS                NtStatus;   

ULONG                   ACLEntries[1] = {0};

FARPROC proc =  GetProcAddress(hUser32, "MessageBeep");
    FORCE(LhInstallHook(          proc ,            MessageBeepHook,            (PVOID)0x12345678,            hHook));


DebugOut("hook is %d, hUser32=%p, proc=%p\n",NtStatus, hUser32,proc);
    // won't invoke the hook handler because hooks are inactive after installation   

MessageBeep(123);
    // activate the hook for the current thread   

FORCE(LhSetInclusiveACL(ACLEntries, 1, hHook));

DebugOut("inforced \n");
    // will be redirected into the handler...   

MessageBeep(123);
    // this will also invalidate "hHook", because it is a traced handle...   

LhUninstallAllHooks();
    // this will do nothing because the hook is already removed...   

LhUninstallHook(hHook);
    // now we can safely release the traced handle   

delete hHook;

ERROR_ABORT:   

hHook = NULL;

Jul 5, 2011 at 6:20 AM

I referred to the unmanage sample.  If I just want to hook from application, do I have to call following statement to load the driver?

FORCE(RhInstallSupportDriver());