EasyHook Example Bug

Sep 28, 2011 at 2:31 PM

Hello Everybody,

I'm fairly new to EasyHook. But managed to create my own application that monitors file and registry access for my running programs, much like in the Process Monitor example.

It all seems to work great for regedit, notepad, explorer , office etc etc. But the strange thing is, when I use the createFileW hook to monitor file access for ms paint, I can't save files anymore. I'm having the exact same problem with the process monitor example included in EasyHook. With more debugging I found the problem to be specific for Windows 7 (only tried the 32Bit).

Does anybody else have this problem as well? Or does somebody know how to fix it?

 

You can replicate the issue by:

Starting the Process Monitor example tool

Start Paint

Hook mspaint.exe

In paint, try to save as a new file name

 

Thanks,

Martijn

Sep 29, 2011 at 11:38 AM

Hey Guys, after a lot of trying I think I found the solution:

Remove EasyHook from the GAC
Recompile using x86 settings

Will let you know if I'm sure.

Oct 3, 2011 at 6:28 AM

Unfortunately it doesn't seem to work all the times. Clearing the hook from GAC and rebooting seems to work sometimes, but the second time I start Paint it doesn't work anymore for sure.
Will do some more testing and get back on you.