2 questions regarding the EasyHook...

Mar 1, 2009 at 9:33 AM
Hey

First of all, GREAT JOB! (seriously!)

I still have a few questions regarding the EasyHook as a hooking framework for unmanaged project on windows XP, out of my experience with hooking frameworks...
- Can EasyHook hook functions from a service application? (SYSTEM users?)
- Does EasyHook override window's DEP? from my experience many hooking frameworks demand disabling of DEP on the targets.


Thanks a lot!
(and thanks to all the developers in this project!)
Coordinator
Mar 1, 2009 at 12:25 PM
Thanks ;-)...

> Can EasyHook hook functions from a service application? (SYSTEM users?)

Yes it can, but this task more likely falls into the managed injection, because since vista, hooking services is somewhat complicated... I never tested it with unmanaged injection but I think the least thing you will need is a service running under SYSTEM privileges.

> Does EasyHook override window's DEP?

NO! I have no idea why someone should need to disable DEP?! I have it enabled for ALL applications and hooking with easyhook works just fine, and easyhook even does some nasty things like making a part of the stack executable, for example... The only thing with DEP is you having to tell windows, that you want to execute something on the stack or whatever...

> developers in this project

Well, currently I am the only one ;-)
Mar 1, 2009 at 1:42 PM
Thanks for the quick reply!

I just didn't quite understand something about the "service application".
I'm writing a service in C++ (unmanaged), which currently should run in XP (not vista yet...), I'm injecting unmanaged code, from unmanaged code.
So from what I understood is that it should work, but you just didn't test it yet, did I get it right?


And Keep Up The Good Work !!! Way To Go !!! :-)

Coordinator
Mar 1, 2009 at 3:25 PM
> So from what I understood is that it should work, but you just didn't test it yet, did I get it right?

I didn't test unmanaged injection with system services as target. Unmanaged injection itself is tested ;-). The problem with targeting services is, as I said, that you have to run under SYSTEM privileges... I don't intend to write a "test system service" just for this special case and then also in unmanaged code *puuuhh*...
Mar 1, 2009 at 4:10 PM
> I didn't test unmanaged injection with system services as target

I meant injection from a service to an application (explorer.exe for example)....
The problem is that I am a SYSTEM user (from the service) and I want to inject a user (usually the logged on user) in explorer.exe (for example...).


Thanks!
Coordinator
Mar 1, 2009 at 5:11 PM
There shouldn't be any issues on XP but I remember that this might not work on vista...
Mar 2, 2009 at 8:10 AM
Okay, Thanks a lot for your help! :-)