YOUR FEATURE-WISHLIST...?!

Coordinator
Mar 9, 2009 at 8:27 PM
Edited Mar 11, 2009 at 9:36 AM
Since EasyHook now reached its stable state, maybe it is time to ask about missing features...

Don't think about whether your ideas are practical or not, leave this to me ;-).

Even if I look at comparable products on the market they all seem to have nothing special to be implemented in EasyHook, at least from my eyes...
Just to give you some hints... Look at MadCodeHook (www.madshi.net) or Microsoft Detours (seems to be down: http://research.microsoft.com/en-us/projects/detours/) or whatever you find in the net! YES i am not insane, I am redirecting you to the enemy :-D. Tell me what you find useful and what is not already implemented in EasyHook (as far as you know).

If you're referring to a feature taken from another library, please also post a link where I can find it...

Already planned for EasyHook 2.7:

1) TRY: Utilizing the CLR Hosting API to eliminate GAC usage
2) Authenticode signing of all binaries


Feature-Wishlist:
3) More tutorials. Focus on providing examples showing how to do things in EasyHook that are already done in Detours and Madshi.

Well and so on... Your ideas will be implemented in EasyHook 2.7; if it is possible at all...

Mar 10, 2009 at 10:18 PM
Well let me first say Thank you for making this great library.

The only thing I can think of is to create more tutorials and examples showing what easy hook can do. Libraries like MS Detours as you mentioned may not have the appeal as it once did, but it does have some great tutorials showing the most basic of things, from showing how to hook and parse msn messenger messages, to fire off a message box in notepad once the user opens up the Find box. It doesn't have to be complicated, just good quality examples  : )
Coordinator
Mar 11, 2009 at 8:25 AM
Yes this is worth a point ;-). I will definitely provide more tutorials in the next version...
Mar 11, 2009 at 3:46 PM
Great, I'm glad to see you've picked up work on it again, this is a professional quality library, and I'm glad to see it active.

Have you tried Windows 7 Compatibility with their Beta yet?
Coordinator
Mar 11, 2009 at 4:00 PM
Edited Mar 11, 2009 at 4:04 PM
No and this wouldn't bring any advantage... Especially the security policies are the ones I always saw changing significantly from Beta to Release... And I doubt that Windows 7, since it is relying on Vista, will bring any new concept which would break the current way of hooking. So we will just have to wait for windows 7 public release. I can't imagine that there are any probs. The switch from windows 98 to 2000 was a breaking change, but not this one ;-). I hope :-D

I am not currently developing EasyHook. The version 2.6 was just a kind of "service pack" to fix the bugs reported by the community and the GACUtil thing... I am busy with another project the next months and also the last 6 months, so there is no time for EasyHook! And as stated above, I wouldn't even know what to change on EasyHook... But I intend to release the 2.7 in June or July...

regards
chris
Mar 11, 2009 at 4:12 PM
Cool, my birthday is in July, I'll be looking forward to it.  : )
Mar 15, 2009 at 9:13 AM
Edited Mar 20, 2009 at 4:55 AM
First off, this project kicks ass.  Thanks for the update and even doing it in the first place.

One thing that would be really cool is some easy way to get from unmanaged code in the target process to a managed hook...<snip>
Coordinator
Mar 15, 2009 at 11:42 AM
Edited Mar 18, 2009 at 8:23 AM
What you can do is to create a method with the UnmanagedFunctionPointer-Attribute and obtain an unmanaged entry point with Marshal::GetFunctionPointerForDelegate(). Then you could pass this pionter to unmanaged code.

Mar 18, 2009 at 4:55 AM
Edited Mar 20, 2009 at 4:55 AM
Cool, thanks for the info!!
Mar 18, 2009 at 11:13 PM
Edited Mar 18, 2009 at 11:14 PM
I'd really like it if I could pipe the output from CreateAndInject into my app... I know how to do it, but I can't quite see how I can get the pipes from the C++ transferred into something meaningful in C#. I'm very new to this C#/C++ interaction, so perhaps it's easy... Either way, it's be very useful. As it is I can't tell why my app is failing to run as I can't get any output from it.

Many thanks for the code as it is though! Keep up the good work!
Mar 23, 2009 at 11:20 PM
Detours (e.g. the detours setdll sample) has some support (buggy in my experience) for rewriting the imports table of a binary so that you can rewrite an executable to automatically load a detouring library. I'm wondering if something like this would be feasible and helpful:
Add an API to rewrite and save a binary to automatically use your easy hook unmanaged or even a managed dlls.

Haven't looked into it (yet), I guess at least for unmanaged hooking this might already be an easy thing to do by just using detours to load an unmanaged easyhook dll?

Ben
Apr 8, 2009 at 12:25 PM
Maybe, It might be useful to have 2 examples for:

1) monitoring of the started processes in asynch manner not by timer;
2) to have an example of getting the list of ALL API calls implemented in ALL DLLs launched by the process. In turn to make a decision to hook some of these API calls or not.

Good luck to Easy Hook!
Igor
May 9, 2009 at 8:14 PM

Feature Request - CreateProcess Hook Chaining

I have a process that I have hooked successfully using CreateAndInject().  However, this process is apparently calling CreateProcess to launch secondary processes which are evading my hooks.  I am working on some manual work-arounds via post-CreateAndInject injections to the PIDs that share the name of the secondary processes I have observed in Taskman.

However, instead of that hackish set of manual steps, it seems that a better way would be to hook into CreateProcess from the beginning.  Then, as each process is created, hook into each of the newly created processes in the same way that the initial CreateAndInject() is done on the root process.  Since child procs would be hooked in this same way, grandchildren processes would be not be missed either should they spring up.

While I suspect I can do this myself, it would be great to have this built-in to the EasyHook library by default.

Thanks so much!

-Jonathan

May 21, 2009 at 6:27 AM

Thank you for your publishing the practical library. 

Please change the base address of the DLLs (like rebase.exe does) to avoid the relocation at loading. It's easy and trouble-free task, I think.

Nov 19, 2009 at 3:21 PM
jlb0001 wrote:

Feature Request - CreateProcess Hook Chaining

I have a process that I have hooked successfully using CreateAndInject().  However, this process is apparently calling CreateProcess to launch secondary processes which are evading my hooks.  I am working on some manual work-arounds via post-CreateAndInject injections to the PIDs that share the name of the secondary processes I have observed in Taskman.

However, instead of that hackish set of manual steps, it seems that a better way would be to hook into CreateProcess from the beginning.  Then, as each process is created, hook into each of the newly created processes in the same way that the initial CreateAndInject() is done on the root process.  Since child procs would be hooked in this same way, grandchildren processes would be not be missed either should they spring up.

While I suspect I can do this myself, it would be great to have this built-in to the EasyHook library by default.

Thanks so much!

-Jonathan

+1, from tests of multiple users in the discussion forum about this subject, it appears that hooking CreateProcess to propagate hooks into child freshly spawned process is not so easy, more specifically when hooking & spawning a 32 bit prog from 64 !

 

Jan 13, 2010 at 11:23 AM

It will be useful to have an API to retrieve the pointer to the original function. The way that MadCHook (realFunc) and Detours (TrueFunc) do. This will allow to call the original API bypassing the hook. This is required in some projects for sure.

Jan 14, 2010 at 2:52 AM
Edited Jan 14, 2010 at 2:58 AM

The OldProc pointer of the structure LOCAL_HOOK_INFO do provide you the original pointer.  You get it when calling LhInstallHook.

Chris's reply: http://easyhook.codeplex.com/Thread/View.aspx?ThreadId=53791