WOW64 unmanaged hook.

Mar 18, 2009 at 9:04 AM
Edited Mar 18, 2009 at 9:40 AM
I know EasyHook is able to hook through the WOW64 barrier by managed code.  How can do the same thing in unmanaged c++? (x64 process to create and hook win32 process)?  

I am hooking the DCOMLauncher service process.  I hooked the CreateProcessAsUser API to launch and hook child process (COM exe).  It works perfectly on 32bit platform.  (Thank Chris for your great works).  It also works on 64bit platform to create and hook 64bit COM object.  It fails when the 64bit service try to create and hook 32bit COM object and return error as following: 

It is not supported to directly hook through the WOW64 barrier.

Any suggestions to workaround?
Mar 18, 2009 at 10:32 AM
The same way EasyHook is doing it for managed injections... Create an injection process for the target architecture and inject the library from within this process. This can get complicated if you want to provide all features EasyHook is providing for injections. But since you only want to hook a special process you should be able to use command line parameters instead of establishing a RPC connection.