Hook "closure" aka: return??

Dec 5, 2009 at 10:52 PM
Edited Dec 5, 2009 at 10:53 PM

First off, I want to apologize for the cryptic Discussion Name. I just could not think of anything more descriptive.

I am using EasyHook in a very visual sense... in other words, I just copied everything in the Unmanaged docs until everything works.

 

I have at the beginning of my hook definitions the following cpp macro:

#define STANDARD_EASY_HOOK_SETUP \
\
    PVOID Backup;\
    PVOID CallStack[64];\
    MODULE_INFORMATION Mod;\
    ULONG MethodCount;\
    LhBarrierPointerToModule(0,0);\
    LhBarrierCallStackTrace(CallStack,64,&MethodCount);\
    LhBarrierGetCallingModule(&Mod);

 

No clue what precisely this is doing... though I do think I understand the injection process in theory.

 

Finally, when I'd first begun with EasyHook I remember a number of my hooks crashing if the return was not a call to the original routine. Lately I've added some hooks that seem to work ok with a premature return. So I'm wondering I guess if there are pitfalls either way, and in general I suppose I'm curious what anyone might have to say on the finer points of what is useful and safe to do inside an unmanaged easyhook. Eg. nothing application specific, just what is within the scope of the Easyhook API.