ATTENTION: I heard some complains about using EasyHook on 64-Bit (Windows 7). So today I tried it myself and the thing is that some important APIs raise an UnsupportedException "STATUSNOTSUPPORTED: Hooking near (conditional) jumps is not supported. (Code: 487)”. This is NOT a failure of EasyHook. near jumps are to small too be hooked with EasyHook. Even if one could improve EasyHook to hook near jumps it is just not worth it. Instead use a disassembler and try to find other APIs in the call hierarchy that are supported by EasyHook. For example OpenProcess() is not supported on Windows 7 x64. Instead take a look at NtOpenProcess() in "ntdll.dll" and you will find that it IS SUPPORTED. Internally OpenProcess() will always call NtOpenProcess() so you are done... Please don't forget that hooking is not straigthforward and you have to experiment a bit and be creative. If you give up if hooking fails the first time you won't get far... regards chris
Well, I received many complains about the license change... So the license will stay LGPL, forever!
UPDATED: "EasyHook.h" was missing in the binary package...
Thanks to your bug reports, I can now provide a stable version of EasyHook! If the code changes break any of your existing applications, please report a bug! And also if you find other bugs ;-).
There are two issues I couldn't fix. There is more information about them in the file "KNOWN ISSUES.txt".
I worked on the following issues the community has reported for EasyHook 2.5 Beta.
1) EasyHook.IEntryPoint.Run doesn't error if match isn't found. ----- DONE
2) Not calling EasyHook.Config.Register fails. ----- DONE
3) Launch the sample indirectly introduced crash on Vista ---- NOT FIXED (try ShellExecute() because obviously the explorer is able to start it properly)
4) Defect: target process exit unexpected when CreateAndInject a cmd.exe ---- DONE
5) CreateAndInject doesn't work for managed targets ---- NOT FIXED (use a wrapper process, apply all hook locally into that process and then load the target process via Assembly.Load(), extract its main() method and execute it)
7) Get rid of the internal GAC-Util usage --- DONE / DRAWBACK: for managed injections you will always have to be admin, unless you are installing the DLLs with an installation routine in the GAC!
8) Get rid of the temporary directory --- DONE
9) Ability to pass custom flags to CreateProcess via CreateAndInject()! --- DONE
10) EasyHookSvc IPC-Channel requires admin privileges. ---- DONE / Now uses WorldSid if IsAdministrator() returns false within the service. This is only the case if the caller is not admin and started a WOW64Bypass, so all things should be fine now!