I found a problem while using EasyHook 2.6 with this configuration: 32-bit Win 7 with SP1.
LhInstallHook function in EasyHook always crashes when I try to install hook on function LsaLogonUser. The crash happens in file DriverShared\LocalHook\install.c on line 357:
*((ULONGLONG*)Hook->TargetProc) = AtomicCache;
Exception code is 0xc0000005 (Access violation).
This issue happens ALWAYS. So I think if you have 32-bit Win 7 with SP1, it should be easy to reproduce.
Note, that hooking LsaLogonUser works perfectly:
- on other Windows versions (XP, Vista)
- on 64-bit Windows 7 with or without service packs
- even on 32-bit Win 7 without SP1
However, there are clearly some problems with SP 1, on 32-bit Win7. I only discovered that hooking LsaLogonUser causes crash, but there may be other API functions that can cause it.
Since install.c didn't change in 2.7, I assume that the issue wasn't fixed.
Any ideas what can cause the crash? I understand that LsaLogonUser may not be hookable under some circumstances, but in this case LhInstallHook should return an error, I think. Crashing application is not a correct behavior.