can you hook dotnet methods?

Apr 27, 2012 at 4:06 PM

is there anyway with EasyHook to hook dotnet methods?

Coordinator
May 10, 2012 at 9:58 AM

Take a look at the .\Test\ManagedTest project.

May 10, 2012 at 10:56 PM
Edited May 10, 2012 at 11:38 PM

i played with this a bit today and can't get it to work myself.. in the example there, it doesn't actually seem to be hooking MethodA , but only hooking based on the delegate, the test code doesn't even call the real MethodA calls or MethodB calls to test that its hooking that call but the test code calls a delegate

LHTestMethodBDelegate.Invoke..
i'm not sure what to do next.


May 10, 2012 at 11:42 PM
Edited May 10, 2012 at 11:44 PM

Ok based on that i made a standalone example. which i'm hooking locally.. this is the code. however i can't seem to get it to hook

using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Threading;
using System.Text;
using EasyHook;

namespace DotNetHookTest
{
    class Program
    {
        [UnmanagedFunctionPointer(CallingConvention.StdCall)]
        delegate string ToHookSignature();

        private static ToHookSignature Original;
        static private IntPtr PointerToOriginal;

        static string ToHook()
        {
            Console.WriteLine(">ToHook Called");
            return "from ToHook";
        }

        static string Hooked()
        {
            Console.WriteLine(">Hooked Called");
            return "from Hooked";
        }


        static void Main(string[] args)
        {
            Console.WriteLine("current thread is hooked");
            Console.WriteLine("calling Tohook BEFORE hooking : {0}", ToHook());

            Original = new ToHookSignature(ToHook);
            GC.KeepAlive(Original);
            PointerToOriginal = Marshal.GetFunctionPointerForDelegate(Original);


            var hookinstance = LocalHook.Create(PointerToOriginal, new ToHookSignature(Hooked), 1);

            Console.WriteLine("(before activating) current thread is hooked = {0}", hookinstance.IsThreadIntercepted(Thread.CurrentThread.ManagedThreadId));
            hookinstance.ThreadACL.SetExclusiveACL(new int[1]);
            Console.WriteLine("(after activating) current thread is hooked = {0}", hookinstance.IsThreadIntercepted(Thread.CurrentThread.ManagedThreadId));

            Console.WriteLine("calling Tohook AFTER hooking : {0}", ToHook());

            Console.WriteLine("press enter to exit.");
            Console.ReadLine();
        }
    }
}

 

and here is the output

 

current thread is hooked
>ToHook Called
calling Tohook BEFORE hooking : from ToHook
(before activating) current thread is hooked = False
(after activating) current thread is hooked = True
>ToHook Called
calling Tohook AFTER hooking : from ToHook
press enter to exit.

 

from this we can see that hooking isn't working.. despite the fact that the thread is hooked on the "hookinstance"

Coordinator
May 11, 2012 at 11:19 AM

I'll look into it.. From debugging it looks like the MangedTest works - but I'll delve into it deeper and see what is happening.

May 11, 2012 at 4:27 PM
thanks for looking into it,
from my reading and running of the code in ManagedTest it doesn't call the method directly, just calls the lamda, when i update your code to call the method you wanted to hook directly it fails.


Coordinator
Jul 17, 2012 at 2:59 AM

Sorry for the delay in getting back to this. I experienced the same problem you have described. I'll create an issue regarding it.

Coordinator
Jul 17, 2012 at 3:05 AM
This discussion has been copied to a work item. Click here to go to the work item and continue the discussion.
Coordinator
Jul 17, 2012 at 3:33 AM
Edited Jul 17, 2012 at 3:38 AM

By the way - I was able to get the Hooked method to call instead of ToHook however a stack corruption would occur not long afterwards.

The code I used to get the "ToHook" address was:

var hookinstance = LocalHook.Create(Original.Method.MethodHandle.GetFunctionPointer(), new ToHookSignature(Hooked), 1);

I know this isn't a suitable solution yet, but it might help you along. The resulting output is

current thread is hooked
>ToHook Called
calling Tohook BEFORE hooking : from ToHook
(before activating) current thread is hooked = False
(after activating) current thread is hooked = True
press enter to exit.
>Hooked Called

Then crash.

Jul 20, 2012 at 9:04 PM

Hey all, I'm going to be playing with this one,  Give me some time to make myself familiar w/ this.

Jul 20, 2012 at 9:35 PM

i'm definately curious what becomes of this. Once its possible i have many scenarios where i'd use this.