LhWaitForPendingRemovals has a very severe bug.
It may hang forever!
I cannot believe that this has not been fixed in all these years.
Try the following code in a test application:
HANDLE h_Port = CreateFile("\\\\.\\Com1", GENERIC_READ, FILE_SHARE_READ|FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0);
DWORD u32_Read = 0;
ReadFile(h_Port, u8_Buffer, 10, &u32_Read, 0);
I hope you have a COM port on your computer to test it.
This code will hang forever if no data is received from the port.
If you set a hook on ReadFile() before executing the above code the hook routine will never return and LhWaitForPendingRemovals will hang
The solution is extremely simple: Specify a timeout for LhWaitForPendingRemovals like this:
EASYHOOK_NT_EXPORT LhWaitForPendingRemovals(int Timeout)
NTSTATUS NtStatus = STATUS_SUCCESS;
if (*Hook->IsExecutedPtr <= 0)
// release memory...
if (Timeout < 0)
// this hook cannot be released. But a little memory leak is better than hanging forever!
NtStatus = STATUS_TIMEOUT;
Timeout -= 25;