COM Hook

Question

COM Hook

GoogleCodeExporter opened this issue 9 years ago · 7 comments

GoogleCodeExporter commented 9 years ago

What is the function that you are trying to hook ?

Interface IInternetProtocol

What is the expected output? What do you see instead?

First chance exception at $006C0063. Exception class $C0000005 with message 
'access violation at 0x006c0063: write of address 0x009f2948'. Process 
Project3.exe (6552)

What version of the product are you using? On what operating system? Which
architecture x86 or x64 ?
Both

If the function hooked is not an windows API function , please include this
function .



Please provide any additional information below.

unit ComHook;

interface

uses
    Winapi.Windows,
    Winapi.WinInet,
    ComObj,
    ComServ,
    ActiveX,
    UrlMon,
    MSHTML,
    SHDocVw,
    DDetours;

const
    CLSID_HttpProtocol: TGUID = '{79EAC9E2-BAF9-11CE-8C82-00AA004BA90B}';

type
  TInternetProtocol = record
    class function Read(Self: Pointer; pv: Pointer; cb: ULONG; out cbRead: ULONG): HResult; stdcall; static;
    class function Seek(Self: Pointer; dlibMove: LARGE_INTEGER; dwOrigin: DWORD; out libNewPosition: ULARGE_INTEGER): HResult; stdcall; static;
    class function LockRequest(Self: Pointer; dwOptions: DWORD): HResult; stdcall; static;
    class function UnlockRequest(Self: Pointer): HResult; stdcall; static;
  end;

  procedure Hook;
  procedure UnHook;

var
    FInternetProtocol: IInternetProtocol;
    FRead: function(Self: Pointer; pv: Pointer; cb: ULONG; out cbRead: ULONG): HResult; stdcall;
    FSeek: function(Self: Pointer; dlibMove: LARGE_INTEGER; dwOrigin: DWORD; out libNewPosition: ULARGE_INTEGER): HResult; stdcall;
    FLockRequest: function(Self: Pointer; dwOptions: DWORD): HResult; stdcall;
    FUnlockRequest: function(Self: Pointer): HResult; stdcall;

implementation

{ TInternetProtocol }

class function TInternetProtocol.Read(Self: Pointer; pv: Pointer; cb: ULONG; 
out cbRead: ULONG): HResult; stdcall;
begin
  Result := FRead(Self, pv, cb, cbRead);
end;

class function TInternetProtocol.Seek(Self: Pointer; dlibMove: LARGE_INTEGER; 
dwOrigin: DWORD; out libNewPosition: ULARGE_INTEGER): HResult; stdcall;
begin
  Result := FSeek(Self, dlibMove, dwOrigin, libNewPosition);
end;

class function TInternetProtocol.LockRequest(Self: Pointer; dwOptions: DWORD): 
HResult; stdcall;
begin
  Result := FLockRequest(Self, dwOptions);
end;

class function TInternetProtocol.UnlockRequest(Self: Pointer): HResult; stdcall;
begin
  Result := FUnlockRequest(Self);
end;

procedure Hook;
begin
  { IInternetProtocol } { starts with 7 }
  @FRead := InterceptCreate(FInternetProtocol, 'Read', @TInternetProtocol.Read);
  @FSeek := InterceptCreate(FInternetProtocol, 'Seek', @TInternetProtocol.Seek);
  @FLockRequest := InterceptCreate(FInternetProtocol, 'LockRequest', @TInternetProtocol.LockRequest);
  @FUnlockRequest := InterceptCreate(FInternetProtocol, 'UnlockRequest', @TInternetProtocol.UnlockRequest);
end;

procedure UnHook;
begin
//
end;

initialization
  CoCreateInstance(CLSID_HttpProtocol, nil, CLSCTX_INPROC_SERVER, IID_IInternetProtocol, FInternetProtocol);
  Hook;

end.

Original issue reported on code.google.com by david.lo...@gmail.com on 23 Jan 2015 at 12:24

Answer 1 · 2015-06-11T18:59:51.000Z

If standard hooking COM mechanism is used with Index. 

First chance exception at $01406E02. Exception class $C0000096 with message 
'privileged instruction at 0x01406e02'. Process Project3.exe (7064)

Original comment by david.lo...@gmail.com on 23 Jan 2015 at 12:26

Answer 2 · 2015-06-11T18:59:51.000Z

Hi,
Hooking by name is only supported with pure delphi interface and object.Thats 
mean the interface and the class that implement the inteface must be coded in 
delphi.
So it will not works with COM interface that are implemented with c++ or others 
programming languages.

Mahdi.

Original comment by ismspi...@gmail.com on 23 Jan 2015 at 1:26

Answer 3 · 2015-06-11T18:59:51.000Z

This interface is implemented in Delphi :)

  {$EXTERNALSYM IInternetProtocol}
  IInternetProtocol = interface(IInternetProtocolRoot)
    ['{79eac9e4-baf9-11ce-8c82-00aa004ba90b}']
    function Read(pv: Pointer; cb: ULONG; out cbRead: ULONG): HResult; stdcall;
    function Seek(dlibMove: LARGE_INTEGER; dwOrigin: DWORD; out libNewPosition: ULARGE_INTEGER): HResult; stdcall;
    function LockRequest(dwOptions: DWORD): HResult; stdcall;
    function UnlockRequest: HResult; stdcall;
  end;

Original comment by david.lo...@gmail.com on 23 Jan 2015 at 1:28

Answer 4 · 2015-06-11T18:59:51.000Z

But the class is implemented in c++ (i think).

Original comment by ismspi...@gmail.com on 23 Jan 2015 at 1:34

Answer 5 · 2015-06-11T18:59:51.000Z

Problem was the index. Its really hard to get index sometime..

Original comment by david.lo...@gmail.com on 23 Jan 2015 at 2:15

Answer 6 · 2015-06-11T18:59:51.000Z

You can close this issue with "Wont Fix".

Original comment by david.lo...@gmail.com on 23 Jan 2015 at 2:26

Answer 7 · 2015-06-11T18:59:52.000Z

It not that i don't want to fix !
The c/c++ class does not use the standard rtti (as delphi).. that's make it 
mostly impossible to get the function address by name(At least with delphi).
Furthermore rtti in c/c++ can be enabled or disabled by compiler directive (as 
delphi).When rtti is disabled there is no way to get the function name.

Have a nice day.

Original comment by ismspi...@gmail.com on 23 Jan 2015 at 2:44

Changed state: WontFix