It's not work with Mhook_Unhook

Question

It's not work with Mhook_Unhook

RelicOfTesla opened this issue 10 years ago · 2 comments

Only hook one api, and call the Mhook_Unhook to restore it, It's bad to TrampolineGet return NULL.

Answer 1 · 2014-09-23T08:34:21.000Z

@poizan42 @martona This problem is only after merge e58a58c (Merge branch 'fix-remove-max-limit-patch' )
When I switch to efa4d7e (remove @poizan42 change), IT'S OK.
My OS is win7 x64,( but build in x86 mode)
//////////////////

#include <mhook-lib/mhook.h>

int (WINAPI* OldMessageBoxA)(
__in_opt HWND hWnd,
__in_opt LPCSTR lpText,
__in_opt LPCSTR lpCaption,
__in UINT uType) = MessageBoxA;

int WINAPI NewMessageBoxA(
__in_opt HWND hWnd,
__in_opt LPCSTR lpText,
__in_opt LPCSTR lpCaption,
__in UINT uType)
{
return 0;
}

int _tmain(int argc, _TCHAR* argv[])
{
Mhook_SetHook((void**)&OldMessageBoxA, NewMessageBoxA);
Mhook_Unhook((void**)&OldMessageBoxA);
MessageBoxA(0, 0, 0, 0);

return 0;

}

Answer 2 · 2015-12-18T03:46:31.000Z

In function Mhook_SetHook, *ppSystemFunction is assigned to pTrampoline->codeTrampoline.
In Mhook_Unhook, *ppSystemFunction is passed to TrampolineGet, by comparing with pCurrent->pHookFunction to get owned pTrampoline.

In my test, unhook always return FALSE because TrampolineGet always return NULL.

This bug can be fixed by modifying function TrampolineGet pCurrent->pHookFunction to pCurrent->codeTrampoline