|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
flashcoder Newbie cheater Reputation: 0
Joined: 29 Jan 2017 Posts: 14
|
Posted: Fri Mar 24, 2017 11:26 am Post subject: Enumeration of global hooks with Access Violation |
|
|
With code below i'm able to enumerate and unhook all global hooks created by SetWindowsHookEx function in Windows 7 x64 and upper.
Already when this code is tested with Windows 7 x86 comes a Access Violation on following line:
Code: |
if (pHandle->bType != TYPE_HOOK) continue;
|
When i uncomment these two lines:
Code: |
printf("Found hook at %p", HookInfo);
printf(" Handle: %08llX %s %2d %d\n\n", HookInfo->Handle, (Unhooked) ? ("Unhook OK!") : ("Unhook Fail"), HookInfo->HookType, HookInfo->Flags);
|
Access Violation happen after second printf() execution.
Some suggestion about what is causing this error?
Complete code:
Code: |
// test.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include <windows.h>
#include <WinNT.h>
//#define _WIN64
#define TYPE_HOOK 5
BOOL Unhooked = FALSE;
using namespace std;
typedef struct _HANDLEENTRY {
PVOID pHead;
PVOID pOwner;
BYTE bType;
BYTE bFlags;
WORD wUniq;
} HANDLEENTRY, *PHANDLEENTRY;
typedef struct _SERVERINFO {
WORD wRIPFlags;
WORD wSRVIFlags;
WORD wRIPPID;
WORD wRIPError;
ULONG cHandleEntries;
} SERVERINFO, *PSERVERINFO;
typedef struct _SHAREDINFO {
PSERVERINFO psi;
PHANDLEENTRY aheList;
ULONG HeEntrySize;
ULONG_PTR pDispInfo;
ULONG_PTR ulSharedDelta;
ULONG_PTR awmControl;
ULONG_PTR DefWindowMsgs;
ULONG_PTR DefWindowSpecMsgs;
} SHAREDINFO, *PSHAREDINFO;
typedef struct _HOOK_
{
HANDLE Handle;
ULONG LockObj;
PVOID ThreadInfo;
PVOID Desktop1;
PVOID Self;
PVOID NextHook;
LONG HookType;
PVOID FunctionAddress;
ULONG Flags;
ULONG ModuleHandle;
PVOID Hooked;
PVOID Desktop2;
ULONG bitField;
} HOOK_;
SHAREDINFO* GetgSharedInfo() {
SHAREDINFO* gSharedInfo = NULL;
HMODULE huser32 = NULL;
huser32 = LoadLibrary(L"user32.dll");
if (huser32 == NULL)
{
printf("LoadLibrary faild\n");
return 0;
}
gSharedInfo = (SHAREDINFO*)GetProcAddress(huser32, "gSharedInfo");
if (gSharedInfo != NULL)
{
return gSharedInfo;
}
return NULL;
}
void EnumHandles3264(SHAREDINFO *pSharedInfo)
{
struct _TEB* pTeb = NtCurrentTeb();
#ifdef _WIN64
ULONGLONG offset = *(ULONGLONG*)(((BYTE*)pTeb) + 0x800 + 0x28);
#else
ULONG offset = *(ULONG*)(((BYTE*)pTeb) + 0x6CC + 0x1C);
#endif
ULONG cHandleEntries = pSharedInfo->psi->cHandleEntries;
HANDLEENTRY *Handle = (HANDLEENTRY*)pSharedInfo->aheList;
for (ULONG i = 0; i < cHandleEntries; ++i)
{
HANDLEENTRY* pHandle = Handle++;
HOOK_* HookInfo = (HOOK_*)((UINT_PTR)pHandle->pHead - offset);
if (pHandle->bType != TYPE_HOOK) continue;
if (HookInfo)
{
Unhooked = UnhookWindowsHookEx((HHOOK)HookInfo->Handle);
printf("Found hook at %p\n", HookInfo);
#ifdef _WIN64
printf("Handle: %08llX %s %2d %d\n\n", HookInfo->Handle, (Unhooked) ? ("Unhook OK!") : ("Unhook Fail"), HookInfo->HookType, HookInfo->Flags);
#else
printf("Handle: 0x%.8X %s %2d %d\n\n", HookInfo->Handle, (Unhooked) ? ("Unhook OK!") : ("Unhook Fail"), HookInfo->HookType, HookInfo->Flags);
#endif
}
}
}
//////// In main() funtion: ////////
EnumHandles3264(GetgSharedInfo());
|
Description: |
|
Filesize: |
90.81 KB |
Viewed: |
7539 Time(s) |
|
Last edited by flashcoder on Sat Mar 25, 2017 5:23 pm; edited 3 times in total |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Fri Mar 24, 2017 12:24 pm Post subject: |
|
|
perhaps pHandle is NULL
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
atom0s Moderator Reputation: 199
Joined: 25 Jan 2006 Posts: 8518 Location: 127.0.0.1
|
Posted: Sat Mar 25, 2017 2:54 pm Post subject: |
|
|
Code: | #ifdef _WIN64
ULONGLONG offset = *(ULONGLONG*)(((BYTE*)pTeb) + 0x800 + 0x28);
#else
ULONG offset = *(ULONG*)(((BYTE*)pTeb) + 0x6CC + 0x1C);
#endif |
You are not reading into the pointers properly.
_________________
- Retired. |
|
Back to top |
|
|
flashcoder Newbie cheater Reputation: 0
Joined: 29 Jan 2017 Posts: 14
|
Posted: Sat Mar 25, 2017 3:53 pm Post subject: |
|
|
atom0s wrote: | Code: | #ifdef _WIN64
ULONGLONG offset = *(ULONGLONG*)(((BYTE*)pTeb) + 0x800 + 0x28);
#else
ULONG offset = *(ULONG*)(((BYTE*)pTeb) + 0x6CC + 0x1C);
#endif |
You are not reading into the pointers properly. |
Ok,
The error about printf() already was solved:
Code: |
#ifdef _WIN64
printf("Handle: %08llX %s %2d %d\n\n", HookInfo->Handle, (Unhooked) ? ("Unhook OK!") : ("Unhook Fail"), HookInfo->HookType, HookInfo->Flags);
#else
printf("Handle: 0x%.8X %s %2d %d\n\n", HookInfo->Handle, (Unhooked) ? ("Unhook OK!") : ("Unhook Fail"), HookInfo->HookType, HookInfo->Flags);
#endif
|
Now, how could be for read the pointers properly?
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|