Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Enumeration of global hooks with Access Violation

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
flashcoder
Newbie cheater
Reputation: 0

Joined: 29 Jan 2017
Posts: 14

PostPosted: Fri Mar 24, 2017 11:26 am    Post subject: Enumeration of global hooks with Access Violation Reply with quote

With code below i'm able to enumerate and unhook all global hooks created by SetWindowsHookEx function in Windows 7 x64 and upper.

Already when this code is tested with Windows 7 x86 comes a Access Violation on following line:

Code:

if (pHandle->bType != TYPE_HOOK) continue;


When i uncomment these two lines:

Code:

printf("Found hook at %p", HookInfo);
printf(" Handle: %08llX %s %2d %d\n\n", HookInfo->Handle, (Unhooked) ? ("Unhook OK!") : ("Unhook Fail"), HookInfo->HookType, HookInfo->Flags);


Access Violation happen after second printf() execution.

Some suggestion about what is causing this error?

Complete code:

Code:

// test.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
#include <windows.h>
#include <WinNT.h>

//#define _WIN64

#define TYPE_HOOK   5

BOOL Unhooked = FALSE;

using namespace std;

typedef struct _HANDLEENTRY {
    PVOID pHead;
    PVOID pOwner;
    BYTE bType;
    BYTE bFlags;
    WORD wUniq;
} HANDLEENTRY, *PHANDLEENTRY;

typedef struct _SERVERINFO {
    WORD            wRIPFlags;
    WORD            wSRVIFlags;
    WORD            wRIPPID;
    WORD            wRIPError;
    ULONG           cHandleEntries;
} SERVERINFO, *PSERVERINFO;

typedef struct _SHAREDINFO {
    PSERVERINFO psi;
    PHANDLEENTRY aheList;
    ULONG HeEntrySize;
    ULONG_PTR pDispInfo;
    ULONG_PTR ulSharedDelta;
    ULONG_PTR awmControl;
    ULONG_PTR DefWindowMsgs;
    ULONG_PTR DefWindowSpecMsgs;
} SHAREDINFO, *PSHAREDINFO;

typedef struct _HOOK_
{
    HANDLE Handle;
    ULONG LockObj;
    PVOID ThreadInfo;
    PVOID Desktop1;
    PVOID Self;
    PVOID NextHook;
    LONG HookType;
    PVOID FunctionAddress;
    ULONG Flags;
    ULONG ModuleHandle;
    PVOID Hooked;
    PVOID Desktop2;
    ULONG bitField;
} HOOK_;

SHAREDINFO* GetgSharedInfo() {

    SHAREDINFO* gSharedInfo = NULL;
    HMODULE   huser32 = NULL;

    huser32 = LoadLibrary(L"user32.dll");
    if (huser32 == NULL)
    {
        printf("LoadLibrary faild\n");
        return 0;
    }

    gSharedInfo = (SHAREDINFO*)GetProcAddress(huser32, "gSharedInfo");
    if (gSharedInfo != NULL)
    {
        return gSharedInfo;
    }

    return NULL;
}

void EnumHandles3264(SHAREDINFO *pSharedInfo)
{
    struct _TEB* pTeb = NtCurrentTeb();
#ifdef _WIN64
    ULONGLONG offset = *(ULONGLONG*)(((BYTE*)pTeb) + 0x800 + 0x28);
#else
    ULONG offset = *(ULONG*)(((BYTE*)pTeb) + 0x6CC + 0x1C);
#endif
    ULONG cHandleEntries = pSharedInfo->psi->cHandleEntries;
    HANDLEENTRY *Handle = (HANDLEENTRY*)pSharedInfo->aheList;
    for (ULONG i = 0; i < cHandleEntries; ++i)
    {
        HANDLEENTRY* pHandle = Handle++;
        HOOK_* HookInfo = (HOOK_*)((UINT_PTR)pHandle->pHead - offset);

        if (pHandle->bType != TYPE_HOOK) continue;
        if (HookInfo)
        {
            Unhooked = UnhookWindowsHookEx((HHOOK)HookInfo->Handle);
            printf("Found hook at %p\n", HookInfo);
#ifdef _WIN64
         printf("Handle: %08llX %s %2d %d\n\n", HookInfo->Handle, (Unhooked) ? ("Unhook OK!") : ("Unhook Fail"), HookInfo->HookType, HookInfo->Flags);
#else
         printf("Handle: 0x%.8X %s %2d %d\n\n", HookInfo->Handle, (Unhooked) ? ("Unhook OK!") : ("Unhook Fail"), HookInfo->HookType, HookInfo->Flags);
#endif

        }

    }

}

//////// In main() funtion: ////////

EnumHandles3264(GetgSharedInfo());





08cfe963e74a427baeb76f5bc64c3d35.png
 Description:
 Filesize:  90.81 KB
 Viewed:  7497 Time(s)

08cfe963e74a427baeb76f5bc64c3d35.png




Last edited by flashcoder on Sat Mar 25, 2017 5:23 pm; edited 3 times in total
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Fri Mar 24, 2017 12:24 pm    Post subject: Reply with quote

perhaps pHandle is NULL
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Sat Mar 25, 2017 2:54 pm    Post subject: Reply with quote

Code:
#ifdef _WIN64
    ULONGLONG offset = *(ULONGLONG*)(((BYTE*)pTeb) + 0x800 + 0x28);
#else
    ULONG offset = *(ULONG*)(((BYTE*)pTeb) + 0x6CC + 0x1C);
#endif


You are not reading into the pointers properly.

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
flashcoder
Newbie cheater
Reputation: 0

Joined: 29 Jan 2017
Posts: 14

PostPosted: Sat Mar 25, 2017 3:53 pm    Post subject: Reply with quote

atom0s wrote:
Code:
#ifdef _WIN64
    ULONGLONG offset = *(ULONGLONG*)(((BYTE*)pTeb) + 0x800 + 0x28);
#else
    ULONG offset = *(ULONG*)(((BYTE*)pTeb) + 0x6CC + 0x1C);
#endif


You are not reading into the pointers properly.


Ok,

The error about printf() already was solved:

Code:

#ifdef _WIN64
         printf("Handle: %08llX %s %2d %d\n\n", HookInfo->Handle, (Unhooked) ? ("Unhook OK!") : ("Unhook Fail"), HookInfo->HookType, HookInfo->Flags);
#else
         printf("Handle: 0x%.8X %s %2d %d\n\n", HookInfo->Handle, (Unhooked) ? ("Unhook OK!") : ("Unhook Fail"), HookInfo->HookType, HookInfo->Flags);
#endif


Now, how could be for read the pointers properly?
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites