EasyHook | EasyHook - The reinvention of Windows API Hooking | Cybersecurity library
kandi X-RAY | EasyHook Summary
kandi X-RAY | EasyHook Summary
You can support the EasyHook project over at Bountysource or raise a bounty for an issue to be fixed:. This project supports extending (hooking) unmanaged code (APIs) with pure managed ones, from within a fully managed environment on 32- or 64-bit Windows Vista x64, Windows Server 2008 x64, Windows 7, Windows 8.1, and Windows 10. EasyHook currently supports injecting assemblies built for .NET Framework 3.5 and 4.0 and can also inject native DLLs.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of EasyHook
EasyHook Key Features
EasyHook Examples and Code Snippets
Community Discussions
Trending Discussions on EasyHook
QUESTION
As soon EasyHook EasyHook64.dll
intercepts the first DefWindowProcW
message, and from it starts a thread, it does not catch any DefWindowProcW
anymore:
ANSWER
Answered 2021-Sep-19 at 03:04There is no elegant solution for this in EasyHook, however if you are happy to install as many intermediate hooks as you need for the nesting levels you can chain them together.
The outermost hook will be the only one enabled initially.
It will first ensure all innermost hooks are disabled, then enable the next hook.
To prevent calling the hook for the same DefWindowProcW call, we can retrieve the next hook's bypass address and call that instead of the original DefWindowProcW like you would normally do.
As you have already discovered, once within a hook handler for a hook it will not trigger that same hook again until after the return statement has completed and we have gone back up the call stack. This is due to the thread-deadlock barrier in EasyHook.
Example:
QUESTION
I was trying to automatically inject a dll to every process (including GUI) whenever it is started by a user . My DLL hooks DoDragDrop method of winapi and communicates with server to decide allow or disallow the drag & drop process. I use easyhook (particularly this tutorial) for hooking part. I created a gist for my code : Gist
In this url it says: Doesn’t work reliably against GUI applications. Stick to console apps. No wonder it didn't work in microsoft edge, and chrome. I also tried code parts in these urls: first second Finally , I already certificated my dll.
Is there any other way apart from appcertdlls? Thank you in advance.
Edit: I can't use appinitdlls, some users might have secure boot enabled.
Edit2: Seems like dlls in some tutorials is under system32 (this, and this) , and I moved mine under system32 too, but it did not work.
...ANSWER
Answered 2021-Aug-04 at 07:35PsSetLoadImageNotifyRoutine can be used, though it is a solution in kernel mode.
QUESTION
i am trying to work on easyhook in python and here is my code
...ANSWER
Answered 2021-Mar-21 at 17:13QUESTION
There is a program which I can't modify it's code having been opened. I want to create a "watcher" to hook the closing event of that program in order to make the main window of the program hidden rather than being closed when users try to close that program.
I have googled it and someone says hook the API named OpenProcess
would work. I tried using a C# lib called "EasyHook" and succesfully inject a remote process and hook MessageBeep
API. Then I tried hooking OpenProcess
and TerminateProcess
, but the hooked methods of those two methods were never called.
So what is the proper method should I hook or is there any other way can realize my purpose? If there is no way to prevent the process being terminated with task manager, is there any tricks like hooking the close button of the window etc.?
PS. I don't know kernel programing of Windows and driver programing, so I want to realize it in user mode if it is possible.
...ANSWER
Answered 2020-Apr-28 at 19:17I want to create a "watcher" to hook the closing event of that program in order to make the main window of the program hidden rather than being closed when users try to close that program.
There is no process close event that you can hook. However, for GUI programs, there are WM_CLOSE
and WM_SYSCOMMAND|SC_CLOSE
window messages that you can intercept with SetWindowsHookEx()
.
I have googled it and someone says hook the API named OpenProcess would work.
Whoever said that hooking OpenProcess()
is the solution to this was either mistaken, or you misread what that hook was actually being used for.
I tried using a C# lib called "EasyHook" and succesfully inject a remote process and hook MessageBeep API. Then I tried hooking OpenProcess and TerminateProcess, but the hooked methods of those two methods were never called.
Of course, because you tried to hook them in the process that is being terminated, but that is not where they are called from, they are called in the process that is doing the terminating (ie, in Task Manager itself).
If there is no way to prevent the process being terminated with task manager
If the brute force "End Process (Tree)" option is used, then there is no option to catch/block that. The "End Task" option on the "Application" tab tries to perform a graceful termination using window messages before it resorts to brute force.
is there any tricks like hooking the close button of the window etc.?
See my first comment above.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install EasyHook
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page