Thread: Strange error while attempting API hooking

  1. #1
    Registered User
    Join Date
    Nov 2006
    Location
    Pakistan
    Posts
    3

    Strange error while attempting API hooking

    Here's what I'm doing:

    1. CreateProcess() with name of .exe to hook, and specify CREATE_SUSPENDED flag
    2. CreateRemoteThread() on suspended process, with address of NtAlertThread
    3. Do hooking
    4. ResumeThread() on process

    Apparently, this is causing some problems with applications that load .NET dlls. For example, Calculator and Notepad get loaded with comctl32.dll from the WinSxS folder instead of the system32 folder, and neither works correctly with the above procedure then.

    I know that the problem is not in the hooking itself, because even when I remove step 3 from the above and do no hooking at all, it still causes a problem. However, removing step 2 fixes the problem. The problem is also not caused by me selecting NtAlertThread as the start address of the remote thread, because the above steps work correctly on applications that do not load any DLLs from the WinSxS at load time.

    Any help is urgenly needed...thanks in advance

  2. #2
    Registered User kryptkat's Avatar
    Join Date
    Dec 2002
    Posts
    638
    not sure this will work for your error.

    regsrvr32

  3. #3
    Registered User
    Join Date
    Nov 2006
    Location
    Pakistan
    Posts
    3
    I got it fixed, but thanks anyways. Here's how for anyone else having the same problem:

    Queue an APC to run in the process's main thread. The thread will be signalled as soon as the process finishes initialization, and then your APC will run hooking the APIs.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Strange results using dnsapi and windns
    By Niara in forum Networking/Device Communication
    Replies: 3
    Last Post: 08-13-2005, 10:21 AM
  2. FILES in WinAPI
    By Garfield in forum Windows Programming
    Replies: 46
    Last Post: 10-02-2003, 06:51 PM
  3. API hooking breakthru
    By bonkey in forum Windows Programming
    Replies: 5
    Last Post: 11-26-2002, 08:02 AM
  4. API Hooking?
    By kes103 in forum Windows Programming
    Replies: 16
    Last Post: 11-21-2002, 10:43 AM