Search code examples

CopyItems and MoveItems Crashes on windows-7 64 bit

I am hooking the function i.e IFileOperation::CopyItems to implement File Copy Monitoring. my Code works perfect on windows-7 32 bit machine but it is getting crash on windows-7 64 bit machine please help me , My Code is as below.

PVOID GetInterfaceMethod(PVOID intf, DWORD methodIndex)
   return *(PVOID*)(*(DWORD*)intf + methodIndex * 4);

typedef HRESULT (WINAPI  *CopyItemsNext)(IFileOperation * pThis, IUnknown *punkItems,IShellItem *psiDestinationFolder);
CopyItemsNext Real_CopyItems = NULL;
CopyItemsNext Actual_CopyItems;

HRESULT WINAPI CopyItemsCallback(IFileOperation * pThis, IUnknown *punkItems,IShellItem *psiDestinationFolder)

    MessageBoxW(NULL,L"CopyItems Function Called", L"HookedCopyItemS", MB_OK);
    return Real_CopyItems(pThis, punkItems, psiDestinationFolder);

HRESULT WINAPI CoCreateInstanceCallback(REFCLSID rclsid, LPUNKNOWN pUnkOuter, DWORD dwClsContext, REFIID riid, LPVOID *ppv)
       const char *IFileOperation_GUID = "{3AD05575-8857-4850-9277-11B85BDB8E09}";
       char GUIDString[64];

       HRESULT HR = Real_CoCreateInstance(rclsid, pUnkOuter, dwClsContext, riid, ppv);

      sprintf_s(GUIDString,64, "{%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}\0",
      rclsid.Data1, rclsid.Data2, rclsid.Data3,
      rclsid.Data4[0], rclsid.Data4[1],
      rclsid.Data4[2], rclsid.Data4[3],
      rclsid.Data4[4], rclsid.Data4[5],
      rclsid.Data4[6], rclsid.Data4[7]);

if(strcmp(GUIDString, IFileOperation_GUID) == 0)
   MessageBoxA(NULL, "IFileOperation_GUID Found", GUIDString, MB_OK);

   if(Real_CopyItems == NULL)
    Actual_CopyItems = (CopyItemsNext)GetInterfaceMethod(*ppv, 17);
    MessageBoxA(NULL,"AFTER GetInterfaceMethod", "TEST", MB_OK);

    if (MH_CreateHook(Actual_CopyItems, &CopyItemsCallback, reinterpret_cast<void**>(&Real_CopyItems)) != MH_OK)
        MessageBoxW(NULL, L"Failed CreateHook Real_CopyItem", L"Info!", MB_ICONWARNING|MB_OK);
    if (MH_EnableHook(Actual_CopyItems) != MH_OK)
        MessageBoxW(NULL, L"Failed EnableHook Real_CopyItem", L"Info!", MB_ICONWARNING|MB_OK);
return HR;

  //DllMain Function 
  BOOL APIENTRY DllMain(HMODULE hModule, DWORD  ul_reason_for_call, LPVOID lpReserved)
     switch (ul_reason_for_call)
      if (MH_Initialize() != MH_OK)
         MessageBoxW(NULL, L"Failed Initialize", L"Info!", MB_ICONWARNING|MB_OK);    
      if (MH_CreateHook(&CoCreateInstance, &CoCreateInstanceCallback, reinterpret_cast<void**>(&Real_CoCreateInstance)) != MH_OK)
          MessageBoxW(NULL,L"Failed MH_CreateHook CoCreateInstance",L"Info!",MB_ICONWARNING|MB_OK);
      if (MH_EnableHook(&CoCreateInstance) != MH_OK)
          MessageBoxW(NULL,L"Failed MH_EnableHook StartDocA",L"Info!",MB_ICONWARNING|MB_OK);

   if (MH_Uninitialize() != MH_OK)
   if (MH_DisableHook(Actual_CopyItems) != MH_OK)
   if (MH_DisableHook(&CoCreateInstance) != MH_OK)

 return TRUE;

while debugging for windows-7 64 bit what i got is , it is crashing inside GetInterfaceMethod () function while returning , please go through it and find the what is wrong with my code plz ..


  • Perhaps you should use return *(PVOID*)(*(DWORD_PTR*)intf + methodIndex); on x64. Pointer will be incremented by pointer size which is 8 bytes.