Do you know why I can't run the program when hooking one of kernel32 functions? I'm writing anti cheat and want to optimize it more because currently it's in thread, but something is wrong...
There's written OpenProcess because I've tried before to hook it and the same problem.
typedef HANDLE ( WINAPI * pOpenProcess )( _In_ HANDLE hProcess,
_In_ LPSECURITY_ATTRIBUTES lpThreadAttributes,
_In_ SIZE_T dwStackSize,
_In_ LPTHREAD_START_ROUTINE lpStartAddress,
_In_ LPVOID lpParameter,
_In_ DWORD dwCreationFlags,
_Out_ LPDWORD lpThreadId );
pOpenProcess original;
__declspec(naked) void hOpenProcess()
{
__asm PUSHAD
__asm PUSHFD
//my actions here
__asm POPFD
__asm POPAD
__asm JMP[original]
};
void ZPerformHook()
{
DWORD Address = ( DWORD )GetProcAddress( GetModuleHandle( TEXT( "kernel32.dll" ) ), "CreateRemoteThread" );
original = ( pOpenProcess )DetourFunction( (PBYTE)Address, (PBYTE)hOpenProcess );
}
"//my actions here" would be interesting, maybe you are corrupting the stack. or maybe the error is in your DetourFunction. how does your program fail? maybe with a access violation?
also you don´t have to use a naked function. you can just hook to a function that has the exact same signature as your target. no asm needed.
HANDLE __stdcall hOpenProcess( HANDLE hProcess,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
SIZE_T dwStackSize,
LPTHREAD_START_ROUTINE lpStartAddress,
LPVOID lpParameter,
DWORD dwCreationFlags,
LPDWORD lpThreadId )
{
// do your stuff here
std::cout << "From hook" << std::endl;
return original( hProcess, lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpThreadId);
}
if that doesn´t work, check the return value of GetProcAddress, if that´s correct, something in your DetourFunction may be going wrong.
you could also use a disassembler like beaengine and dump your target function after detouring to see if the hook was applied correctly