I'm trying to normally hook GetWindowExW and LdrLoadDll, both of them doesn't work.
My experience with assembly is not the best, so I'm strugling to understand why it's in fact failing.
I know that my signatures are correct, I really think the problem is inside the DDetours library itself.
Here's a sample code for LdrLoadDll:
type
NTSTATUS = Cardinal;
PUNICODE_STRING = ^UNICODE_STRING;
UNICODE_STRING = packed record
Length: Word;
MaximumLength: Word;
Buffer: PWideChar;
end;
implementation
var
// LdrLoadDll
LdrLoadDllHook: function(pDllPath: PWideChar; dwFlags: DWORD; pUniModuleName: PUNICODE_STRING; var pResultInstance: PPointer): NTSTATUS; stdcall = nil;
function OurLdrLoadDll(
pDllPath: PWideChar;
dwFlags: DWORD;
pUniModuleName: PUNICODE_STRING;
var pResultInstance: PPointer
): NTSTATUS; stdcall;
begin
Result := NTSTATUS($C0000022);
end;
begin
BeginHooks;
@LdrLoadDllHook := InterceptCreate(GetProcAddress(GetModuleHandleW('ntdll.dll'), 'LdrLoadDll'), @OurLdrLoadDll);
EndHooks;
end.I'm getting the following exception when LdrLoadDll gets called:
http://prntscr.com/1wnlfdc
It seems like it's trying to compare some invalid memory (that is pointing to 0x0000001):
http://prntscr.com/1wnljhh
I'm trying to normally hook GetWindowExW and LdrLoadDll, both of them doesn't work.
My experience with assembly is not the best, so I'm strugling to understand why it's in fact failing.
I know that my signatures are correct, I really think the problem is inside the DDetours library itself.
Here's a sample code for LdrLoadDll:
I'm getting the following exception when LdrLoadDll gets called:
http://prntscr.com/1wnlfdc
It seems like it's trying to compare some invalid memory (that is pointing to 0x0000001):
http://prntscr.com/1wnljhh