Click here to Skip to main content
15,868,141 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
who can help me?
Recently new to the APIHOOK to HOOK "AddVectoredExceptionHandler" this function

Code:
C
typedef PVOID (WINAPI * pVehDef) (ULONG FirstHandler, struct _EXCEPTION_POINTERS * pExceptionInfo); 
char szOldVeh [5] = (0); 
char szJmpMyVeh [5] = ((char) 0xe9); 
pVehDef pVeh = NULL; 
PVOID WINAPI MyVeh (ULONG FirstHandler, struct _EXCEPTION_POINTERS * pExceptionInfo) 
( 
CString tr; 
PVOID s; 
WriteProcessMemory ((void *) -1, pVeh, szOldVeh, 5, NULL); 
s = pVeh (FirstHandler, pExceptionInfo); 
WriteProcessMemory ((void *) -1, pVeh, szJmpMyVeh, 5, NULL); 
  
tr.Format ("% d", FirstHandler); 
MessageBox (NULL, tr, "Hook", MB_OK); 
return s; 
) 
void HookVEH () 
( 
DWORD dwJmpAddr = 0; 
HMODULE hModule = LoadLibrary ("Kernel32.Dll"); 
pVeh = (pVehDef) GetProcAddress (hModule, "AddVectoredExceptionHandler"); 
dwJmpAddr = (DWORD) MyVeh - (DWORD) pVeh - 5; 
memcpy (szJmpMyVeh + 1, & dwJmpAddr, 4); 
FreeLibrary (hModule); 
ReadProcessMemory ((void *) -1, pVeh, szOldVeh, 5, NULL); / / read the original first 5 bytes 
WriteProcessMemory ((void *) -1, pVeh, szJmpMyVeh, 5, NULL); / / write to our treatment, the 5 bytes 
) 
BOOL APIENTRY DllMain (HANDLE hModule, 
                       DWORD ul_reason_for_call, 
                       LPVOID lpReserved 
) 
( 
     switch (ul_reason_for_call) 
( 
case DLL_PROCESS_ATTACH: 
 HookVEH (); 
case DLL_THREAD_ATTACH: 
case DLL_THREAD_DETACH: 
case DLL_PROCESS_DETACH: 
break; 
    ) 
    return TRUE; 
) 


This code can be successful for the first function of the variable.
But if I tr.Format ("% d", FirstHandler); changed
tr.Format ("% d", pExceptionInfo-> ContextRecord-> Eip); it does not get under Can you help me?
Posted
Updated 4-Jul-10 21:07pm
v2
Comments
Stephen Hewitt 4-Jul-10 20:54pm    
Perhaps if you explained in more detail.

1 solution

On your code you have hooked the Windows function AddVectoredExceptionHandler, whose prototype is the following:

C++
PVOID AddVectoredExceptionHandler(
   ULONG FirstHandler,
   PVECTORED_EXCEPTION_HANDLER VectoredHandler
);


Let's have a look to the function documentation at AddVectredExceptionHandler Function (Windows)[^]; the second parameter is not a pointer to an exception record as you have declared on your function MyVeh, but a pointer to a function whose prototype should be as follow:

C++
LONG CALLBACK VectoredHandler(
   PEXCEPTION_POINTERS ExceptionInfo
);


By installing a function using AddVectoredExceptionHandler, that function is later called each time an exception is generated.

I think you need to clarify what you want to do:


  1. if you want to access the exception record when an exception is thrown, simly write down your handler and pass it to the AddVectoredExceptionHandler function
  2. if you really want to hook the AddVectoredExceptionHandler, your code is quite right, but your hook procedure must match the parameter list of the hooked function, then the second parameter is not what you wrote but is a pointer to a function
 
Share this answer
 
Comments
buyong 14-Jul-10 1:48am    
Reason for my vote of 5
the answer is accurate, I think

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900