EasyHook Windows Hooking problem/.dll injection

Posted by Tom on Stack Overflow See other posts from Stack Overflow or by Tom
Published on 2010-05-20T23:15:40Z Indexed on 2010/05/20 23:20 UTC
Read the original article Hit count: 305

Filed under:

Ok can someone try and find the error with this code, it should produce all the registry keys every time something accesses them but i keep getting:

System.MissingMethodException: The given method does not exist at EasyHook.LocalHook.GetProcAdress(String InModule, String InChannelName)

An example code can be found here: http://www.codeproject.com/KB/DLL/EasyHook64.aspx I can get the CcreateFileW example to work!

My code is here:

public class Main : EasyHook.IEntryPoint
    {
        FileMon.FileMonInterface Interface;
        LocalHook LocalHook;
        Stack<String> Queue = new Stack<String>();

        public Main(RemoteHooking.IContext InContext,String InChannelName)
        {
            // connect to host...
            Interface = RemoteHooking.IpcConnectClient<FileMon.FileMonInterface>(InChannelName);
            Interface.Ping();
        }

        public void Run(RemoteHooking.IContext InContext,String InChannelName)
        {
            // install hook...
            try
            {
                LocalHook localHook = LocalHook.Create(LocalHook.GetProcAddress("Advapi32.dll", "RegOpenKeyExW"),new DMyRegOpenKeyExW(MyRegOpenKeyExW),this);

                localHook.ThreadACL.SetExclusiveACL(new int[] { });
            }
            catch (Exception ExtInfo)
            {
                Interface.ReportException(ExtInfo);
                return;
            }
            Interface.IsInstalled(RemoteHooking.GetCurrentProcessId());
            RemoteHooking.WakeUpProcess();
            // wait for host process termination...
            try
            {
                while (true)
                {
                    Thread.Sleep(500);
                    // transmit newly monitored file accesses...
                    if (Queue.Count > 0)
                    {
                        String[] Package = null;
                        lock (Queue)
                        {
                            Package = Queue.ToArray();
                            Queue.Clear();
                        }
                        Interface.OnCreateFile(RemoteHooking.GetCurrentProcessId(), Package);
                    }
                    else
                        Interface.Ping();
                }
            }
            catch
            {
                // Ping() will raise an exception if host is unreachable
            }
        }

        [DllImport("Advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true, CallingConvention = CallingConvention.StdCall)]
        static extern int RegOpenKeyExW(UIntPtr hKey,string subKey,int ulOptions,int samDesired,out UIntPtr hkResult);

        [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Unicode, SetLastError = true)]
        delegate int DMyRegOpenKeyExW(UIntPtr hKey,string subKey,int ulOptions,int samDesired,out UIntPtr hkResult);

        int MyRegOpenKeyExW(UIntPtr hKey,string subKey,int ulOptions,int samDesired,out UIntPtr hkResult)
        {
            Console.WriteLine(string.Format("Accessing: {0}", subKey));
            return RegOpenKeyExW(hKey, subKey, ulOptions, samDesired, out hkResult);
        }

    }

© Stack Overflow or respective owner

Related posts about c#