search

jumaris / delphi-detours-library

Automatically exported from code.google.com/p/delphi-detours-library
0 stars 1 forks source link

Can't hook GetTickCount #10

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
MY CODE:
------
uses DDetours;

var
  TrampolineGetTickCount: function: DWORD; stdcall = nil;
  IsHooked: Boolean = False;

function InterceptGetTickCount: DWORD; stdcall;
begin
  Result := TrampolineGetTickCount;
end;

procedure TForm1.Button1Click(Sender: TObject);
begin
  if not IsHooked then
  begin
    @TrampolineGetTickCount := InterceptCreate(GetProcAddress(LoadLibrary('kernel32.dll'), 'GetTickCount'), @InterceptGetTickCount);
    IsHooked := True;
    Button1.Enabled := False;
    Button2.Enabled := True;
  end;
end;

procedure TForm1.Button2Click(Sender: TObject);
begin
  if (@TrampolineGetTickCount <> nil) and IsHooked then
  begin
    IsHooked := False;
    InterceptRemove(@TrampolineGetTickCount);
    TrampolineGetTickCount := nil;
    Button1.Enabled := True;
    Button2.Enabled := False;
  end;
end;

------

I get Access violation error when i click Button1

Original issue reported on code.google.com by swanty...@gmail.com on 17 Aug 2014 at 4:33

GoogleCodeExporter commented 9 years ago 
Hi,

The reason that the library fail is that the implementation of GetTickCount 
function
is different from other api functions.  

if you follow GetTickCount from your debugger you can find that this function 
has a lot of jump befor entring to it's main routing .Even in it's main body , 
the function has an unconditional jump .. when hooking, this last one will be 
erased ,so it will be moved to the trampoline ..and that's what will crach the 
app .

this such routine is risky to hook , however if you really need to hook this 
function 
you must add the line below before DoInterceptCreate return :

  Inc(PByte(Result), SizeOf(TSaveData));
 ==>here 
   if is GetTickCount then 
   inc(result,2)
  { Restore TargetProc old permission . }
  SetMemPermission(P, Sb, OrgProcAccess);

In the other hand , hooking this function only for the current module that call 
it 
will work without problems .

I will focus more on such functions on the next releases .

Original comment by ismspi...@gmail.com on 17 Aug 2014 at 11:07

GoogleCodeExporter commented 9 years ago 
This issue was closed by revision r40.

Original comment by ismspi...@gmail.com on 22 Nov 2014 at 6:59