search

microsoft / Detours

Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.
MIT License
5k stars 978 forks source link

Windows 11 ARM64 Processor x86, x64 COM API Hook Crash. #292

Open kimjw0820 opened 11 months ago

kimjw0820 commented 11 months ago

Windows 11 ARM64 Processor x86, x64 COM Hook Crash. We tested using the latest sources. (main - 2022-08-16 commit) [Surface pro 9 Microsoft SQ3 3.00 GHz Windows 11 ARM64]

[success]

On Windows 11 ARM64, x64 processes are emulated. Therefore, ARM, ARM64, x86, and x64 processes operate in the ARM64 environment. There is no problem with win32 API Hooking of x86 and x64 processes in the ARM64 environment. image

[crash]

The problem occurs when hooking the COM API of x86 and x64 processes in an ARM64 environment. Crash when running Detours samples/commem. image

code - samples/commem/commem.cpp

https://github.com/microsoft/Detours/blob/734ac64899c44933151c1335f6ef54a590219221/samples/commem/commem.cpp#L95C4-L95C4

DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)RealIStreamWrite, MineIStreamWrite);
DetourTransactionCommit();

printf("commem: Calling Write w/o after attach.\n");

li.QuadPart = 1;
hr = pStream->lpVtbl->Write(pStream, &li, sizeof(li), NULL);  // <-- crash

ERROR_CODE: (NTSTATUS) 0xc000001d - { }

Is there anything else I need to do to hook COM API of x86,x64 process in ARM64 environment?