Hook FindWindow

1.2k Views Asked by At

I'm trying to hook FindWindowA and FindWindowW using Detours 3.0. This two functions hooked successfully and I can see requested class and window title. But when I try to access to any word some like

if ( lpWindowName[0] == buf ) 

or something like that:

wcscpy(buf, lpWindowName);
memcpy(buf, lpWindowName, sizeof(lpWindowName));

I get error (exeption in hooked program). I cant have any access to this string but I can read it use

MessageBox(NULL,lpWindowName,lpClassName,MB_OK);

http://s017.radikal.ru/i421/1201/73/54fa9046a46c.png i dont understand nothing... have wrong error code. I use this code:

int filter(DWORD code, struct _EXCEPTION_POINTERS *ep) {

    char buf[MAX_PATH] = {0};
    sprintf(buf,"Exception code: %d", code);
    MessageBox(NULL,buf,"Error",MB_OK);
    return EXCEPTION_EXECUTE_HANDLER;
}

HWND __stdcall Mine_FindWindowW(LPCWSTR a0,
    LPCWSTR a1)
{
    __try 
    {
    if (a1[0] == L'a')
        return NULL;
    }
    __except(filter(GetExceptionCode(), GetExceptionInformation())){
    }
    HWND rv = 0;
    __try {
        rv = Real_FindWindowW(a0, a1);
    } __finally {
    };
    return rv;
}

And string not damaged. All work... why cant I check or have direct access to these two parameters?

2

There are 2 best solutions below

1
On BEST ANSWER

Check the docs for FindWindow.

Either string parameter can be NULL (meaning don't care) and the class name can be an atom. Attempting to dereference a string in either of these cases will result in an access violation (exception code -1073741819=0xC0000005).

0
On

The exception you are getting is EXCEPTION_ACCESS_VIOLATION (0xC0000005). Look into what a1 is pointing to. First guess is a1[0] is doing a NULL pointer dereference? I would run this in a debugger and check the call stack to see where the bad pointer is coming from.

How are you setting up the Detours? This could be a manifestation of an incorrect detour.