You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
i'm playing with EasyHook tutorial and kernel32 FileRead
the tutorial can intercept the event and log it, but the hook can't block it by removing out the original function
how is possible?
somthing like:
bool ReadFile_Hook( IntPtr hFile,IntPtr lpBuffer, uint nNumberOfBytesToRead, out uint lpNumberOfBytesRead, IntPtr lpOverlapped)
{
bool result = false;
// Retrieve filename from the file handle
StringBuilder filename = new StringBuilder(255);
GetFinalPathNameByHandle(hFile, filename, 255, 0);
// don't call the original function
//result = ReadFile(hFile, lpBuffer, nNumberOfBytesToRead, out lpNumberOfBytesRead, lpOverlapped);
return result;
}
The text was updated successfully, but these errors were encountered:
I know its old but, if you want to block the function, just return a access denied code, which will be presented to the ReadFile caller function. That function will be informed that ReadFile didn't succeeded.
I know its old but, if you want to block the function, just return a access denied code, which will be presented to the ReadFile caller function. That function will be informed that ReadFile didn't succeeded.
i'm playing with EasyHook tutorial and kernel32 FileRead
the tutorial can intercept the event and log it, but the hook can't block it by removing out the original function
how is possible?
somthing like:
The text was updated successfully, but these errors were encountered: