Click or drag to resize

LocalHookCreate Method

Installs a managed hook. After this you'll have to activate it by setting a proper ThreadACL.

Namespace:  EasyHook
Assembly:  EasyHook (in EasyHook.dll) Version: 2.7.6684.0 (2.7.6684.0)
Syntax
Copy
public static LocalHook Create(
	IntPtr InTargetProc,
	Delegate InNewProc,
	Object InCallback
)

Parameters

InTargetProc
Type: SystemIntPtr
A target entry point that should be hooked.
InNewProc
Type: SystemDelegate
A handler with the same signature as the original entry point that will be invoked for every call that has passed the Fiber Deadlock Barrier and various integrity checks.
InCallback
Type: SystemObject
An uninterpreted callback that will later be available through Callback.

Return Value

Type: LocalHook
A handle to the newly created hook.
Exceptions
ExceptionCondition
OutOfMemoryException Not enough memory available to complete the operation. On 64-Bit this may also indicate that no memory can be allocated within a 31-Bit boundary around the given entry point.
ArgumentException The given function pointer does not map to executable memory (valid machine code) or you passed null as delegate.
NotSupportedException The given entry point contains machine code that can not be hooked.
InsufficientMemoryException The maximum amount of hooks has been installed. This is currently set to MAX_HOOK_COUNT (1024).
Remarks

Note that not all entry points are hookable! In general methods like CreateFileW won't cause any trouble. But there might be methods that are not hookable because their entry point machine code is not eligable to be hooked. You should test all hooks on common environments like "Windows XP x86/x64 SP2/SP3" and "Windows Vista x86/x64 (SP1)". This is the only way to ensure that your application will work well on most machines.

Your handler delegate has to use the UnmanagedFunctionPointerAttribute and shall map to the same native method signature, otherwise the application will crash! The best way is to use predefined delegates used in related P-Invoke implementations usually found with Google. If you know how to write such native delegates you won't need internet resources of course. I recommend using C++.NET which allows you to just copy the related windows API to your managed class and thread it as delegate without any changes. This will also speed up the whole thing because no unnecessary marshalling is required! C++.NET is also better in most cases because you may access the whole native windows API from managed code without any effort what significantly eases writing of hook handlers.

The given delegate is automatically prevented from being garbage collected until the hook itself is collected...

See Also