Access violation writing location?

Question

0.00/5 (No votes)

See more:

i want to hook NtClose Function without detours.first i change 5 bytes of a NtClose Function with a jump instruction to myNtClose Funtion but after that when i want get back that 5 bytes of the NtClose Funtion with memcpy(OriginalFunction, oldBytes, SIZE); instruction the errors show up.this error is Unhandled exception at 0x1027ca34(msvcr100d.dll) in myproject.exe:0xc0000005: access violation writing location 0x7c90cfee.
please help me what should i do?

Posted 10-Mar-14 0:18am

soosi

Add a Solution

Comments

Richard MacCutchan 10-Mar-14 8:09am

Don't try dynamic patching, it is dangerous.

pasztorpisti 11-Mar-14 19:32pm

What is the OriginalFunction you mentioned? Do you try to copy bytes onto the beginning of your hook function? Because that wont work.

soosi 12-Mar-14 4:13am

oringinalfunction is the address of the NtClose function in ntdll.dll. I want to copy bytes like jump instruction to myNtClose function onto the begining of the NtClose function. Does not it work?

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

bling · Answer 1 · 2014-03-10T07:32:00

I can't see your code so don't know for sure.

You may have a simple pointer bug or you aren't using VirtualProtect correctly.

Here's an example similar to what you're doing.

http://stackoverflow.com/questions/13461771/hooks-why-do-we-need-to-virtualprotect-again-to-restore-permissions[^]

Normally, you use VirtualProtect to make the memory executable and read-write, make a copy, overwrite the original, and restore execute only access with VirtualProtect.

If you write a single function to do this, it can be used both for setting and restoring the hooked API function.