What's new in EasyHook 2.7.6789.0
Oct 9, 2020
- Allow far jumps to be modified in trampoline for x64 (#243)
New in EasyHook 2.7.6684.0 (Apr 20, 2018)
- x64 trampoline: ensure stack is 16 bytes aligned
New in EasyHook 2.7.6682.0 (Apr 18, 2018)
- Quoted service path to avoid path spaces vulnerability (outlined in CVE-2005-1185, CVE-2005-2938 and CVE-2000-1128)
- Rename CLIENT_ID struct to DBG_CLIENT_ID (fix build error on Windows SDK 10.0.16299.0) (#225)
- NuGet support for VS2017 (v141) native C/C++ package (#181)
- Allow EasyLoad library path to be specified within Config class - only impacts managed remote hook (#220)
New in EasyHook 2.7.6270.0 (Nov 5, 2017)
- CreateAndInject now supports long command lines (#84 / #170)
- RhCreateRemoveStealthThread now works for 64-bit targets (#91 / #159)
- Added LhGetHookBypassAddress / LocalHook.HookBypassAddress to allow bypassing the hook and call original directly without having to be within the hook handler (#155)
New in EasyHook 2.7.5292.0 Beta (Jun 30, 2014)
- EasyHook crashing targets, RhInjectLibrary on Win7 64bit, 32bit process, 32bit injection dll + launcher application = problem - now determines the address of GetProcAddress etc by reading the remote process' PE image
- Easyhook was not unloaded when host is closed, Allow RemoteHook unloading - managed EasyHook.dll and user assemblies are now loaded into a new AppDomain which is then unloaded when the custom IEntryPoint Run method returns. A new assembly - EasyLoad32/64.dll - that makes use of managed DllExport's provides a more stable .NET framework initialisation.
- FileMon example updated to no longer require the GAC
New in EasyHook 2.7 Beta (Feb 17, 2014)
- Hooking of CreateFile fails on Win 8.1 x64, Compatiblity With Windows Server 2012 And 8, Crashed Notepad in Win 8 64-bit, 2.7 FileMon crashes 64-bit processes, Do not work on Windows8 x64., relative mov in EntryPoint not handled - correctly relocates RIP addresses (64-bit). Windows 8/8.1 kernel32 APIs now all use RIP addressing when passing through to kernelbase.
- Command-line arguments problem in RtlCreateSuspendedProcess - command line correctly passed through
- Bug in RtlGetLastErrorString, RtlGetLastErrorString() returns empty string for invalidate parameter - fixed marshalling bug with RtlGetLastErrorString across managed boundary
- Severe bug: LhWaitForPendingRemovals hangs forever - LhWaitForPendingRemovals endless loop under certain circumstance
- Compiling 2.7 on VS 2012 fails with some issues - support for VS2012
- Host process crashes when unloading hooks - fixed crashes when unloading 64-bit hooks. This also fixes the crash within the ProcessMonitor sample.
New in EasyHook 2.7 Alpha2 (Apr 18, 2012)
- Alpha 2 release of 2.7, adds .NET 4 support and ability to hook without registering assemblies into the GAC
- Note: binaries compiled for .NET 2.0. Source has also been tested with .NET 4.0 Client Profile and confirmed to work
- Requires Visual Studio 2010 to compile
- The ProcessMonitor has been compiled for AnyCPU and also explicitly for Win32. This is be able to easily test the WOW64 bypass if injecting from 64-bit to 32-bit
New in EasyHook 2.7 Alpha1 (Apr 9, 2012)
- Alpha release of 2.7, adds .NET 4 support and ability to hook without registering assemblies into the GAC
- Requires Visual Studio 2010 to compile
- The ProcessMonitor has been compiled for AnyCPU and also explicitly for Win32. This is because the 2.7 release is currently only working if injecting from a 32-bit to a 32-bit, and from 64-bit to 64-bit
New in EasyHook 2.6 (Apr 9, 2012)
- EasyHook.IEntryPoint.Run doesn't error if match isn't found. ----- DONE
- Not calling EasyHook.Config.Register fails. ----- DONE
- Launch the sample indirectly introduced crash on Vista ---- NOT FIXED (try ShellExecute() because obviously the explorer is able to start it properly)
- Defect: target process exit unexpected when CreateAndInject a cmd.exe ---- DONE
- CreateAndInject doesn't work for managed targets ---- NOT FIXED (use a wrapper process, apply all hook locally into that process and then load the target process via Assembly.Load(), extract its main() method and execute it)
- Get rid of the internal GAC-Util usage --- DONE / DRAWBACK: for managed injections you will always have to be admin, unless you are installing the DLLs with an installation routine in the GAC
- Get rid of the temporary directory --- DONE
- Ability to pass custom flags to CreateProcess via CreateAndInject()! --- DONE
- EasyHookSvc IPC-Channel requires admin privileges. ---- DONE / Now uses WorldSid if IsAdministrator() returns false within the service. This is only the case if the caller is not admin and started a WOW64Bypass, so all things should be fine now