Hooking Api with Detours crashes on Detach

0
votes

iam trying to hook NtQueryVolumeInformationFile with detours by injecting a .dll into the explorer.exe.

It works fine until i try to eject the dll. After ejecting the .dll, the explorer.exe crashes.

OS: Windows 7 32bit Compiler: Visual Studio 2012 with Detours 3.0 Libary

DllMain.cpp: http://pastebin.com/6PgZcdhi Header.h: http://pastebin.com/BGQ527Ym

I hope someone can help me figuring out what the problem is. Im working on this problem for 2 days now and dont have a clue.

Thanks for helping :)

1
c++dllhookcode-injectiondetours

1 Answers

0
votes

if there's at least one pending call, it's unsafe to detach from target process, so safe detach require a mechanism to detect pending calls, as far as I know, detours has no such a mechanism, you have to make your own. btw, you can get a crash dump and !analyze -v it in windbg, this can help to diagnose what's happening when detach.