"The memory could not be written" exception when HCBT_CREATEWND fired

Mai Co Zo Xop 21 Reputation points
2020-12-25T02:59:15.087+00:00

Application Error: The instruction at 0x referenced memory at 0x. The memory could not be written.

WinDbg Preview:
(71dc.66b0): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000 ebx=0019f1f8 ecx=0019f244 edx=00000000 esi=00240884 edi=00000003
eip=75a332dd esp=0019f1cc ebp=0019f200 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246
USER32!__fnHkINLPCBTCREATESTRUCT+0x6d:
75a332dd 894658 mov dword ptr [esi+58h],eax ds:002b:002408dc=????????
0:000> g
(71dc.66b0): Unknown exception - code c000041d (!!! second chance !!!)
eax=00000000 ebx=0019f1f8 ecx=0019f244 edx=00000000 esi=00240884 edi=00000003
eip=75a332dd esp=0019f1cc ebp=0019f200 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246
USER32!__fnHkINLPCBTCREATESTRUCT+0x6d:
75a332dd 894658 mov dword ptr [esi+58h],eax ds:002b:002408dc=????????

Describe:
After successfully installed "WH_CBT hook" by using "SetWindowsHookEx(WH_CBT, (HOOKPROC)proc, dll, 0)".
Whenever CBTProc with nCode == HCBT_CREATEWND return, applications which installed that hook crash.

Youtube: https://www.youtube.com/watch?v=zzXB81EbUYY

Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,422 questions
C++
C++
A high-level, general-purpose programming language, created as an extension of the C programming language, that has object-oriented, generic, and functional features in addition to facilities for low-level memory manipulation.
3,527 questions
0 comments
Accepted answer
  1. Rita Han - MSFT 2,161 Reputation points
    2020-12-25T03:40:32.647+00:00

    Hello @Mai Co Zo Xop ,

    I can reproduce this issue using code sample based your demonstrated video. Root cause is missing CALLBACK calling convention for the hook procedure definition in the DLL. Refer to "CBTProc callback function".

    After add CALLBACK calling convention, GetProcAddress(dll, "TestProc"); will fail to find the TestProc function. To solve this problem you can edit the TestProc function like this: 

    #define EXPORT comment(linker, "/EXPORT:" __FUNCTION__ "=" __FUNCDNAME__)  
  
extern "C" _declspec(dllexport) LRESULT CALLBACK TestProc(int nCode, WPARAM wParam, LPARAM lParam)  
{  
    #pragma EXPORT  
	return nCode < 0 ? CallNextHookEx(0, nCode, wParam, lParam) : 0;  
}

    Another method is "Exporting from a DLL Using DEF Files".

    Thank you!

    If the answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest