i have some question for the hook code

The first figure is a physical machine test, the function address pointer before the selected line of unhook is 00000, and the output statement corresponds to line 12 of the source code
![ATFTM64L)3~VAH~YF@(U)SE](https://user-images.githubusercontent.com/107751109/198831584-9f3895cd-0485-4575-b5a2-e316faeef96d.jpg)
![NO$NX82V{~N@BP{A7D2R1X3](https://user-images.githubusercontent.com/107751109/198831593-edd3f4c2-8300-4ff2-a770-3ca9a7e6a6d2.jpg)
![CE~3DUJ$WT09__PFR`M`R B](https://user-images.githubusercontent.com/107751109/198831596-a4f68b05-abe2-495a-bdcc-80c3144c63cf.jpg)
The third figure is a virtual machine, the hook is successful, and the unhook address value is normal.
0x2b3c90 is also not an offset from NtUserSetSysColors.
![HQ 9GJOMXAEB2O7UC9)6JDD](https://user-images.githubusercontent.com/107751109/198831624-e581079f-6fc5-4bc4-bdb8-90ded64b38f9.png)
![RCV}D WAA)12B5X$PLOK$%T](https://user-images.githubusercontent.com/107751109/198831628-d0716f0f-4743-4109-920f-901f1ca9916a.png)
I was very confused by the piece of code, I wanted to know how 0x2b3c90 this offset was found and what it was for, I tried to change its value to 0x2b3c91, and not surprisingly, bosd


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

i have some question for the hook code #2

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

i have some question for the hook code #2

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions