在 python 中使用 easyhook 时抛出退出代码 0xC0000005

Question

i am trying to work on easyhook in python and here is my code

# Hook/EasyHook.py
from ctypes import *
from ctypes.util import find_library
from pathlib import Path

c_ulong_p = POINTER(c_ulong)
c_void_pp=POINTER(c_void_p)

res_path = str(Path(__file__).parent / 'res' / 'EasyHook64.dll')
lib_path = find_library(res_path)
clib = cdll.LoadLibrary(lib_path)


class TRACED_HOOK_HANDLE(Structure):
    _fields_ = [("Link", c_void_p)]


lh_install_hook = clib.LhInstallHook
lh_install_hook.restype = c_ulong
lh_install_hook.argtypes = [c_void_p, c_void_p, c_void_p, TRACED_HOOK_HANDLE]

# some definition of other functions...

if __name__ == '__main__':
    from ctypes.wintypes import *

    t_dll = CDLL('User32.dll')
    test=lambda:t_dll.MessageBoxW(None, 'hi content!', 'hi title!', 0)
    test()

    interface=CFUNCTYPE(c_int, HWND, LPCWSTR, LPCWSTR, UINT)

    def fake_function(handle, title, message, flag):
        return t_original(handle, "hooked "+title, "hooked "+message, flag)


    t_hook_info = TRACED_HOOK_HANDLE(None)
    if lh_install_hook(t_dll.MessageBoxW, interface(fake_function), None, byref(t_hook_info)):
        raise Exception("Hook error[%s]:\n%s" % (rtl_get_last_error(), rtl_get_last_error_string()))
    # error occur here and the program terminate
    # some other tests...

after a try, it exit on code 0xC0000005 when running to lh_install_hook calling and without any exception printed

then I tried to use those Api after inject into a C++ program by

lh_install_hook(func_address, interface(hook_function), None, byref(hook_info))

where func_address is the actual address of target call,and it cause

python38.dll+24174
_ctypes.pyd+A48D
python38.dll+33E00
python38.dll+3DA6E
_ctypes.pyd+3C69
_ctypes.pyd+38AB
python38.dll+507F5
python38.dll+491C8

is there any way to make it run?

Edit: here is my code inject and run in the c++ programe

# Hook/__init__.py
from .EasyHook import *


class Hook(object):
    def __init__(self, func_address: int):
        self.enabled = False
        self.hook_info = TRACED_HOOK_HANDLE(None)
        self._ACLEntries = (c_ulong * 1)(0)
        self.ACLEntries = cast(self._ACLEntries, POINTER(c_ulong))
        interface = CFUNCTYPE(self.restype, *self.argtypes)

        def hook_function(*args):
            return self.hook_function(*args)

        if lh_install_hook(func_address, interface(hook_function), None, byref(self.hook_info)):
            raise LocalHookError()
        # error occur here and the program terminate
        # some other codes...

    restype = c_void_p
    argtypes = []

    def hook_function(self, *args):
        return self.original(*args)

# main.py
from Hook import Hook
from ctypes import *
from ctypes.wintypes import *

class kernel32_beep_hook(Hook):
    restype = c_bool
    argtypes = [DWORD,DWORD]

    def hook_function(self, a1, a2):
        if logger is not None:
            logger.log('beep_hook','%s,%s'%(a1,a2))
        return self.original(a1,a2)

# some skip codes
addr=kernel32.GetProcAddress(kernel32_module,b"Beep")
ctypes.windll.kernel32.Beep(500,500)
hook=kernel32_beep_hook(addr)
# error occur here and the program terminate

Answer 1

According to [GitHub]: EasyHook/EasyHook - (master) EasyHook/Public/easyhook.h :

typedef struct _HOOK_TRACE_INFO_
{
    PLOCAL_HOOK_INFO        Link;
}HOOK_TRACE_INFO, *TRACED_HOOK_HANDLE;

TRACED_HOOK_HANDLE is actually a pointer (although its name suggests the opposite), therefore your lh_install_hook.argtypes (1 ^st snippet) is incorrect. It should be:

lh_install_hook.argtypes = [c_void_p, c_void_p, c_void_p, POINTER(TRACED_HOOK_HANDLE)]

Technically, you ran into [SO]: C function called from Python via ctypes returns incorrect value (@CristiFati's answer) .

Regarding no exception being thrown, maybe [SO]: Python exception thrown by libtidy is amusingly impossible to catch (@CristiFati's answer) should shed some light.

This should get past the problem, at least the main one. I'm not sure whether there are others, as I didn't install (or build) the .lib , so I didn't run your code.
My knowledge is very limited (so this might be complete nonsense), but one potential spot to generate problems is TRACED_HOOK_HANDLE->Link being initialized to NULL .