0

I'm trying to mock some WinAPI functions via hippomocks. How can I call the original/mocked WinAPI, from within the mock?

For example, if I mock CreateFile, the logic I would like to implement inside the mock which I register via:

MockRepository mocks;
mocks.OnCallFunc(::CreateFile).Do(MyCreateFileMock);

is to call the original API, and then log its output, before returning the result.

I tried to retrieve CreateFile address before calling the mock, and storing it in a global. When I call that global from within the mock I end up calling the mock again.

jonrsharpe
  • 115,751
  • 26
  • 228
  • 437
golosovsky
  • 638
  • 1
  • 6
  • 19
  • Are you confident that you actually got the address of the `CreateFile` function (which isn't the name of a function to begin with), rather than the address of the call stub in the IAT? – IInspectable Aug 27 '23 at 09:33
  • @IInspectable yeah, I've retrieved `CreateFileW` address, from `Kernel32.dll` module via `GetProcAddress`. I see in _WinDbg_ that the returned address -- which is then used inside the mock, to invoke the original API -- indeed corresponds to the symbol `KERNEL32!CreateFileW`. Maybe I should retrieve `KERNELBASE!CreateFileW` instead? It points to the "actual" API imp after all. – golosovsky Aug 27 '23 at 10:38

1 Answers1

0

It seems that retrieving the WinAPI address via kernelbase.dll, as opposed to retrieving it from kernel32.dll gets around hippomocks hook -- kernelbase is where the actual implementation is.

So retrieving the address by calling GetProcAddress(GetModuleHandleA("kerelbase.dll"), "<API_NAME>") allows me to invoke the API from within the mock without a problem.

golosovsky
  • 638
  • 1
  • 6
  • 19
  • I'm glad you have got your solution and thank for your sharing, I would appreciate it if you mark them as answer and this will be beneficial to other community. – Jeaninez - MSFT Sep 01 '23 at 08:35