1 Reply Latest reply: Jan 17, 2017 8:10 AM by Martin Schauer RSS

    What is EasyHook64Svc and why it is distributed in NPrinting 17

    Francesco Mora

      I have two NPrinting installations:  the first 17.2.1 on 2012 R2 in which I have an EasyHook64Svc process installed as a service marked to be deleted (from whom?).  The 2nd 17.2.2 on Win 10 in which I have EasyHookXXSvc files deployed in [..]\NPrinting\Engine folder but not installed.  What is the purpose of this process/library/files ?

        • Re: What is EasyHook64Svc and why it is distributed in NPrinting 17
          Martin Schauer

          Hi Francesco,

           

          this is a very good question.

          As far as I can see it, this easyhook is http://easyhook.github.io/ , which in their own words is used to "...extend (via hooking) unmanaged code APIs..."

           

          In the NPrinting 17 case, this is used to instrument the desktop version of Qlikview.EXE which is opened by the NPrinting 17 so called "Engine" service in session 0 (which shouldn't have interactive programs opened at all to begin with).

           

          What's very unclear to me: To my knowledge this "hooking" is mainly used by viruses to record keystrokes or do other harmful things. Why does Qlik have to use it at all, don't they own the sources to Qlikview and could develop something less suspicious looking?

           

          Furthermore I wouldn't call Qlikview "unmanaged code", or is it?

           

          Finally I'm not sure how secure this whole scenario is - can this "Easyhook" sercvie be used by others, to do less desirable things?

           

          It would be great to hear from Qlik what's it all about with NPrinting 17 and security.

           

          Best Regards,

            Martin 
           
          PS: Additionally this hooking thing seems to slow down stuff to a crawl. Compared to NPrinting 16, reload times are horrible in our installation using real-life data!