Exetools  

Go Back   Exetools > General > Source Code
Reload this Page x86 Inline hooking engine (using trampolines)
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 02-03-2015, 01:05
sh3dow sh3dow is offline
Family
  
Join Date: Oct 2014
Posts: 158
Rept. Given: 113
Rept. Rcvd 79 Times in 24 Posts
Thanks Given: 458
Thanks Rcvd at 202 Times in 75 Posts
sh3dow Reputation: 79
x86 Inline hooking engine (using trampolines)
BasicHook is x86 Inline hooking engine (using trampolines)
Hooks functions using 32-bit relative jump, writing is done atomically to avoid race conditions. Uses hde32 from instruction length disassembly.


PHP Code:
https://github.com/MalwareTech/BasicHook 
Reply With Quote
The Following User Gave Reputation+1 to sh3dow For This Useful Post:
niculaita (02-13-2015)
The Following 2 Users Say Thank You to sh3dow For This Useful Post:
mdj (04-11-2015), nimaarek (09-09-2017)
  #2  
Old 02-03-2015, 03:32
atom0s's Avatar
atom0s atom0s is offline
Family
  
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 397
Rept. Given: 26
Rept. Rcvd 126 Times in 63 Posts
Thanks Given: 54
Thanks Rcvd at 732 Times in 280 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
Another similar project is MinHook:
Code:
https://github.com/TsudaKageyu/minhook
MinHook supports both x86 and x64.
Reply With Quote
The Following 2 Users Gave Reputation+1 to atom0s For This Useful Post:
niculaita (02-13-2015), sh3dow (03-04-2015)
The Following User Says Thank You to atom0s For This Useful Post:
nimaarek (09-09-2017)
  #3  
Old 02-07-2015, 16:10
stev
 
Posts: n/a
Today¡¯s post presents several ways of API hooking under the x86 instruction set.

Inline Hooking for Programmers
A lot of my articles have been aimed at giving a high-level insight into malware for beginners, or those unfamiliar with specific concepts. Today I've decided to start a new series designed to familiarize people with malware internals on a programming level.
Reply With Quote
The Following User Gave Reputation+1 to For This Useful Post:
niculaita (02-13-2015)
The Following User Says Thank You to For This Useful Post:
sh3dow (10-01-2015)
  #4  
Old 02-11-2015, 05:10
omidgl omidgl is offline
Friend
  
Join Date: Jul 2004
Posts: 86
Rept. Given: 10
Rept. Rcvd 4 Times in 3 Posts
Thanks Given: 0
Thanks Rcvd at 5 Times in 5 Posts
omidgl Reputation: 4
An open source x86/x64 hooking engine:

Easyhook: http://easyhook.codeplex.com/
Reply With Quote
The Following User Gave Reputation+1 to omidgl For This Useful Post:
niculaita (02-13-2015)
The Following User Says Thank You to omidgl For This Useful Post:
nimaarek (09-09-2017)
  #5  
Old 04-10-2015, 20:49
maktm maktm is offline
Friend
  
Join Date: Apr 2015
Posts: 23
Rept. Given: 0
Rept. Rcvd 4 Times in 2 Posts
Thanks Given: 8
Thanks Rcvd at 16 Times in 8 Posts
maktm Reputation: 4
Two other open-source projects you might want to look into are :


Deviare Hooking Engine

Info
http://blog.nektra.com/main/2015/04/07/deviare-hooking-engine-is-open-source-and-deviare-in-proc-supports-net-hooking/

Github
https://github.com/nektra/Deviare2

Blackbone

Info
https://github.com/DarthTon/Blackbone

Github
https://github.com/DarthTon/Blackbone/tree/master/src/BlackBone/LocalHook
Reply With Quote
The Following 3 Users Say Thank You to maktm For This Useful Post:
niculaita (04-24-2015), nimaarek (09-09-2017), sh3dow (10-01-2015)
Reply

Tags
hook, inline hook, x86

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Similar Threads
Thread Thread Starter Forum Replies Last Post
API Hooking thomasantony General Discussion 5 04-22-2005 11:44
API-hooking MaRKuS-DJM General Discussion 11 03-25-2005 13:27


All times are GMT +8. The time now is 15:16.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )