Exetools  

Go Back   Exetools > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 01-31-2019, 01:10
CodeCracker CodeCracker is offline
VIP
 
Join Date: Jun 2011
Posts: 454
Rept. Given: 27
Rept. Rcvd 398 Times in 129 Posts
Thanks Given: 21
Thanks Rcvd at 1,823 Times in 349 Posts
CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399
LHook: Local Api Hooker coded in MASM!

LHook:
Local Api Hooker coded in MASM!

LHook.asm start contains all examples you will need on the wild:

start:
invoke Hook, ADDR UserModuleName, ADDR MsgBoxApiName, ADDR MessageBoxTypeChange
; hook MessageBoxA api, ADDR MessageBoxTypeChange is the address called

invoke UnHook, ADDR UserModuleName, ADDR MsgBoxApiName
; unhook MessageBoxA api
Attached Files
File Type: rar LHook.rar (722.4 KB, 40 views)
Reply With Quote
The Following User Gave Reputation+1 to CodeCracker For This Useful Post:
user1 (02-01-2019)
The Following 11 Users Say Thank You to CodeCracker For This Useful Post:
ahmadmansoor (01-31-2019), Apuromafo (02-01-2019), floaters (03-10-2019), HooK (02-11-2019), Indigo (07-19-2019), mrfearless (01-31-2019), niculaita (02-01-2019), p4r4d0x (01-31-2019), tonyweb (01-31-2019), user1 (02-01-2019), zeuscane (01-31-2019)
  #2  
Old 02-27-2019, 15:59
CodeCracker CodeCracker is offline
VIP
 
Join Date: Jun 2011
Posts: 454
Rept. Given: 27
Rept. Rcvd 398 Times in 129 Posts
Thanks Given: 21
Thanks Rcvd at 1,823 Times in 349 Posts
CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399
Version 3 out

In version 2:
- Now you can hook an Api multiple times;
- Fixed jump/call instructions

Version 3 out:
- Now converts long jumps back to short jumps when possible
I opted for instructions fix-ups not backups.
Hopefully this is the final version if everything works like it should.
Attached Files
File Type: rar LHook_v3.rar (726.9 KB, 41 views)
Reply With Quote
The Following 3 Users Gave Reputation+1 to CodeCracker For This Useful Post:
papi (02-27-2019), taos (02-28-2019), tonyweb (03-02-2019)
The Following 8 Users Say Thank You to CodeCracker For This Useful Post:
argie (03-11-2019), hp3 (03-02-2019), Indigo (07-19-2019), niculaita (06-30-2021), papi (02-27-2019), taos (02-28-2019), tonyweb (03-02-2019), wilson bibe (02-28-2019)
  #3  
Old 03-02-2019, 01:18
hp3 hp3 is offline
Friend
 
Join Date: Oct 2011
Posts: 97
Rept. Given: 20
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 99
Thanks Rcvd at 21 Times in 15 Posts
hp3 Reputation: 2
external link

possible we have this in a external link
thank you
Reply With Quote
The Following User Says Thank You to hp3 For This Useful Post:
Indigo (07-19-2019)
  #4  
Old 03-06-2019, 00:21
CodeCracker CodeCracker is offline
VIP
 
Join Date: Jun 2011
Posts: 454
Rept. Given: 27
Rept. Rcvd 398 Times in 129 Posts
Thanks Given: 21
Thanks Rcvd at 1,823 Times in 349 Posts
CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399
Alternatively you can get the source code from:
https://gitlab.com/CodeCracker/lhook
https://github.com/CodeCrackerSND/LHook
https://bitbucket.org/CodeCrackerSND/lhook/src
Reply With Quote
The Following 3 Users Say Thank You to CodeCracker For This Useful Post:
dosprog (08-09-2019), Indigo (07-19-2019), matt (06-24-2019)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
struct as local var in ida upb General Discussion 3 03-03-2005 17:29


All times are GMT +8. The time now is 18:19.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )