API hook systems that change DLL load order.
All Windows API/code hook systems (out of the many I’ve studied) force map DLLs when hooking them except for my favorite madCodeHook. An application will have a native way DLLs are loaded. Some might be delayed and some might loaded dynamically at various times. Loading them in to hook before the application it’s self does […]
Knowing if and when you can fit a JMP5 binary hook.
First an interesting read on API hooking methods: http://help.madshi.net/ApiHookingMethods.htm Traditionally and perhaps the most logical way to do a function hook is to overwrite the code entry point with a 5 byte 32bit relative offset JMP instruction. IMHO sort of the “bread and butter” of binary hooking . madCodeHook actually uses a 6 byte 32bit […]
Windows binary hook engine design
I’m revisiting my unfinished binary hook engine that I started back in 2007 to hopefully complete it and use it in some current projects. For people new to such things. It’s a programming mechanism that allows you to inject/load a DLL (usually) into a target process at the same time, or after it’s loaded to […]