开发者

C++ function hook inside source code of DLL

开发者 https://www.devze.com 2023-03-17 11:52 出处:网络
I have the source code from a C++ DLL. This DLL is part of an applicaton. I want to hook a function loaded in memory by another DLL, so that my hooked function gets called by all other DLL\'s instead

I have the source code from a C++ DLL. This DLL is part of an applicaton. I want to hook a function loaded in memory by another DLL, so that my hooked function gets called by all other DLL's instead of the origin开发者_StackOverflowal function. I put this code in my code:

#include <windows.h>
#include "detours.h"
#pragma comment(lib, "detours.lib")

//Function prototype
int (__stdcall* OriginalFunction)(); 

//Our hook function
int FunctionHook()
{
    //Return the real function
    return OriginalFunction(); 
}

//On attach set the hooks
OriginalFunction = (int (__stdcall*)())DetourFunction((PBYTE)0x0100344C, (PBYTE)FunctionHook);

The question is: Isn't it wrong if I search in ONE DLL for an offset and patch the function by this offset(I think it's more complicated because I'm in another DLL and want to hook the function for all DLL's)? By the way, does somebody know how I can get the standard(fex. 0x0100344C) offsets in IDA PRO?


It seems that you are trying to use detours of Microsoft, which is a hook system on windows platform. Detours is using a "trampline hook". Simply speaking, it will try to "rewrite" function's front several ASM instruction, and redirect the real call to you specific function, something like that. Detours can help you to handle these detail. But I don't see any code about detours, so I think you need to learn some documentation about detours basic usage.

For your question:
OriginalFunction is just a variable point to a specific address. Rewrite this variable cannot affect the real call. Cause you program will still call using original address, you just change a variable, not your internal program.
When you rewrite the memory to hook function, this normal just affect the current process because the program under windows NT is using virtual address, not the real memory address.

0

精彩评论

暂无评论...
验证码 换一张
取 消