i want to redirect the function calls of the real function calls from the system dll.i am working with portable-executable ,i can get IAT of the system dll(advapi32.dll),here the func开发者_JS百科tion address calls the system memory address ,i want to redirect to what i specified address..how can its possible ?....
That depends. Do you want to do it cross system or for a specific process? Do you want to pre-edit the file (and if so which one - the dll or the executable)? Or do you want to do this hooking at runtime (dynamic code injection)?
There a few good starting points in code project:
http://www.codeproject.com/KB/system/hooksys.aspx
http://www.codeproject.com/KB/threads/winspy.aspx
But this is a broad subject, so you might need to ask more specific questions.
These techniques can be abused (especially with advapi32), so I strongly urge you not to.
Use Deviare API Hook and get that working with 10 lines of code.
精彩评论