Home
Blogs
Forums
News
Portfolios
Projects
Tutorials
35 users logged in
New? Learn about game development.
Before posting, review our community guidelines.
Follow Us
Chat in the GameDev.net Discord!
Mastodon

🎉 Celebrating 25 Years of GameDev.net! 🎉

Not many can claim 25 years on the Internet! Join us in celebrating this milestone. Learn more about our history, and thank you for being a part of our community!

Untitled

posted in DruinkJournal
Published July 24, 2007
Advertisement
IT IS DONE.

I've finished my API hooking library. Source code is available Here, and an x86 binary is available Here. The binary includes a command line app which will let you list all DLL imports for a running process, hook a DLL import, and optionally wait for you to press a key before unhooking it.

Notes:

  1. Hooking a process involves loading a DLL, calling a function in it, and unloading the DLL.

  2. The function in the DLL must exactly match the function signature of the function being hooked. If it doesn't, you're likely to get stack corruption, and probably a crash in the hooked process.

  3. There's no checks done for the return values of LoadLibrary() or GetProcAddress(), so if either of these fail inside the host process, you'll get an access violation reading a NULL pointer (So if you do get that, check both of those values).

  4. The new DLL will be loaded and unloaded by the hooking program to check that it can a) load the DLL and b) find the function you say is in there. That makes the hooking a little more safe, at the expense of having the DLL loaded and unloaded. So if you see your DllMain being called from within the hook app, that's why



I'd be happy to answer any questions about it, hear any bug reports, any suggestions for more command line arguments to the test app, and so on.


EDIT: To get a process ID, start task manager, go to the "Processes" tab, then go to View -> Select Columns, and check "PID (Process Identifier)".

EDIT #2: Ok, the x64 version now works great. I'm not using r10 any more, and my bug was caused by me not restoring the return value from the function, so Notepad was getting the return value from FreeLibrary() instead of MyChooseFontW(). That means when you click "Cancel", the struct isn't filled out, but Notepad was effectively being told it was. All works now, and the source code is updated.

EDIT #3: New version uploaded (Links ipdated). This one has a function to undecorate symbol names, which is handy if you list exports from a process and at least some are decorated. It means you get a free prototype to hook. Hooray!
Previous Entry Untitled
Next Entry Untitled
0 likes 0 comments

Comments

Nobody has left a comment. You can be the first!
You must log in to join the conversation.
Don't have a GameDev.net account? Sign up!
Profile
Author
Follow
Advertisement

Latest Entries

True, False, FileNotFound
4813 views

You must enter an entry title longer than 2 characters
2415 views

Preview of the game I'm working on
1942 views

I'm not dead!
1785 views

What! I need a title now?
1777 views

If you've got monkeys on the knees, just say Thynn
1730 views

Untitled
1349 views

Untitled
1446 views

Untitled
1424 views

More nothing
1300 views
View more
Advertisement

Reticulating splines

About GameDev.net
Community Guidelines
Terms of Service
Privacy Policy
Contact Us
Copyright (c) 1999-2024 GameDev.net, LLC
Back to Top