Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

C++ hooking a dll?

Tags:

c++

hook

Is there a quick way to hook a dll in c++? I know there is Microsoft's Detours thing, but isn't there a quick a simple way just to hook a few dll functions?

For example I want to hook a the function void mytestfunction() in the dll mytestdll.dll to hook_mytestfunction().

thanks in advance!

like image 580
enuree Avatar asked Jan 26 '10 02:01

enuree

People also ask

What are DLL hooks?

Hooking is a technique for altering the behaviour of an operating system or application by intercepting API function calls. Code that handles such interceptions is called a hook procedure. A hook procedure can act on each event it receives, and then modify or discard the event.

How do I use a DLL file?

Open the folder with the DLL file. Once you find the folder, hold the Shift key and right-click the folder to open the command prompt directly in that folder. Type "regsvr32 [DLL name]. dll" and press Enter.

What is hooking a process?

This is called Hooking—the process by which an application intercepts an API call between two other applications. In the example above, the intercepting function (called a hook procedure) altered the data passed onto the recipient (the text editor), but that is not always the case.

2 Answers

Probably the easiest way is to put your own wrapper DLL with the same name in the directory of the EXE, and put a copy of the hooked DLL in the same directory with a new name. Then, in the IAT of your wrapper DLL, redirect any non-intercepted call to the wrapped DLL (export forwarding), and implement the others yourself.

To redirect functions, put the following line in your .DEF file: Foo=wrapped_mytestdll.Foo where Foo is the (mangled) function name and wrapped_mytestdll is the new name of the copied DLL.

As a result, the affected EXE loads your wrapper DLL, and in turn the wrapped DLL. Functions in your wrapper DLL take precedence over the wrapped DLL. The only calls not intercepted are calls by the wrapped DLL to itself, as those don't go through your IAT.

(I've since found a link to a tool to generate a basic ".DEF" file, but haven't tested it myself. Use at your own risk.)

like image 125
MSalters Avatar answered Oct 27 '22 01:10

MSalters

Detours is the quick and simple way!

like image 26
xian Avatar answered Oct 26 '22 23:10

xian
Sign in to Comment

Related questions

Different cv-qualifiers with structured bindings
align code statement (type,variable,equal sign,etc) for a group of lines in Visual Studio
Is there any difference with undefined behaviour between iterator and scalar object?
Can I serialize / dserialize flatbuffers to / from JSON?
How does BOOST_PP_SEQ_FOLD_LEFT work?
Reference to uninitialized object
ladder-like C++ virtual inheritance
function template with unused template parameter
class constructor precedence with a variadic template constructor for a value wrapper
C++ new if statement with initializer
Compare ptr with nullptr in gtest
Why is std::is_aggregate<T> an aggregate?
Can a non-type template parameter be of type "void*"?
Can span be constexpr?
What is an equivalent replacement for std::unary_function in C++17?
Write large file
What is the optimization level ( g++ ) you use while comparing two different algorithms written in C++ ?
building boost python examples using Visual Studio 2008
2D vector modelling for game development
What exactly is a PWSTR and why use this naming compared to char*, std::string, or CString in C++?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!