Directly Hooking a Function
-
Say I know the address of a function (does this help), I want it to call my copy of the function, and then the original function. I want to do it without making a wrapper, and without hooking GetProcAddress because I can already do it that way, but i'd like a much more direct way possibly involving inline asm etc. Any help + ideas is appreciated. :)
-
Say I know the address of a function (does this help), I want it to call my copy of the function, and then the original function. I want to do it without making a wrapper, and without hooking GetProcAddress because I can already do it that way, but i'd like a much more direct way possibly involving inline asm etc. Any help + ideas is appreciated. :)
> I want to do it without making a wrapper, and without hooking GetProcAddress ... You have to modify the entry point of the original function so that it first executes a
JMPinstruction to your implementation. Check this link: http://www.fengyuan.com/article/wmprint.html[^] There you will find a niceuser32!BeginPainthook implementation. However, because most user32 and kernel32 functions call an appropriate function in ntdll.dll, rather than executing the0x2Einterrupt directly (likeBeginPaintdoes), your implementation will probably differ somewhat too; it will always depend on how the entry point of the original function looks like. More useful links: 1. Intel OpCodes[^] 2. Api Hooking Revealed[^] 3. API Spying Techniques for Windows 9x, NT and 2000 [^] Regards, RK