From Collaborative RCE Tool Library

Jump to: navigation, search

Ultimate Hooking Engine

Tool name: Ultimate Hooking Engine
Rating: 4.0 (1 vote)
Author: deroko of ARTeam                        
Website: http://deroko.phearless.org
Current version:
Last updated: August 10, 2007
Direct D/L link: Locally archived copy
License type: Free
Description: Engine allows anyone to hook APIs very easily using their hooking dll.

Each hooking dll might have 3 types of exports:
1. prefixed HOOK
2. prefixed Detoured
3. hookmain (optional)

1. Whenever you want to hook some API you will put this kind of export:

HOOK_kernel32_GetModuleHandleA
HOOK_user32_MessageBoxA

Also note that inline hook will point to this procedure so this procedure
will have all of your code responsible for certain API.

2. To be able to call original API from your hook you should export also
this variable (in C/C++ it will be function pointer):

Note how variables are prefixed with "Detoured_"

Detoured_GetModuleHandleA
Detoured_MessageBoxA

Here is one example from C/C++ code:

extern "C" __declspec(dllexport) HMODULE (__stdcall *Detoured_GetModuleHandleA)(LPCTSTR modulename) = NULL;

extern "C" HMODULE __declspec(dllexport) __stdcall HOOK_kernel32_GetModuleHandleA(LPCTSTR modulename){
return Detoured_GetModuleHandleA(modulename);
}

Note also that this is optional, if you don't need to call orignal proc,
then you don't need this export.

Note that when working with MSVC2005 it will always screw export name for
procedures while function pointers are properly exported, so add this line
to your .def file:

HOOK_kernel32_GetModuleHandleA = _HOOK_kernel32_GetModuleHandleA@4
Detoured_GetModuleHandleA


3. hookmain

hookmain is export which has this prototype:

void __stdcall hookmain();

This procedure will be called before program jumps to entrypoint of
target, here you may add some extra code, it isn't very useful and
all initialization you may perfrom in DllEntry, but I leave this here
just in case that you want to start your own tracer before code jmps
to entrypoint. At least that's why I'm using it.
Related URLs: No related URLs have been submitted for this tool yet


RSS feed Feed containing all updates for this tool.

You are welcome to add your own useful notes about this tool, for others to see!

Retrieved from "http://www.woodmann.com/collaborative/tools/index.php/Ultimate_Hooking_Engine"


If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)

Views
Category Navigation Tree
RCE Tools
   Categorized by Target Type  (176)
   Categorized by Tool Type  (983)
   Anti Anti Test Tools  (15)
   Assemblers  (15)
   Code Coverage Tools  (12)
   Code Injection Tools  (32)
   Code Ripping Tools  (2)
   Crypto Tools  (5)
   Data Extraction Tools  (19)
   Debuggers  (42)
   Decompilers  (20)
   Deobfuscation Tools  (12)
   Dependency Analyzer Tools  (5)
   Diff Tools  (29)
   Disassemblers  (45)
   Dongle Analysis Tools  (24)
   Exe Analyzers  (31)
   Firefox Extensions  (1)
   GUI Manipulation Tools  (16)
   Hardware Reversing Tools  (24)
   Hex Editors  (12)
   IDA Signature Creation Tools  (5)
   Kernel Tools  (13)
   Memory Data Tracing Tools  (6)
   Memory Patchers  (3)
   Memory Search Tools  (7)
   Monitoring Tools  (110)
   Network Tools  (15)
   PE Executable Editors  (79)
   .NET Executable Editors  (7)
   Code Injection Tools  (32)
   Executable CRC Calculators  (3)
   Export Editors  (2)
   Import Editors  (7)
   PE EXE Signature Tools  (2)
   Relocation Tools  (4)
   Resource Editors  (12)
   Packers  (16)
   Patch Packaging Tools  (7)
   Profiler Tools  (10)
   Programming Libraries  (32)
   Regular Expression Tools  (3)
   Resource Editors  (12)
   Reverse Engineering Frameworks  (7)
   Source Code Tools  (11)
   String Finders  (5)
   Symbol Tools  (11)
   System Information Extraction Tools  (7)
   Technical PoC Tools  (7)
   Test and Sandbox Environments  (16)
   Tool Extensions  (137)
   Tool Hiding Tools  (5)
   Tool Signatures  (22)
   Tracers  (17)
   Unpacking Tools  (59)
   Needs New Category  (2)