From Collaborative RCE Tool Library

Jump to: navigation, search

Win32 CodeHook

Tool name: Win32 CodeHook
Rating: 0.0 (0 votes)
Author: Wang Qi                        
Website: http://www.kbasm.com/codehook.html
Current version: 1.0.0
Last updated:
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Win32 CodeHook is an open source library for binary code hook and redirect for Win32 Delphi and C++.

Features and advantages
1. Can hook function that starts with jump instructions.
Most other simple API/code hook technic can not hook functions that first several instructions include jump instructions such like jmp, jcc (jump if condition is met), call, jecxz, etc.
CodeHook can rewrite those instructions in a safe way and continue hooking.
The only instructions that can prevent CodeHook from hooking are ret and iret, which indicate the function end is met and the function is too short to hook.

2. Very easy to use.
CodeHook not only supports raw mode code hooking, it also supports advanced hooking.
CodeHook can generate "bridge code" that connects your hook code to the target code.
Thus you only need to writer hook code in a unique form (unique prototype functions) rather than writting different hook code for different target.
The typical hook prototype is,
Delphi syntax: function HookCallback(AHandle: TCodeHookHandle; AParams: PCodeHookParamAccessor): Cardinal; CallingConvertion;
C++ syntax: DWORD CallingConvertion HookCallback(TCodeHookHandle AHandle, PDWORD AParams);
This feature makes it possible to use one hook function to hook multiple functions. See the Delphi sample code. And this is how I do in the new Denomo package.
And even better, both of the hook and target functions can have various calling conventions. The calling conventions now supported are stdcall (used by Windows APIs), cdecl (used by C), and register call (used by Delphi).

3. Very flexible.
CodeHook separates your hook function from the target function. Your hook function can fully replace the target function, or call old target function in the hook function in any time you want.
And even more flexible, you can easily modify the parameters before passing them to the old target function.

4. Can be used by any program language which can use a DLL.
Though CodeHook is written in Delphi, the CHook.dll can be used by any other languages such like C++. In fact CodeHook has sample code that written in Delphi and C++. The sample C++ code can be compiled by VC6 and Borland C++ 5.5 or C++ Builder (BCB).

5. Free and open source.
The license is MPL.

6. More feature will come soon.
CodeHook was made to use in Denomo (a memory leak detection tool), so it now only supports in-process hooking. But inter-process hooking and DLL injection will be added in the near future versions.

CodeHook itself has been verified that it can be compiled by Delphi 7 and Delphi 2007. It should but not must be able to be compiled by Delphi 6, Delphi 2005, and Delphi 2006.
CHook.dll can be used by any language that supports DLL, pointer, and data structure.
Related URLs: No related URLs have been submitted for this tool yet


RSS feed Feed containing all updates for this tool.

You are welcome to add your own useful notes about this tool, for others to see!



If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)


Views
Category Navigation Tree
   Needs New Category  (3)