Results 1 to 4 of 4

Thread: Hooking all functions of a dll...any easy way?

  1. #1

    Question Hooking all functions of a dll...any easy way?

    Hi,

    I just need to hook all functions of a dll because I want to know from which address a function is called (resolving api mangling).
    My current approch:
    1. hooking LoadLibrary and read the export table of the loaded dll
    2. hook each function of the export table so my own call bridge is executed if a function gets called
    3. inside the call bridge I analyse the stack values from which address this api function returns after execution

    My solutions works but it's really error prone. So if anyone knows a better easier way of hooking a complete dll please speek up
    Preferably a solution which isn't easy detectable

    tr1stan

  2. #2
    If you know all the functions the dll exports, you could possibly just use the proxy method and code a dll with the same name and forward all the calls to original dll, grabbing all arguments passed to it first..the technique is explained here: http://www.codeguru.com/cpp/g-m/directx/directx8/article.php/c11453/Intercept-Calls-to-DirectX-with-a-Proxy-DLL.htm and other places on the net.

  3. #3
    Preferably a solution which isn't easy detectable
    This is a typical patch(verifier etc). IAT is located in the sections of code.

    You can relocate the image. Lock the memory region with IAT(PAGE_NOACCESS).

  4. #4
    As it points out I had some stupid errors in my code
    If anyone is interested in a quite good hooking engine I can recommend the MinHook engine (http://www.codeproject.com/Articles/44326/MinHook-The-Minimalistic-x86-x64-API-Hooking-Libra)
    Be sure to read some of the comments for fixing a small bug in this engine and how to speed it up.
    Anyway thanks for the support!

    tr1stan

Similar Threads

  1. imports are easy to fix
    By deroko in forum Blogs Forum
    Replies: 5
    Last Post: October 24th, 2007, 10:22
  2. easy printf reversen
    By XFlorian in forum Linux RCE
    Replies: 7
    Last Post: January 23rd, 2005, 09:50
  3. ok i'm new go easy...
    By bakeacake in forum The Newbie Forum
    Replies: 5
    Last Post: November 1st, 2004, 18:30
  4. Hooking DLL functions
    By Hero in forum The Newbie Forum
    Replies: 1
    Last Post: July 28th, 2004, 08:41
  5. easy but how ?????
    By black_ice in forum The Newbie Forum
    Replies: 3
    Last Post: November 8th, 2002, 21:13

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •