Search notes:

Reverse engineering: Hooking

Hooking: Intercept function/API calls, messages or events between programs or program parts.

Steps:

Determine the location (address) of the function to be hooked.
Change page protection (because machine language instructions need to be changed)
Modify function so that it jumps to own code (the «trampoline»).

Detours

Detours allows to re-route WinAPI calls.

Detours 4.01 is licensed under the MIT license.

git clone https://github.com/microsoft/Detours.git
cd Detours
nmake

Failed to generate a strong name key pair -- Access is denied.

cacls.exe “%ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys” /E /G Rene:F

nmake
…

TODO: detoured.dll

TODO

mfdetours.dll in the %WindowsSdkVerBinPath% directory.

Fatal error: Uncaught PDOException: SQLSTATE[HY000]: General error: 8 attempt to write a readonly database in /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php:78 Stack trace: #0 /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php(78): PDOStatement->execute(Array) #1 /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php(30): insert_webrequest_('/notes/developm...', 1758199475, '216.73.216.150', 'Mozilla/5.0 App...', NULL) #2 /home/httpd/vhosts/renenyffenegger.ch/httpsdocs/notes/development/Reverse-engineering/Hooking/index(76): insert_webrequest() #3 {main} thrown in /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php on line 78

Reverse engineering: Hooking

Detours

TODO

See also