Giter Club home page Giter Club logo

polyhook's Introduction

PolyHook - x86/x64 Hooking Library

Provides abstract C++ 11 interface for various hooking methods

#Hooking Methods*:

  1. Detour
  • Description: Modifies opcode to jmp to hook and allocates a trampoline for jmp back
  • Length Disassembler Support (Capstone)
  • Supports Code Relocation, including EIP/RIP relative instructions
  1. Virtual Function Detour :
  • Description: Detours the function pointed to by the Vtable
  1. Virtual Function Pointer Swap
  • Description: Swaps the pointer in the Vtable to your hook
  1. Virtual Table Pointer Swap
  • Description: Swaps the Vtable pointer after copying pointers in source Vtable, then swaps virtual function pointer in the new copy
  1. Import Address Table
  • Description: Swaps pointer in the import address table to the hook
  1. VEH

  • Description: Intercepts an exception generated on purpose, sets instruction pointer to handler, then resets exception generating mechanism

  • Methods to generate exception: INT3 Breakpoints, Guard Page violations.

  • Note: it is important to call the GetProtectionObject function INSIDE of your callback as per my example for all VEH hooks

  • Other exception generation methods are in development

  • All methods support x86 and x64

  • Relies on modified capstone branch https://github.com/stevemk14ebr/capstone

  • More Information can be found at the wiki to the right

Credits to DarthTon, evolution536, Dogmatt

#Samples: The file Tests.cpp provides examples for every type of hooking method. Accompanied with these examples is unit testing code provided by the fantastic library Catch (https://github.com/philsquared/Catch/blob/master/docs/tutorial.md). With the addition of this code the example may look a little complex, the general interface is extremely simple, all hook types expose setup, hook, and unhook methods:

std::shared_ptr<PLH::Detour> Detour_Ex(new PLH::Detour);
Detour_Ex->SetupHook((BYTE*)&MessageBoxA,(BYTE*) &hkMessageBoxA); //can cast to byte* to
Detour_Ex->Hook();
oMessageBoxA = Detour_Ex->GetOriginal<tMessageBoxA>();
Detour_Ex->UnHook();

#LICENSE: MIT

polyhook's People

Contributors

stevemk14ebr avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.