Jump to content

Using Windows Hooks


Eric Strain

Recommended Posts

Hi

I have a question about windows hooks, hopefully someone here can help. If a user-mode program sets a hook function in a OS librrary file (as opposed to hooking a function in a custom written dll or lib file) will other programs that use that dll / lib file have their execution paths altered by the hooked function (assuming the program has called the hooked function) or will the program be able to call the unhooked version of the function?

What if the program uses WriteProcessMemory( ) and VirtualAllocEx( ) to allocate the memory that will be written to in the remote process, for example a process in the Kernel32.lib file, will other programs that were statically linked with that library have to execute the edited version of the function (assuming the function being called is the one that was edited by WriteProcessMemory( )

I've been experimenting with WPM( ) and associated functions trying to edit the in-process memory of a secondary app but with very limited success. The function appears to succeed, but the process memory of the target app is not changed or edited in any way. I think I need a kernel-mode dll and a bunch of hooks, but I really don't want to do it that way if I can avoid it. any ideas???

Thanks guys.

Link to comment
Share on other sites


  • Views 866
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...