![]() ![]() After the new process is spawned, but before it starts running, Hookshot causes it to load hook modules and injected DLLs. Hookshot spawns a new process using the command line with which it was provided, which can include command line arguments to pass to the target application. It is identified to Hookshot using the full path of its executable file. Target application refers to the program that is launched and modified by Hookshot. End users who are in possession of self-contained DLLs that they wish to cause an application to load will find that Hookshot offers a convenient mechanism for performing the injection. Injecting a DLL means forcing an application to load a DLL it would not ordinarily load. Second, it could do something else entirely and never invoke the original function at all. First, it could change the parameters before forwarding them to the original function. Alternatively, it could modify the behavior of the target application in one of two ways. This is achieved by making a note that the function call was made and then forwarding the call to the original function. For example, it could monitor the target application's function calls. Developers retain the ability to invoke the original function even after it is hooked.Ī hook function can be coded to do anything of the developer's choosing. Whenever a call is made to the original function, that call is transparently diverted to the hook function instead. ![]() Hooking a function call means redirecting execution from any function (the original function) to a different function (the hook function). Hookshot can only hook function calls and inject DLLs into processes that Hookshot itself spawns under the control and direction of the end user. Hookshot cannot operate in any way whatsoever on existing, already-running processes. Hookshot supports both 32-bit (x86) and 64-bit (圆4) Windows applications and offers the ability to:įor developers, Hookshot offers a simple API for hooking functions, and for end users, Hookshot is easy to configure and use. It is assumed that the reader has a basic understanding of virtual memory and assembly code on the x86 architecture. This is a very low-level and technical document.Target audience is anyone who is interested in how library injection and function call hooks work and anyone whose goal is to make modifications to Hookshot's code.combination of header file and source file) does. Topics include how Hookshot is designed, why Hookshot is designed the way it is, and what each of Hookshot's source code modules (i.e.Topics include how to build Hookshot from source.Target audience is developers who wish to use the Hookshot API.Topics include how to write a hook module, how to debug a hook module, and how link with Hookshot without creating a hook module.Topics include how to set up and configure Hookshot.Hookshot's documentation additionally includes the documents listed below. This document is intended to provide an introduction to Hookshot at a very high level. Because Hookshot acts in memory and at execution time, Hookshot does not make any changes to a target application's binary files on disk. For end users, Hookshot makes it easy to use hook modules, while at the same time offering a convenient way to inject DLLs should the need arise. These function call hooks can be encapsulated and distributed in the form of hook modules or they can included in a larger application that simply links against Hookshot. For developers, Hookshot offers an extremely simple API for hooking function calls. Hookshot enables compiled binary 32-bit (x86) and 64-bit (圆4) applications to be modified by hooking function calls and injecting DLLs. ![]()
0 Comments
Leave a Reply. |