PolyHook - x86/x64 Hooking Library
Provides abstract C++ 11 interface for various hooking methods
Technical Writeup: https://www.codeproject.com/articles/1100579/polyhook-the-cplusplus-x-x-hooking-library
OUTDATED
Please use V2: https://github.com/stevemk14ebr/PolyHook_2_0. Consider sponsoring my development by clicking sponsor up in the top right!
Hooking Methods*:
- Detour
- Description: Modifies opcode to jmp to hook and allocates a trampoline for jmp back
- Length Disassembler Support (Capstone)
- Supports Code Relocation, including EIP/RIP relative instructions
- Virtual Function Detour :
- Description: Detours the function pointed to by the Vtable
- Virtual Function Pointer Swap
- Description: Swaps the pointer in the Vtable to your hook
- Virtual Table Pointer Swap
- Description: Swaps the Vtable pointer after copying pointers in source Vtable, then swaps virtual function pointer in the new copy
- Import Address Table
- Description: Swaps pointer in the import address table to the hook
- VEH
-
Description: Intercepts an exception generated on purpose, sets instruction pointer to handler, then resets exception generating mechanism
-
Methods to generate exception: INT3 Breakpoints, Guard Page violations.
-
Note: it is important to call the GetProtectionObject function INSIDE of your callback as per my example for all VEH hooks
-
Other exception generation methods are in development
-
All methods support x86 and x64
-
Relies on modified capstone branch https://github.com/stevemk14ebr/capstone
-
More Information can be found at the wiki to the right
Credits to DarthTon, evolution536, Dogmatt
Samples:
The file Tests.cpp provides examples for every type of hooking method. Accompanied with these examples is unit testing code provided by the fantastic library Catch (https://github.com/philsquared/Catch/blob/master/docs/tutorial.md). With the addition of this code the example may look a little complex, the general interface is extremely simple, all hook types expose setup, hook, and unhook methods:
std::shared_ptr<PLH::Detour> Detour_Ex(new PLH::Detour);
Detour_Ex->SetupHook((BYTE*)&MessageBoxA,(BYTE*) &hkMessageBoxA); //can cast to byte* to
Detour_Ex->Hook();
oMessageBoxA = Detour_Ex->GetOriginal<tMessageBoxA>();
Detour_Ex->UnHook();LICENSE:
MIT