All geek questions in one place

Greetings API calls in the current process?

How do I intercept / redirect a function to a DLL (say CreateThread from Kernel32.dll) loaded into the current process?

(I have no control over which code fragments call CreateThread , so I don't like that I can just have code instead.)

Language doesn't really matter; I suggest that C / C ++ would be the best choice for this.

Update:

I forgot to mention: I'm not looking for solutions that require combining additional libraries into my program; I was looking for a manual way to intercept (for example, by rewriting the address of a function), and not to use an external library for this.

But thanks to those who mentioned the external library; Sorry, I have not said this before.

+4
source share
4 answers

Check out http://easyhook.codeplex.com/

This is the Hooking API. Its open source, very easy to use!

+2
source

there is an MS library for this: Detours

+3
source

also check this article: Detecting API Connections

+2
source

(This would most likely be more appropriate as a “comment” in the “Volumes” answer, but since my “reputation” is not enough to add comments yet, I think let me post it as an answer)

This post under this thread ("DirectShow Question") mentions an alternative / homegrown alternative to Detours (with some rough code example) by Alessandro Angeli.

I actually first found it in another thread ("problem connecting cocreateinstance") , as well as searching for the creation of COM components, tracing (this second thread is more focused on cross-connection).

Let me also add a link for WinAPIOverride32 (Jacquelin Potier) for convenience here. It seems to have “developed by the GUI developer” :), but there are no complaints at all, as it is open source (as mentioned above).

+2
source

Source: https://habr.com/ru/post/1336621/

More articles:


All Articles