首页
社区
课程
招聘
[转帖]EasyHook - The reinvention of Windows API Hooking
发表于: 2008-7-27 10:44 5485

[转帖]EasyHook - The reinvention of Windows API Hooking

2008-7-27 10:44
5485
EasyHook - The reinvention of Windows API Hooking

Project Description
EasyHook starts where Microsoft Detours ends.
This project supports extending (hooking) unmanaged code (APIs) with pure managed ones, from within a fully managed environment like C# using Windows 2000 SP4 and later, including Windows XP x64, Windows Vista x64 and Windows Server 2008 x64.
You may write injection libraries in any .NET language compiled for AnyCPU targeting all Windows Versions since Windows 2000 SP4 and all common processor architectures using one file. By being written entirely in C# and C++.NET, EasyHook offers you a new dimension of stability and ease of use, which will totally redefine your hooking experience.

The following is an incomplete list of features:


No resource or memory leaks are left in the target
A so called "Thread Deadlock Barrier" will get rid of many core problems when hooking unknown APIs; this technology is unique to EasyHook
Support for Windows Vista SP1 x64 and Windows Server 2008 SP1 x64 by utilizing totally undocumented APIs, to still allow hooking into any terminal session.
You can write managed hook handlers for unmanaged APIs
All hooks are installed and automatically removed in a stable manner
You can use all the convenience managed code provides, like NET Remoting, WPF and WCF for example
EasyHook has done extensive work to provide managed handlers for unmanged code and this will finally lead into a stable way of hooking.
You will be able to write injection libraries and host processes compiled for AnyCPU, which will allow you to inject your code into 32- and 64-Bit processes from 64- and 32-Bit processes by using the very same assembly in all cases.
EasyHook supports RIP-relative addressing relocation for 64-Bit targets.

The library is currently still in BETA state, but should be stable enough for development. Don't hesitate to report any bugs you find, because that's the only way for me to fix them. You can be sure that any serious bug you report, will be fixed soon...

The source code is complex and has many implicit dependencies. So don't try do base development on source code but only on the public API!
If your project requires any specific feature that is currently only visible to the library internals, or not implemented at all, you may open a discussion and if your desired feature is considered to be worthful, I will try to add it!

Best regards
Christoph Husse


http://www.codeplex.com/easyhook

[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

收藏
免费 1
支持
分享
最新回复 (4)
雪    币: 427
活跃值: (412)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
2008-7-27 11:13
0
雪    币: 79
活跃值: (35)
能力值: ( LV2,RANK:150 )
在线值:
发帖
回帖
粉丝
3
在用,相当不错,不过还是要多用,然后有经验才行。

我在做一个Hook各种COM的东西^_^

比如拦截ADO中Recordset的Open方法,就知道一个程序怎么操作数据库了^_^
2009-5-25 23:26
0
雪    币: 97697
活跃值: (200829)
能力值: (RANK:10 )
在线值:
发帖
回帖
粉丝
4
Test it again.
2009-5-25 23:35
0
雪    币: 79
活跃值: (35)
能力值: ( LV2,RANK:150 )
在线值:
发帖
回帖
粉丝
5
我做的这东西,输入类名和方法名,就可以Hook这个方法了,不过实现起来有点丑陋,还得为这个方法写委托,真累。

老大有没有办法做到通过配置实现Hook一个COM里面的方法,只要把参数记录下来就可以了^_^

还有,能不能把调用这个方法的地址和模块给记下来。
2009-5-29 15:28
0
游客
登录 | 注册 方可回帖
返回
//