Hook after Function execution

c++ / delphi package - dll injection and api hooking

Hook after Function execution

Postby mannujam » Fri Nov 08, 2019 8:00 am

Is it possible to hook an API but after its execution. Before it is returning
mannujam
 
Posts: 2
Joined: Sun Mar 30, 2008 8:12 am
Location: india

Re: Hook after Function execution

Postby iconic » Fri Nov 08, 2019 5:53 pm

Can you please be more specific? Do you mean somewhere in the middle of execution?

—Iconic
iconic
Site Admin
 
Posts: 924
Joined: Wed Jun 08, 2005 5:08 am

Re: Hook after Function execution

Postby madshi » Wed Nov 13, 2019 3:46 pm

I what he's asking is to do processing after the original API was called? If so, yes, that's easily possible. Basically your API hook callback function looks like this:

Code: Select all
int SomeApiCallback(int param)
{
  // you can do some processing here
  int result = SomeApiOriginalApi(param);
  // you can do some more processing here
  return result;
}

So when any thread calls the hooked API, it will end up in your "SomeApiCallback()" routine, and the original API will not be called at all. In your hook callback routine you can then do whatever you like. You can call the original API with the original parameters, with modified parameters, or not at all. And you can do processing before and/or after calling the original API. It's completely up to you.
madshi
Site Admin
 
Posts: 10081
Joined: Sun Mar 21, 2004 5:25 pm

Re: Hook after Function execution

Postby iconic » Wed Nov 13, 2019 4:19 pm

Ahh ok, that's probably what he meant then :D I read it as
Hook after Function execution
In which case you could use a VEH hook through PAGE_GUARD tripping/resetting and single-step to play with the registers directly (modify eip/rip etc.)

--Iconic
iconic
Site Admin
 
Posts: 924
Joined: Wed Jun 08, 2005 5:08 am

Re: Hook after Function execution

Postby mannujam » Thu Nov 14, 2019 5:07 am

Thnaks Guys, will check the info and will respond
mannujam
 
Posts: 2
Joined: Sun Mar 30, 2008 8:12 am
Location: india


Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 8 guests