uall wrote:everytime u want to call the API its removing the hook and after calling its installing it again
Actually that's a bad solution because of three reasons:
(1) Bad for performance (as you stated yourself).
(2) In the moment when you call the original API, you uninstall the hook. If another thread is now calling the very same API in exactly this moment, that API call is not catched. So this way you have a big hole in your hooking logic.
(3) Installing/uninstalling a hook is always dangerous. If another thread is currently running in the first 5 bytes of the API and you overwrite those 5 bytes in that moment, the thread will crash.
Just try it yourself: Hook an API like GetCurrentProcessId. In the hook callback function do nothing but calling the original API. Then create *two* (!!) threads which call this API in an endless loop. You'll see that there are no stability problems with madCodeHook, also madCodeHook will catch all API calls of both threads. But if your code steadily unhooks and rehooks by overwriting the API code, your solution will miss some API calls. Furthermore it should crash once in a while.