Hook after Function execution

c++ / delphi package - dll injection and api hooking
Post Reply
mannujam
Posts: 2
Joined: Sun Mar 30, 2008 8:12 am
Location: india

Hook after Function execution

Post by mannujam »

Is it possible to hook an API but after its execution. Before it is returning
iconic
Site Admin
Posts: 994
Joined: Wed Jun 08, 2005 5:08 am

Re: Hook after Function execution

Post by iconic »

Can you please be more specific? Do you mean somewhere in the middle of execution?

—Iconic
madshi
Site Admin
Posts: 10365
Joined: Sun Mar 21, 2004 5:25 pm

Re: Hook after Function execution

Post by madshi »

I what he's asking is to do processing after the original API was called? If so, yes, that's easily possible. Basically your API hook callback function looks like this:

Code: Select all

int SomeApiCallback(int param)
{
  // you can do some processing here
  int result = SomeApiOriginalApi(param);
  // you can do some more processing here
  return result;
}
So when any thread calls the hooked API, it will end up in your "SomeApiCallback()" routine, and the original API will not be called at all. In your hook callback routine you can then do whatever you like. You can call the original API with the original parameters, with modified parameters, or not at all. And you can do processing before and/or after calling the original API. It's completely up to you.
iconic
Site Admin
Posts: 994
Joined: Wed Jun 08, 2005 5:08 am

Re: Hook after Function execution

Post by iconic »

Ahh ok, that's probably what he meant then :D I read it as
Hook after Function execution
In which case you could use a VEH hook through PAGE_GUARD tripping/resetting and single-step to play with the registers directly (modify eip/rip etc.)

--Iconic
mannujam
Posts: 2
Joined: Sun Mar 30, 2008 8:12 am
Location: india

Re: Hook after Function execution

Post by mannujam »

Thnaks Guys, will check the info and will respond
Post Reply