what would happen

c++ / delphi package - dll injection and api hooking

what would happen

Postby wineggdrop » Mon Dec 23, 2019 9:20 pm

the EncodePointer() isn't exported from kernel32.dll on windows 2k.if I use madhook to hook this API and redirect the call to my own code such as Detour_EncodePointer,when an application runs on windows 2k and call EncodePointer(),would my code Detour_EncodePointer get called?(assume my dll with hooked code run with the application)
wineggdrop
 
Posts: 17
Joined: Mon Nov 18, 2019 6:18 am

Re: what would happen

Postby iconic » Tue Dec 24, 2019 12:52 am

the EncodePointer() isn't exported from kernel32.dll on windows 2k

True. It isn't available until Windows XP SP2 according to MSDN
when an application runs on windows 2k and call EncodePointer

If it doesn't exist which you've previously described then how can you call it? Not sure if I follow.
Do you mean another kernel32.dll from a different directory exporting a function named EncodePointer?
If so then yes, but unless you're posing as another module with the same function name it makes no sense to me
considering it's not available to call before XP SP2.

If the API doesn't exist it cannot be hooked. If it exists in a newer OS version or service pack then the hook is set.

--Iconic
iconic
Site Admin
 
Posts: 940
Joined: Wed Jun 08, 2005 5:08 am

Re: what would happen

Postby madshi » Mon Dec 30, 2019 5:59 pm

Usually applications statically link to kernel32 APIs. An application statically linking to EncodePointer() will not even run in older OSs. The OS will simply refuse to load it.

Of course an application could dynamically link to EncodePointer, so the application can still run in Windows 2000. In that case GetProcAddress() will return NULL for this API.

In both cases the call to HookAPI() will not have any effect.
madshi
Site Admin
 
Posts: 10121
Joined: Sun Mar 21, 2004 5:25 pm


Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 7 guests

cron