what would happen

c++ / delphi package - dll injection and api hooking
Post Reply
wineggdrop
Posts: 19
Joined: Mon Nov 18, 2019 6:18 am

what would happen

Post by wineggdrop »

the EncodePointer() isn't exported from kernel32.dll on windows 2k.if I use madhook to hook this API and redirect the call to my own code such as Detour_EncodePointer,when an application runs on windows 2k and call EncodePointer(),would my code Detour_EncodePointer get called?(assume my dll with hooked code run with the application)
iconic
Site Admin
Posts: 1019
Joined: Wed Jun 08, 2005 5:08 am

Re: what would happen

Post by iconic »

the EncodePointer() isn't exported from kernel32.dll on windows 2k
True. It isn't available until Windows XP SP2 according to MSDN
when an application runs on windows 2k and call EncodePointer
If it doesn't exist which you've previously described then how can you call it? Not sure if I follow.
Do you mean another kernel32.dll from a different directory exporting a function named EncodePointer?
If so then yes, but unless you're posing as another module with the same function name it makes no sense to me
considering it's not available to call before XP SP2.

If the API doesn't exist it cannot be hooked. If it exists in a newer OS version or service pack then the hook is set.

--Iconic
madshi
Site Admin
Posts: 10434
Joined: Sun Mar 21, 2004 5:25 pm

Re: what would happen

Post by madshi »

Usually applications statically link to kernel32 APIs. An application statically linking to EncodePointer() will not even run in older OSs. The OS will simply refuse to load it.

Of course an application could dynamically link to EncodePointer, so the application can still run in Windows 2000. In that case GetProcAddress() will return NULL for this API.

In both cases the call to HookAPI() will not have any effect.
Post Reply