Page 1 of 1

what would happen

Posted: Mon Dec 23, 2019 9:20 pm
by wineggdrop
the EncodePointer() isn't exported from kernel32.dll on windows 2k.if I use madhook to hook this API and redirect the call to my own code such as Detour_EncodePointer,when an application runs on windows 2k and call EncodePointer(),would my code Detour_EncodePointer get called?(assume my dll with hooked code run with the application)

Re: what would happen

Posted: Tue Dec 24, 2019 12:52 am
by iconic
the EncodePointer() isn't exported from kernel32.dll on windows 2k
True. It isn't available until Windows XP SP2 according to MSDN
when an application runs on windows 2k and call EncodePointer
If it doesn't exist which you've previously described then how can you call it? Not sure if I follow.
Do you mean another kernel32.dll from a different directory exporting a function named EncodePointer?
If so then yes, but unless you're posing as another module with the same function name it makes no sense to me
considering it's not available to call before XP SP2.

If the API doesn't exist it cannot be hooked. If it exists in a newer OS version or service pack then the hook is set.

--Iconic

Re: what would happen

Posted: Mon Dec 30, 2019 5:59 pm
by madshi
Usually applications statically link to kernel32 APIs. An application statically linking to EncodePointer() will not even run in older OSs. The OS will simply refuse to load it.

Of course an application could dynamically link to EncodePointer, so the application can still run in Windows 2000. In that case GetProcAddress() will return NULL for this API.

In both cases the call to HookAPI() will not have any effect.