Label: hook

A hook is a mechanism that intercepts function calls, events, or system operations and redirects them to custom code. Hooks are commonly used to monitor or modify program behavior at runtime. In low-level programming, a hook often replaces or patches the original function entry point with a callback handler. Operating systems and frameworks also provide official hook APIs for events such as keyboard input, window messages, or network activity. Hooks are widely used in debugging tools, profilers, plugins, accessibility software, and security products. They are also common in reverse engineering and game modding. Incorrect hook implementation can cause crashes, recursion problems, or security risks. Modern systems may restrict hooking techniques for security reasons.

Understanding hooks is important for systems programming, API interception, and runtime analysis.

09 Mar 2017

Functions call interception via replacement of header bytes by JMP or CALL instructions

By Eduard Mishkurov

Assembler / Reverse engineering

I was describing a method of functions call interception by means of an import table in one of my previous articles. This method is more universal, since it gives an opportunity to intercept almost any calls (please see the limitations list below). However, this one is more complicated, since header modification code needs disassembling skills

01 Mar 2017

A hook on a function call via modifying an import table

By Eduard Mishkurov

Assembler / Reverse engineering

There are situations in terms of large projects when it is necessary to correct the work of one or more third-party components (such as libraries as a part of an application). The source code is rarely available in these cases and we have to use hacker approaches. I am going to consider one of the