Hooking
[hook]
- For the slang term meaning female prostitution, see prostitution. For the ice hockey penalty, see hooking (ice hockey).
Hooking in programming is a technique employing so-called hooks to make a chain of procedures as an event handler. Thus, after the handled event occurs, control flow follows the chain in specific order. The new hook registers its own address as handler for the event and is expected to call the original handler at some point, usually at the end. Each hook is required to pass execution to the previous handler, eventually arriving to the default one, otherwise the chain is broken. Unregistering the hook means setting the original procedure as the event handler.
Hooking can be used for many purposes, including debugging and extending original functionality. It can also be misused to inject (potentially malicious) code to the event handler - for example, rootkits try to make themselves invisible by faking the output of API calls that would otherwise reveal their existence.
A special form of hooking employs intercepting the library functions calls made by a process. Function hooking is implemented by changing the very first few code instructions of the target function to jump to an injected code. Alternatively on systems using the shared library concept , the interrupt vector table or the import descriptor table can be modified in memory
Examples
Hooking is an extremely complex process on most systems, and the programs trying to hook usually have to be run with administrator privileges. There are very few practical applications using hooks whose source is open: However there is one library once provided by Microsoft in a sample, which can be used to hook function calls into Dynamic-link library files: The original sample is hard to acquire, but key files are still available on some SVN repositories, for example on Sourceforge: Link on the SVN repository by SF.net The sample is commented and should explain itself. Another example can be found in the source code of the Psotnic IRC bot.Libraries
- Detours is a general purpose function hooking library created by Microsoft Research which works in C / C++.
- Deviare API Hook Library is implemented as a group of COM objects and can be used in VB, .NET, Delphi, C / C++ and Python.
Hook API
- APISpy32 is an application used to hook win32 API.
- Spy Studio API Spy lets you hook windows API and watch and modify the parameters of the calls.
See also
This article is licensed under the GNU Free Documentation License.
Last updated on Wednesday September 17, 2008 at 21:27:13 PDT (GMT -0700)
View this article at Wikipedia.org - Edit this article at Wikipedia.org - Donate to the Wikimedia Foundation
|
|
|
|
|
|
|
|
|
|
|
