#include <CATIntercept.h>
CATIntercept provides a way to directly hook functions within the current process. To use it, first create a hook function for the function you wish to hook. It needs to be akin to the following:
CATHOOKFUNC int HookedFunc(CATHOOK* hookInfo, PARAMTYPE param_1, ..., PARAMTYPE param_n) { CATHOOK_PROLOGUE(numParams); /* Your code here to execute prior to original function */ CATHOOK_CALLORIGINAL(hookInfo,numParams); /* Your code here for post-execution */ /* Set the return value if desired... */ CATHOOK_SETRETURN(returnValue); CATHOOK_EPILOGUE(numParams); }
Once you've created the hook function for each function you wish to intercept, you may instantiate a CATIntercept object and call Intercept() for each function.
CATIntercept works by overwriting the target function's first 5 with a jump directly into the returned CATHOOK structure. The CATHOOK structure then sets up the registers for the hook function and passes control to it. To call the original function within the hook function, CATHOOK_CALLORIGINAL executes the original bytes from the start of the target function, then jumps to just *after* the jump it patched the function with.
While this allows us to be reentrant on hooked functions and not have to beat up import tables, it does present a problem - the code at the start of the target function may not be exactly 5 bytes in length for a proper decode.
At the moment, you'll need to debug into the target function and figure out how many bytes to save, then pass that as the stubLength to Intercept(). Eventually, this is screaming to have a basic disassembler written for it to determine the proper number of bytes automatically. Note that we do currently follow 0xe9 jumps, so it will find the actual function within the jump table (or other similar hooks!)
Definition at line 211 of file CATIntercept.h.
Public Member Functions | |
CATIntercept () | |
virtual | ~CATIntercept () |
CATResult | Intercept (void *targetFunc, void *hookFunc, CATUInt32 stubLength, CATHOOK *&newHook, void *userParam=0) |
CATResult | Restore (CATHOOK *&hookInfo) |
void | RestoreAll () |
CATResult | SaveInterceptData (const CATWChar *objectName, void *comObject, CATINTERCEPT_COM_TABLE_ENTRY *interceptTable, void *userParam) |
CATResult | LoadAndHook (const CATWChar *objectName, CATINTERCEPT_COM_TABLE_ENTRY *interceptTable, void *userParam) |
Load interception data from the registry if it's available. | |
CATResult | InterceptCOMObject (void *comObject, CATINTERCEPT_COM_TABLE_ENTRY *interceptTable, void *userParam) |
Hooks all the functions in a COM interface that are specified in a table. | |
CATResult | InterceptDLL (HMODULE module, CATINTERCEPT_DLL_TABLE_ENTRY *interceptTable, void *userParam) |
Static Public Member Functions | |
static void * | GetFunctionFromVTable (void *objectPtr, CATUInt32 vtableIndex) |
Protected Attributes | |
std::vector< CATHOOK * > | fHooks |