Awesome

PolyHook - x86/x64 Hooking Library

Provides abstract C++ 11 interface for various hooking methods

Technical Writeup: https://www.codeproject.com/articles/1100579/polyhook-the-cplusplus-x-x-hooking-library

OUTDATED

Please use V2: https://github.com/stevemk14ebr/PolyHook_2_0. Consider sponsoring my development by clicking sponsor up in the top right!

Hooking Methods*:

1. Detour

• Description: Modifies opcode to jmp to hook and allocates a trampoline for jmp back
• Length Disassembler Support (Capstone)
• Supports Code Relocation, including EIP/RIP relative instructions

2. Virtual Function Detour :

• Description: Detours the function pointed to by the Vtable

3. Virtual Function Pointer Swap

• Description: Swaps the pointer in the Vtable to your hook

4. Virtual Table Pointer Swap

• Description: Swaps the Vtable pointer after copying pointers in source Vtable, then swaps virtual function pointer in the new copy

5. Import Address Table

• Description: Swaps pointer in the import address table to the hook

6. VEH

• Description: Intercepts an exception generated on purpose, sets instruction pointer to handler, then resets exception generating mechanism

• Methods to generate exception: INT3 Breakpoints, Guard Page violations.

• Note: it is important to call the GetProtectionObject function INSIDE of your callback as per my example for all VEH hooks

• Other exception generation methods are in development

• All methods support x86 and x64

• Relies on modified capstone branch https://github.com/stevemk14ebr/capstone

• More Information can be found at the wiki to the right

Credits to DarthTon, evolution536, Dogmatt

Samples:

The file Tests.cpp provides examples for every type of hooking method. Accompanied with these examples is unit testing code provided by the fantastic library Catch (https://github.com/philsquared/Catch/blob/master/docs/tutorial.md). With the addition of this code the example may look a little complex, the general interface is extremely simple, all hook types expose setup, hook, and unhook methods:

std::shared_ptr<PLH::Detour> Detour_Ex(new PLH::Detour);
Detour_Ex->SetupHook((BYTE*)&MessageBoxA,(BYTE*) &hkMessageBoxA); //can cast to byte* to
Detour_Ex->Hook();
oMessageBoxA = Detour_Ex->GetOriginal<tMessageBoxA>();
Detour_Ex->UnHook();

LICENSE:

MIT