PDA

Click to See Complete Forum and Search --> : Hooking Alternatives

Fandu_Nagesh
March 27th, 2003, 11:43 PM
Hi Gurus
Is there any other way to get the effect of Hooking?.
As I am currently using WinApis SetWindowHookEx etc. for hooking. I want to know is there any other technique to
do the same as hooking for 3rd party application.
All ideas and suggestions are invited

Regards
Rajesh :(
galathaea
March 28th, 2003, 02:53 AM
Here are the alternatives I have used and / or seen:

Subclassing windows -- basically you just use Set/GetWindowLong or related APIs to store the windows message procedure function pointer and then replace it with your own. All messages get sent to your procedure and you can decide to pass messages along as you feel.
Patching the PE import or export tables -- you replace the function address of the APIs called by or exposed by a module (exe, dll, etc.) with your own functions address. This allows you to specifically pick out Win32 and other APIs and intercept their calls.
Debug breakpointing -- you place breakpoints at places where you want to intercept communications (like in the main message loop, for example). You run your program as a debugger in a separate process and perform what you need to when a breakpoint gets fired. You can even adjust stack variables and the rest of the environment before you return from the break.
Patching the service descriptor table -- this is a ring0 solution that is really powerful because you get all of the API calls that go down to ring0 without needing a per-process hook, and you have full kernel privileges. New Technology systems only, but quite fun!
Other exposed kernel hooks -- like that of the file system. I've only used the file system ring0 hooks myself, but I thought I noticed a few other places in the DDK where the system exposed kernel APIs for hooking.
Patch the IDT -- now that's just getting silly. Patching the IDT allows you to take full control of the processor away from the OS and do whatever the heck you want.

There are a few others. Ivo Ivanov's article in the System section of CodeGuru gives an overview of some of the API interception techniques. There are a couple others I've never bothered with yet (proxy dlls....), but I hope this is a start.
Fandu_Nagesh
March 30th, 2003, 11:02 PM
Hi galathaea
Thanx for repling my query. The given details are enough for understanding the hooking methods. I posted this query B'coz most of the books concentrate on Windows Hooking (i.e setWindowsHookex etc). The given details are much helpful for me..
Really thanx a lot
Regards
Rajesh
;)