<<<hook api with detours>>>

[billconan]

hi people,

i found a library called detours from microsoft web site (http://research.microsoft.com/sn/detours/). it is a library for hooking api. i checked out the samples it encloses, it can embed a piece of dll program which contain the "hook" function to an EXE at runtime.

and then, it uses GetCurrentThread() function to get the current thread and inject the hook function.

to hook the function, the dll's source looks like this:

DetourTransactionBegin();
//get current thread
DetourUpdateThread(GetCurrentThread());
//actually attach the hoop function to the current thread
DetourAttach(&(PVOID&) hookpointer , originalpointer );
DetourTransactionCommit();

but i don't want to write the hook function in a dll, i want to implement the whole thing in an EXE, so that i can fully control the hook function with the outside EXE.

i don't know how to get a thread of another process. is there any winapi to replace the GetCurrentThread()?

why hook api programes like the detours samples are always written as DLLs? can i just write it in an EXE and control the hook function's behavior during the target applictation's runtime?

[Hobson]

Simplified explanation: to create a hook, you have to inject some code into a process. To make injection possible, injected code has to be contained in some module, which can be loaded by target process. EXEs are not modules, which can be loaded by processes. Dynamic libraries are. So, you have to place injected code inside of dynamic library.

Injecting code is quite complicated process, with lots of Windows mechanics involved, so complete explanation is much more complicated.

Cheers

[pengch]

You need use a dll to inject the target process.

[billconan]

thank you.

then how to control the dll that is embeded into the exe with another process?