Talk:Hooking
The C# example is good but it's missing the fact that you can marshal the keyboard event information structure pointer to an instance of that structure to get the actual keys pressed.
KBDLLHOOKSTRUCT thekeyvalues = new KBDLLHOOKSTRUCT(); Marshal.PtrToStructure(lparam, thekeyvalues); — Preceding unsigned comment added by 74.108.52.42 (talk) 05:41, 12 March 2014 (UTC)
This article was nominated for deletion on 13 January 2009 (UTC). The result of the discussion was keep. |
This article is rated Start-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | |||||||||||
|
Examples?
editCan we get some real code examples? C? Java? indil 09:43, 4 May 2006 (UTC)
- I second that request! This article (excuse me, stub) could really benefit from some examples. --Wikitonic 15:44, 19 October 2007 (UTC)
- I am going to permalink to some hooking samples I wrote in C++ for hooking Direct3D and rendering CEGUI to a foreign window - works well —Preceding unsigned comment added by Masterfreek64 (talk • contribs) 10:03, 4 February 2008 (UTC)
The examples that were shown showed nothing about hooking, they showed how to use libraries that do the hooking for you. I removed that code examples (because they simply don't explain anything related to hooking) and added code which is really hooking. Also I added two more methods called vtable and IAT hooking. TripleFault (talk) 13:05, 2 January 2014 (UTC)
Design Patterns
editFrom the description this sounds like the Chain of Responsibility pattern used as a (callback) handler.
Subversion Hooks
editIs this term relevant to Subversion hooks at all? —Preceding unsigned comment added by Guttersnipe098 (talk • contribs) 02:02, 9 July 2008 (UTC)
Point of view check
editThis article seems to be horribly biased and completely wrong in some respects. Hooking is widely used in free software. inspircd and atheme use hooks widely for example. It seems to be written mainly from a Windows development POV as well. I'm nominating it for a POV check.
--Jacob Myers (Flame me!) 01:17, 26 November 2008 (UTC)
- I concur, Also it contains multiple links to one website for some unknown reason (spam) Cites no sources or refs (no refs) etc etc «l| Ψrometheăn ™|l» (talk) 07:31, 10 January 2009 (UTC)
--TripleFault (talk) 13:09, 2 January 2014 (UTC)
- If someone could add more information about hooking in Linux except from LD_PRELOAD that would be great. I think we should add sections for the different operating systems.
As it is, I agree. But this is ancient and much more broadly used.
editIn very primitive systems, the entire operation was nothing but hooks (not the word we used then). One placed the machine code to be executed at the hook location and instructed the machine to jump there and execute to boot the machine. For example "Read the 0 block from the disk to location x", then "Jump to location x". One would then put whatever boot one wanted at block 0.
In slightly more advanced systems, one would hook (and I can't remember the slang of the time), grab the machine code at the "top" of the routine one wished to "reach around", and place it in a data location. Then one's code would run, then eventually execute the "copied" code, then branch to the next instruction in the series. This might be done for many reasons... speed being one... circumventing OS limitations/rules another... working with code for which the source had been lost or was simply unavailable. In the oldest (or perhaps the simplest), this might be the was the system was designed.
I am not sure this needs an article. If it does, it doesn't need this one, as it stands now.
Sourcing the history and the broad use would be problematic and I personally don't think it is that important to have the information under this name. Anyone have an idea for a redirect that might be useful?
Personally, I think this should link to prostitution, though that may be a very US-centric view.sinneed (talk) 00:16, 11 January 2009 (UTC)
Further, some old operating systems were nothing more than a list of locations, and a command parser. If one wanted to implement (or circumvent) the standard function (keyboard input, screen output, disk IO, file copy, whatever), one simply placed ones' own hook (and we did call THOSE hooks) at the original location. Eventually, one might pass on to the original code, or simply return, depending.
For example, one might hook the keyboard input, and replace the key strokes with sequential characters from "Slimy frogs infest your keyboard at night."... or play a sound, to provide audible keyclicks, or to check for forbidden commands like deleting a file on primitive college computers (my 1st computer security work). Old. Old technique.sinneed (talk) 00:23, 11 January 2009 (UTC)
Rewrite
editI rewrote as much as I could. I've attempted to make the article a tad easier to understand as well. Not too sure what sources to list as it's more of a concept that is better explained by examples. The exact definition provided by another could vary depending on the platform or software package. In fact I had a very hard time finding any general explanation of function hooks. There are many different uses.
I've put in both Windows and Linux code examples that I've personally used, as well as additional links that provide more information for both platforms. In regards to the examples, are there too many examples now? Also are these examples too detailed? Hopefully this is a step to making the article a bit more neutral. Unfortunately windows just has better documentation for this sort of thing.
My example
editHookHandler.h :
class HookHandler{
void* ourFunc;
void* theirFunc;
char oldBytes[5];
char newBytes[5];
bool isHooked;
bool bytesGenerated;
public:
HookHandler(void* ourFuncAddress,void* theirFuncAddress);
void hook();
void unhook();
~HookHandler();
};
HookHandler.cpp :
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include "HookHandler.h"
HookHandler::HookHandler(void* ourFuncAddress,void* theirFuncAddress){
ourFunc = ourFuncAddress;
theirFunc = theirFuncAddress;
memcpy((void*)oldBytes,ourFunc,5);
isHooked = false;
bytesGenerated = false;
}
void HookHandler::hook(){
if(isHooked == false)
{
unsigned int offset = 0;
offset = ((unsigned int)ourFunc - ((unsigned int)theirFunc+5));
memcpy(newBytes,&"\xe9",1);
memcpy((char*)((int)newBytes+1),&offset,4);
DWORD idk;
int error = VirtualProtect(theirFunc,5,PAGE_EXECUTE_READWRITE,&idk);
memcpy(oldBytes,theirFunc,5);
memcpy(theirFunc,newBytes,5);
isHooked = true;
}
}
void HookHandler::unhook(){
if(isHooked == true){
memcpy(theirFunc,oldBytes,5);
isHooked = false;
}
}
To use, add both files to your project/solution. Then include HookHandler.h. then for exmaple do
#include <theirInclude.h>
int MyFunc();
HookHandler MyHH(&MyFunc,&TheirFunc);
MyHH.hook();
int MyFunc()
{
MessageBox(MB_OK,"You have been hooked!","Hooked!");
MyHH.unhook();
int theirRet = TheirFunc();
MyHH.hook()
return theirRet;
}
External links
editI purged 90% of the links, as they were mostly about libraries and adverts. 194.54.31.24 (talk) 18:06, 12 July 2012 (UTC)
Internal IAT Hooking
editIn this function:
void DetourIATptr(const char* function, void* newfunction, HMODULE module){
void** funcptr = IATfind(function, module);
if (funcptr == newfunction)
return;
DWORD oldrights, newrights = PAGE_READWRITE;
VirtualProtect(funcptr, sizeof(LPVOID), newrights, &oldrights);
oldfunctionptr = *funcptr;
*funcptr = newfunction;
VirtualProtect(funcptr, sizeof(LPVOID), oldrights, &newrights);
}
the line:
if (funcptr == newfunction)
return;
must be
if (*funcptr == newfunction)
return;
External links modified
editHello fellow Wikipedians,
I have just modified one external link on Hooking. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
- Added archive https://web.archive.org/web/20090317112907/http://www.linuxmanpages.com/man2/ptrace.2.php to http://www.linuxmanpages.com/man2/ptrace.2.php
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
An editor has reviewed this edit and fixed any errors that were found.
- If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
- If you found an error with any archives or the URLs themselves, you can fix them with this tool.
Cheers.—InternetArchiveBot (Report bug) 21:06, 4 April 2017 (UTC)