search

HoShiMin / HookLib

The functions interception library written on pure C and NativeAPI with UserMode and KernelMode support
MIT License
727 stars 152 forks source link

is my test doing good? xD i dont know what im looking at #18

Closed gurachan closed 2 years ago

gurachan commented 2 years ago

32 bit 

C:\Users\Administrator>"D:\github\HookLib-master\Release\HookLibTests.exe"
`anonymous-namespace'::testHookOnce:
Hook: 0 0 0.123000
[X] orig0 != nullptr

64 


`anonymous-namespace'::testHookOnce:
Hook: 0 0 0.123000
Hook: 0 0 0.000000
Hook: 0 0 0.000000
Hook: 0 0 0.000000

`anonymous-namespace'::testSerialHooks:
Hook: 1 1 0.100000
Orig: 1 1 0.100000
Hook: 2 2 0.200000
Orig: 2 2 0.200000
Orig: 2 2 0.200000
Orig: 1 1 0.100000

`anonymous-namespace'::testSerialHooksMultiunhook:
Hook: 1 1 0.100000
Orig: 1 1 0.100000
Hook: 2 2 0.200000
Orig: 2 2 0.200000
Orig: 1 1 0.100000
Orig: 2 2 0.200000

`anonymous-namespace'::testMultihook:
Hook: 1 1 0.100000
Orig: 1 1 0.100000
Hook: 2 2 0.200000
Orig: 2 2 0.200000
Orig: 1 1 0.100000
Orig: 2 2 0.200000

`anonymous-namespace'::testContextsFixup:
[X] ctx.Rip == reinterpret_cast<size_t>(orig)

also i use the new zydis

and only change this part

    ZydisDecoder decoder;
    if (arch == x64)
    {
        ZydisDecoderInit(&decoder, ZYDIS_MACHINE_MODE_LONG_64, ZYDIS_ADDRESS_SIZE_HINT_64);
    }
    else
    {
        ZydisDecoderInit(&decoder, ZYDIS_MACHINE_MODE_LEGACY_32, ZYDIS_ADDRESS_SIZE_HINT_32);
    }
address width is not exist anymore
HoShiMin commented 2 years ago

What version do you use? I have updated Zydis to the latest release (3.2.1) and it works without changes in code

gurachan commented 2 years ago

What version do you use? I have updated Zydis to the latest release (3.2.1) and it works without changes in code

i use the master branch xD

also how do i use it without the xD ntoskernel is not running popping up xD

void *rverify = hook(address, Verify);

i did it like that.. but ntoskernel.exe is not found or running is popping up from nowhere. i don't know if I'm doing it right XD i dont plan to hook at driver just normal hook

HoShiMin commented 2 years ago

The master branch maybe unstable and even may be not buildable at all.

And what about ntoskrnl? You want to hook kernel functions from the usermode app, right?

gurachan commented 2 years ago

The master branch maybe unstable and even may be not buildable at all.

And what about ntoskrnl? You want to hook kernel functions from the usermode app, right?

nope, I just want to use it as a regular hook. is this for driver only ? cant use as normal hook? inside dll. sorry i dont know what im looking at really i just finding a tramp hook base on zydis ..

HoShiMin commented 2 years ago

Obviously, it's possible and there are samples in the test app. But if you have problems with it, show me your code. And use Zydis linked with repo: clone in recursively (git clone --recursive https://github.com/HoShiMin/HookLib) and it will download HookLib with Zydis and Zycore of the required versions.

gurachan commented 2 years ago

I end up making my own xD but thanks anyway.