search

Hpmason / retour-rs

A cross-platform detour library written in Rust
Other
99 stars 18 forks source link

kernel32 hook example without needing static_detour or nightly #16

Closed brandonros closed 1 year ago

brandonros commented 1 year ago

A little verbose, I couldn't figure out how to get it all as a macro... A little rushed as well, I'm sure it could be better. Up to you if you want to accept, just thought it'd be cool to demo not needing static_detour! + nightly.

Hpmason commented 1 year ago

I like the idea of having a non-nightly example with GenericDetour, but it looks like your example is using crates that aren't included in retour. For instance, your example is using minidl, once_cell, and log aren't included in this crate. I want to replace lazy_static with once_cell anyways so that one isn't a huge problem, but I'm not sure about using minidl or log. You're also using crate::libc, which isn't part of retour.

If you could update the example to work with retour, I can add your example to the repo. You can add once_cell and minidl to the dev-dependencies since they make the example clearer, but would you be able to replace uses of log with print statements?

brandonros commented 1 year ago

@Hpmason appreciate everything you've done for the community immensely by dedicating your time to maintain this and takeover detour. give me one minute on the Cargo.toml changes

brandonros commented 1 year ago

now it's in a weird state that it's designed to be the "injected DLL" part of a "hook process + inject DLL" steps. do you still want an fn main()? do we want an injector on the side? can we leave that up for the viewer to figure out and call it "out of scope" of this library/example?

Hpmason commented 1 year ago

Each example has kind of acted as an "injected DLL", so they don't need an fn main(). The injection process is a little out of scope for at least this example.

I'm not sure what the best way to show off the injection process is. It's so varied, with LD_PRELOAD on Linux, injecting using debuggers, and the various injector libraries out there. It would be beneficial to mention/link some of the methods in the README.md and docs, just to point viewers in the right direction. Though it should probably be in another PR.

All the code looks good! Just let me know if you need to make any more changes before I merge it.

brandonros commented 1 year ago

good enough for now please, thanks for your time on this.