search

TsudaKageyu / minhook

The Minimalistic x86/x64 API Hooking Library for Windows
http://www.codeproject.com/KB/winsdk/LibMinHook.aspx
Other
4.43k stars 898 forks source link

kernel driver version #37

Open chico-depressive opened 7 years ago

chico-depressive commented 7 years ago

you have any plans to make a version for windows kernel hooking x64 and x86?

Natrox commented 7 years ago

You should already be able to hook kernel functions, though you likely will have to use GetProcAddress to retrieve the kernel function's address. You will also need to match the function signature, some of this info is documented and some of it is not (officially - https://undocumented.ntinternals.net is a good resource).

Usually, hooking kernel functions is not recommended as their definition may change over time, so if you're going to do this in publicly used software, it may be a good idea to check the Windows version and use an applicable function of the hook. In practice though, there are a number of functions which are unlikely to change.

On Dec 15, 2016 09:48, chico-depressive notifications@github.com wrote:

you have any plans to make a version for windows kernel hooking x64 and x86?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/TsudaKageyu/minhook/issues/37, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AFFxIQgSZDJKqh894PrCAVkO86lQO3JXks5rIP77gaJpZM4LN2Xg.

chico-depressive commented 7 years ago

@Natrox thanks for your answer, how can I hook windows kernel functions if inside minhook source code there is no reference to kernel functions?

only usermode are used, ex: OpenThread, OpenProcess etc...

tandasat commented 7 years ago

@chico-depressive I am not a developer of this library and cannot answer to a question regarding the kernel support plan, but I am pretty sure this library cannot be used for kernel-mode (driver) code directly as you pointed out. Though, it would be possible to port this library to the kernel-mode in a relatively clean way since code is pretty small and architecture is simple.

chico-depressive commented 7 years ago

@tandasat thank you, do you know any good library for inline kernel hooking?

tandasat commented 7 years ago

EasyHook is an only one library I can think of, although I have not used it.

chico-depressive commented 7 years ago

@tandasat good lib, but has some problems, for global hooking: https://github.com/EasyHook/EasyHook/issues/161 https://github.com/EasyHook/EasyHook/issues/149 I was looking for something more minimalist, like minhook, @TsudaKageyu porting it to kernelmode would be really useful

stonedreamforest commented 7 years ago

@tandasat madCodeHook can be done ,But it is not free