search

rdbo / libmem

Advanced Game Hacking Library for C, Modern C++, Rust and Python (Windows/Linux/FreeBSD) (Process/Memory Hacking) (Hooking/Detouring) (Cross Platform) (x86/x64/ARM/ARM64) (DLL/SO Injection) (Internal/External) (Assembler/Disassembler)
GNU Affero General Public License v3.0
788 stars 91 forks source link

Subroutine hooking #19

Closed alextwothousand closed 1 year ago

alextwothousand commented 3 years ago

How do you go about doing subroutine hooks, like how zeex/subhook does it?

I almost figured out how all of libmem's API works, which is awesome 😁

I wish to document it sometime in the future, to better hope those who may need it. libmem is definitely a fantastic replacement to doing this stuff other ways.

rdbo commented 3 years ago

This type of hooking is definitely something I have thought about The hard part about it is that you need to write a disassembler that will automatically figure out the 'size' parameter for the trampoline. I think I might actually try to write some sort of length disassembler for v4, but can't promise anything for now, as I still have to finish porting V3 and fixing stuff, such as LM_SystemCallEx. I'll leave this issue opened so I don't forget about it. And yes, documentation would be really great, especially since V3 documentation is really bad and I haven't even started V4's. Thanks for contributing!

alextwothousand commented 3 years ago

No problem bud, I'd be more than glad to help.

Here's the subhooking repo I mentioned to ya. https://github.com/Zeex/subhook

Is there any chance we could discuss things on an alternative platform - potentially telegram? Wanted to speak about what could be done in terms of documentation.

rdbo commented 3 years ago

You can hit me up on discord or twitter if you want rdbo#2804 https://twitter.com/rdbodev

alextwothousand commented 3 years ago

Your discord tag doesn’t appear to be working. Would be great if you could correct it maybe? Thanks

Sent from my iPhone

On 23 Jul 2021, at 21:38, Rdbo @.***> wrote:

 You can hit me up on discord or twitter if you want rdbo#2804 https://twitter.com/rdbodev

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.

rdbo commented 3 years ago

Oopsie, uppercase R Rdbo#2804

rdbo commented 1 year ago

Since I added the capstone and keystone libraries, this has become possible. https://github.com/rdbo/libmem/blob/52c2a66f6b2aa8caaf3136ff12f88de948f077c9/tests/test1.c#L168-L187 In the code above, the minimum size for the hook is automatically detected using the LM_CodeLength function, although that is not what the final API is going to look like probably. There is a lot of work to do, including making this feature more usable: Issue: https://github.com/rdbo/libmem/issues/26

rdbo commented 1 year ago

This future API will do it: https://github.com/rdbo/libmem/issues/47