nanohook
If you need to make an existing function behave differently, but all you have is a compiled binary, API hooking may be what you need.
By creating a function with the same signature, you can install it as a replacement!
nanohook performs a similar job to Microsoft Detours and EasyHook but has a less restrictive license.
Recent activity
Code
Clone the repository using mercurial:
> hg clone http://bitbucket.org/edd/nanohook
Or get a zip file of the code.
Quick start
Let's replace Windows' ExitProcess function as an example.
// basic.cpp
#include <nanohook/nanohook.hpp>
#include <windows.h>
#include <cstdio>
nanohook::hook ExitProcess_hook;
VOID WINAPI ExitProcess_replacement(UINT code)
{
std::puts("BYE!!");
// Now we call the original ExitProcess function to actually exit.
VOID (WINAPI *old)(UINT) = ExitProcess_hook.original();
old(code);
}
int main()
{
// Install the hook
nanohook::hook h(ExitProcess, ExitProcess_replacement);
ExitProcess_hook.swap(h);
// Call ExitProcess, which will now invoke our hook, ExitProcess_replacement
// rather than the original ExitProcess.
ExitProcess(666);
return 0;
}
P:\software\nanohook> basic.exe BYE!!
nanohook supports Win32 and Win64.
Further reading
Comments
All original content copyright© Edd Dawson.
Any opinions expressed by Edd are his own and are not necessarily shared by his employer. Or by anyone else, in fact.
All source code appearing on this website that was written by Edd Dawson is made available under the terms of the Boost software license version 1.0 unless otherwise stated or implied by the license associated with the work from which the code is derived.