News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

Windows Hooks, x86 and x64

Started by Zen, July 11, 2012, 05:58:50 AM

Previous topic - Next topic

Zen

I've always been mystified by Windows Hooks,...I can understand why programmers would legitimately want to implement them (...and, of course, why evil hackers would want API hooks). But, I've never been sure about the system security of the implementation.
And, I've never used the Microsoft Detours Library.
How did I get started on this insanity ???
I read this blog entry from Raymond Chen: Why Hasn't the API Hook Mechanism for x64 Been Standardized Like It Was for x86?

qWord

Quote from: Zen on July 11, 2012, 05:58:50 AMHow did I get started on this insanity ???
When you need it  :t
MREAL macros - when you need floating point arithmetic while assembling!

hutch--

Hooks in win32 were a variation on Windows callbacks and while it was reasonable OS design at the time, the idiot fringe abused them and they became security problems. Its unfortunate as there were enough situations where they were actually useful and often gave you access into such mundane things like system dialog boxes and a whole range of system functions but the price of excluding the idiot fringe is as usual a loss of access to useful things.

You may wonder why I treat the virus/trojan idiot fringe with some hostility, usually something like converting them into erotic replacements for the satisfaction of old jailbirds.

Zen

Quote from: HUTCH...the idiot fringe abused them and they became security problems,...
...Yeah,...I know. It's unfortunate.
What I thought was interesting about the blog entry were the comments,...many of which described assembly language techniques.

Quote from: Raymond Chen...And I'm not even sure detours is a de facto standard, seeing as how there are so many viable competing hooking mechanisms,...

,,,And, the thing that I always thought was half-assed,...how do you control (or eliminate) the hooking chain ???

Also,...found this interesting article on CodeProject: Powerful x86/x64 Mini Hook-Engine, 2008,...which explains in clear language, how hooks are implemented.