Hooking

From Wikipedia, the free encyclopedia

Jump to: navigation, search
For the slang term meaning female prostitution, see prostitution. For the ice hockey penalty, see hooking (ice hockey).

Hooking in programming is a technique employing so-called hooks to make a chain of procedures as an event handler. Thus, after the handled event occurs, control flow follows the chain in specific order. The new hook registers its own address as handler for the event and is expected to call the original handler at some point, usually at the end. Each hook is required to pass execution to the previous handler, eventually arriving to the default one, otherwise the chain is broken. Unregistering the hook means setting the original procedure as the event handler.

Hooking can be used for many purposes, including debugging and extending original functionality. It can also be misused to inject (potentially malicious) code to the event handler - for example, rootkits try to make themselves invisible by faking the output of API calls that would otherwise reveal their existence.

A special form of hooking employs intercepting the library functions calls made by a process. Function hooking is implemented by changing the very first few code instructions of the target function to jump to an injected code. Alternatively on systems using the shared library concept , the interrupt vector table or the import descriptor table can be modified in memory

Contents

1 Examples 2 Libraries 3 Hook API 4 See also

[edit] Examples

Hooking is an extremely complex process on most systems, and the programs trying to hook usually have to be run with administrator privileges. There are very few practical applications using hooks whose source is open: However there is one library once provided by Microsoft in a sample, which can be used to hook function calls into Dynamic-link library files: The original sample is hard to acquire, but key files are still available on some SVN repositories, for example on Sourceforge: Link on the SVN repository by SF.net The sample is commented and should explain itself. Another example can be found in the source code of the Psotnic IRC bot.

[edit] Libraries

Detours is a general purpose function hooking library created by Microsoft Research which works in C / C++. Deviare API Hook Library is implemented as a group of COM objects and can be used in VB, .NET, Delphi, C / C++ and Python.

[edit] Hook API

APISpy32 is an application used to hook win32 API. Spy Studio API Spy lets you hook windows API and watch and modify the parameters of the calls.

[edit] See also

Delegation (programming) Rootkit Callback (computer science)
Comp Sci logo This computer programming-related article is a stub. You can help Wikipedia by expanding it.
Retrieved from "http://en.wikipedia.org/wiki/Hooking"

You are viewing a mobilized version of this site...
View original page here

Mobilized by Mowser Mowser