Results 1 to 5 of 5

Thread: Hook call vs hook function

  1. #1
    ... connecting
    Join Date
    Sep 2019
    Posts
    3
    Thanks
    0
    Thanked 4 Times in 3 Posts

    Hook call vs hook function

    Hello,

    I was interested in how libcod does the hooking. Now I see that there are two functions that are very much alike: cracking_hook_function and cracking_hook_call. One is inserting a JMP instruction, the other is not.

    Now, my question is: How does the function without the JMP instruction work? My assumption is that hooking always needs a JMP instruction.

    Thanks in advance.

    Regards,
    Walrus

  2. The Following User Says Thank You to thawalrus For This Useful Post:

    kung foo man (1st October 2019)

  3. #2
    ... connecting
    Join Date
    Sep 2019
    Posts
    3
    Thanks
    0
    Thanked 4 Times in 3 Posts
    I've now just realized that perhaps the cracking_hook_call is not really 'hooking', but replacing the call itself. If that's the case, then this only makes sense if the function is called only from one place?

  4. The Following User Says Thank You to thawalrus For This Useful Post:

    kung foo man (1st October 2019)

  5. #3
    Assadministrator IzNoGoD's Avatar
    Join Date
    Aug 2012
    Posts
    1,718
    Thanks
    17
    Thanked 1,068 Times in 674 Posts
    iirc one of them is reversible while the other is not. I've used the hooked stuff from time to time to hijack a function without impairing its normal operation, but adding a single instruction (or function call) to it.
    "Does not work" is an error report for a bug between keyboard and chair.

    All hail Artie Effem

  6. The Following User Says Thank You to IzNoGoD For This Useful Post:

    kung foo man (1st October 2019)

  7. #4
    ... connecting
    Join Date
    Sep 2019
    Posts
    3
    Thanks
    0
    Thanked 4 Times in 3 Posts
    Yes, the call hook can easily be repaired by putting the original function address there again. For the other one you need to repair the function itself or creating a 'trampoline' to have the original function procedure executed.

  8. The Following 2 Users Say Thank You to thawalrus For This Useful Post:

    kung foo man (1st October 2019),Mitch (1st October 2019)

  9. #5
    Private First Class php's Avatar
    Join Date
    Nov 2012
    Posts
    142
    Thanks
    28
    Thanked 116 Times in 59 Posts
    You just answered your own question. ¯\_(ツ)_/¯

  10. The Following 2 Users Say Thank You to php For This Useful Post:

    kung foo man (1st October 2019),Mitch (1st October 2019)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •