View previous topic :: View next topic |
Author |
Message |
Redouane Master Cheater Reputation: 3
Joined: 05 Sep 2013 Posts: 363 Location: Algeria
|
Posted: Sat May 06, 2017 2:51 pm Post subject: Patching file with API Hook |
|
|
Hello,
I want to remplace all the calls to a windows API function (getSystemTimePreciseAsFileTime) with calls (or jmps) to a code cave in the main module, is it possible to do it without patching each call separately? maybe by updating something in the executable header (I've read about the import table, but I am not sure on how it gets loaded in memory and updated when the program gets executed).
Thanks
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Sun May 07, 2017 12:11 pm Post subject: |
|
|
Any reason why you want to replace every single API rather than a select few? Typically you are not going to need to hook that many API for any reason.
If you are looking to determine some information or similar, there are programs already made that will hook every API and print out their usage information. Such as:
http://www.rohitab.com/apimonitor
Keep in mind this is not marked to support Win10.
_________________
- Retired. |
|
Back to top |
|
|
Redouane Master Cheater Reputation: 3
Joined: 05 Sep 2013 Posts: 363 Location: Algeria
|
Posted: Sun May 07, 2017 2:26 pm Post subject: |
|
|
atom0s wrote: | Any reason why you want to replace every single API rather than a select few? Typically you are not going to need to hook that many API for any reason.
If you are looking to determine some information or similar, there are programs already made that will hook every API and print out their usage information. Such as:
http://www.rohitab.com/apimonitor
Keep in mind this is not marked to support Win10. |
I want to hook only one API function : GetSystemTimePreciseAsFileTime (remplace all the calls to that function with calls to an executable code cave in the main module), but I am wondering if it's possible to save the modifications to the executable without patching every call to that function (some calls are of the form : call register (like call esi)).
Thanks.
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Mon May 08, 2017 1:08 pm Post subject: |
|
|
You are over-thinking the need of what you are trying to do but I also understand you want to save the modifications. I'd suggest you write a loader for this though cause it will be able to hook the single API once for all instances of its usage rather than trying to patch every single time it's called.
It's much easier to just hook the API call and do what you need once than try and edit the exe to alter every call to this if there are a lot of them.
_________________
- Retired. |
|
Back to top |
|
|
|