Hooking(Message Hooking / API Hooking)

• Hooking

- Reverse engineering core technology

- techniques that interchange or intercept function calls, messages, events, etc.

- Development of Hook code for bug fix or improvement (source code X)

- Development of Hook code to freely manipulate executable file and process memory

• Hooking Advantages

- execution of user's hook code before/after API call, Message forwarding (additional function)

- Possible to peek or manipulate the return value of API function / parameter passing through hooking function

- Cancels "Send Event", "Call API" or change the execution flow to user code

=> free calling depending on the situation

• Most Popular Hooking

- Message Hooking

- API Hooking

• Hooking points

- IAT (import addres table): A table of which functions in a library refer to which functions.

 => Changing the API address to a hooking function,

- Code: Directly access the API real address from the system library mapped to process memory, and modify the code directly

 - Export Address Table (EAT): A mechanism to use functions provided by library files in other programs: message / API hooking

#C #C++ #Linux #Embedded #Hooking Example #Hooking #Message Hooking