The Prayfor.EE Space.: Reverse engineering

Hooking Example (case 2. class method hooking)

This is an example of hooking a class function.

This article doesn't have many examples of hooking c ++ classes.

The following code:

Class TestClass {

Public:

…

int myPrintf(const std::string & id, const int & value);

…

}

Hook code:

int TestClass::myPrintf(const std::string & id, const int & value) {

typedef int (TestClass::*HookFunction)(const std::string & id, const int & value);

static HookFunction orgMethod = 0;

if (orgMethod == 0) {

void *tmpPtr = dlsym(RTLD_NEXT, "Mangling Name");

memcpy(&orgMethod, &tmpPtr, sizeof(void *));

}

int orgRetValue;

orgRetValue = (this->*orgMethod)(id, value);

return orgRetValue;

#C #C++ #Linux #Embedded #Hooking Example #Hooking #Class Hooking

Hooking Example (case 1. getchar() / rand())

Hooking Example:

1. Getchar() / rand

only C , and this code is meaningless code. Only test!

Target code.

- target.c

: gcc –o target target.c

Hook code.

- hook.c

: gcc -shared -fPIC -o hook.so main.c –ldl

Exec:

Normal:

$ ./target

Hook:

$LD_PRELOAD="/home/xxxx/hook_test/hook/hook.so" ./target

*the blue box : privacy.

#C #C++ #Linux #Embedded #Hooking Example #Hooking

API Hooking

• API Hooking

- A technique to intercept API calls to get control

- The most widely used technique with Message hooking

API ?

- An interface to control the functions provided by the operating system or programming language.

- On Windows, use the Win32 API

*As an example of a process, all processes load kernel32.dll and access the system through ntdll.dll.

*Win32 API: Windows OS can't directly use system resources(memory, file, network, video, sound, etc.) by user applications. It is directly managed by the OS.(due to stability, security, efficiency, and so on.)

=> Using the Win32 API (the meaningful program can't be created without API function.)

#C #C++ #Linux #Embedded #Hooking Example #Hooking #API #API Hooking

Message Hooking

• Message Hooking

- Intercepting messages, between User <-> OS <-> Applications

- Typical Program SPY ++

* Window based Graphic User Interface : event driven operation

* message : Use the keyboard / mouse to select a menu, select a button, move the mouse, resize the window, move the window, etc…

#C #C++ #Linux #Embedded #Hooking Example #Hooking #Message Hooking

Hooking(Message Hooking / API Hooking)

• Hooking

- Reverse engineering core technology

- techniques that interchange or intercept function calls, messages, events, etc.

- Development of Hook code for bug fix or improvement (source code X)

- Development of Hook code to freely manipulate executable file and process memory

• Hooking Advantages

- execution of user's hook code before/after API call, Message forwarding (additional function)

- Possible to peek or manipulate the return value of API function / parameter passing through hooking function

- Cancels "Send Event", "Call API" or change the execution flow to user code

=> free calling depending on the situation

• Most Popular Hooking

- Message Hooking

- API Hooking

• Hooking points

- IAT (import addres table): A table of which functions in a library refer to which functions.

=> Changing the API address to a hooking function,

- Code: Directly access the API real address from the system library mapped to process memory, and modify the code directly

- Export Address Table (EAT): A mechanism to use functions provided by library files in other programs: message / API hooking

#C #C++ #Linux #Embedded #Hooking Example #Hooking #Message Hooking

Reverse engineering : Hooking(Message Hooking, API Hooking)

• Reverse engineering

- Opposition to "Forward Engineering"

- Techniques to Backtrack about the deployed system
- part of the software maintenance process

• purpose

- to understand the structure and operation principle of the program(using the disassembler / debugger )

- to fix bugs or improve functionality

- freely manipulating executable files and process memory

• uses

- Debugging and patching (Hotfix)

- Modify an application without code

- hacking

#C #C++ #Linux #Embedded #Hooking Example #Hooking #Message Hooking #Reverse engineering

The Prayfor.EE Space.