Questions tagged [hooking]
The hooking tag has no summary.
22 questions
1
vote
2
answers
170
views
How does Rohitab ApiMonitor capture API calls?
When I use EasyHook to hook API calls, the first bytes of the hooked API function are replaced with a so called "trampoline" which is a jump into EasyHook code.
For example this is TextOutW ...
- 461
0
votes
1
answer
180
views
Hooking a function
So, I'm attempting to create a mod for an older game, Fable: The Lost Chapters. I was able to find the MacOS release of the game, which contains symbols, and I was also able to find a leaked debug ...
- 1
1
vote
1
answer
120
views
Unable to run system Save As dialogue while debugging Notepad with IDA
I am trying to hook a function to Notepad.exe, so that it will encrypt a file when saving.
I have dis-assembled it with IDA. I want to place breakpoints on the saving subroutine which I have ...
- 11
3
votes
0
answers
221
views
Solved: Unable to hook Apple binary on iOS 14.x with Frida
I'm attempting to analyze a binary from iOS 14.8 (searchpartyd). I'm using Frida to try to hook it like I normally would with other binaries. However, I'm getting an error message that I'm unable to ...
- 31
1
vote
0
answers
183
views
problem with hooking __usercall function and asm code
I need a hook function with the __usercall convention.
I already hooked functions that were defined as __usercall and __userpurge, but this time it's __usercall with arguments that are also passed ...
- 11
1
vote
1
answer
662
views
Create instance of iOS class that contains a . with frida
I am trying to create an instance of a class of an iOS app using Frida.
In the past I have successfully done this using a command such as:
var instance = ObjC.chooseSync(ObjC.classes.TestClass)[0];
...
- 187
1
vote
0
answers
122
views
Instruction-level hooking library for win32?
I am looking for instruction-level hooking library for win32 x86/x64.
I want to write hook insertion and hook implementation code in C/C++ (compiled into dll).
(Therefore instrumentation tools are ...
- 111
1
vote
0
answers
208
views
Easy way to attach a DLL to a Game
I like to attach a dll to a game to add more features.
The DLL is 95% done, the problem is find the best and easy way to load this dll from the Game.
My idea is use this technique:
dinput_ori.dll (...
- 289
0
votes
0
answers
246
views
Crash after hook a function
I have hooked a sound function that work within the game menu after, when the battle start, the game will crash.
The function at the first parameter get correctly the sound file name, before the ...
- 289
1
vote
1
answer
554
views
frida - The specified child already has a parent. You must call removeView() on the child's parent first when hooking, how do you solve it?
I wanted to hook the method A1f in the below code but frida returns the following exceptions:
Found instance: MyHomeFragment{9bbd8d5} (0965bca9-4838-4ca1-a835-d99639ae15f1)}
java.lang....
- 309
1
vote
0
answers
158
views
what are modern hooking techniques? [closed]
i was looking at interesting anti malware roles (malware analysis and prevention) and among the required skills they mentioned that "modern hooking techniques" should be well acquainted with. i was ...
- 86
2
votes
1
answer
468
views
Hiding a file in a Windows operating system
I am trying to understand how to hide a file in windows as a way to learn about win api and malware analysis.
What I am trying to do is to make a file "disappear" via some kind of manipulation. But I ...
- 21
1
vote
0
answers
307
views
How to hook eval function in node.js
As the eval() function of JavaScript is an evil, I want to hook or monkey-patch eval() function of JavaScript in node.js. I want to intercept all arguments passed in eval() function. Please guide me ...
- 111
4
votes
1
answer
2k
views
Hooking function with frida
How can i hook functions with frida?
Can someone give me an example please, for something that do that?
Hook at 0x412312 and change the assembly code to "mov eax, 999"
I Arleady tried something like:...
- 69
0
votes
1
answer
806
views
Intercept zip decryption key or files from an application
If an application is reading from a password protected zip file, is there a way to intercept the key being sent to decrypt the zip file. Or, is there a way to dump the files being read themselves?
- 13