how can i hook unexported functions?
codingsf opened this issue · 4 comments
cydiasbustrate can hook function by address, mshookfunction(modulebase + offset, proxy_func, stub_func). plz tell me how can i hook a function by address?
There's an example in my hook library template. Please read it and let me know if you have any further questions.
I still don't known how i can hook a sub function. in Hooked_sub_123abc, there are two question.
- is 123abc a relative address in the main module,so i should minus the module base address?
- if i want to hook a number-address function in none main module, how can i appoint the module name?
tks, your hookcase is a usefull project. I read your cases many times,still confused.
after tries of many times, i've got what i want. thanks again!
- yes
- patch_function can help specify the module name!
I don't think there's anything I can say here that will make things clearer than than what I've already said in my documentation.
To use HookCase, you need to be familiar with disassemblers and assembly code. In my favorite disassembler, Hopper Disassembler, internal functions that aren't in a module's symbol table are given names composed of the prefix "sub_" and the function's address (in hexadecimal format) in the module's file on disk -- for example sub_123abc(). As the example shows, you can use this "name" to hook the function by its address. HookCase figures out where the function is in actual random access memory, into which the module has been loaded.
Oops, I see that you've already figured things out. I'll close this bug.