Comments (5)
sylveon
commented on June 7, 2024
You need to use something else to find the address, for example the DIA API with PDB symbols, or hardcoding a raw offset, etc.
Then once you have a function pointer, you should be able to use Detours as usual.
from detours.
djn3m0
commented on June 7, 2024
I'm not familiar with DIA Api and googling brings up some unrelated stuff, can you please provide link or some documentation?
thanks
from detours.
ptrstr
commented on June 7, 2024
You can also use a tool like Ghidra or IDA to find the address of the function you want to hook.
You can then:
- Subtract that address with the load address Ghidra/IDA sets (this gives you the offset)
- Find the base address of the loaded executable (You can use
GetModuleHandleA) - Add that offset to the base address of the loaded executable. You now have the address of the function to hook.
from detours.
sylveon
commented on June 7, 2024
Yes, that would be hardcoding a raw offset
from detours.
djn3m0
commented on June 7, 2024
Thanks it was very helpful
from detours.
Related Issues (20)
- Detours throws
- Unexpected Behavior: DLL loading error when recursively calling a mix of 32-bit and 64-bit subprocesses
- Using Detours if either the .exe or the .dll is within a directory with unicode characters? HOT 12
- Hook on return
- This repo is missing important files HOT 6
- NMAKE failing at the end. HOT 4
- NMAKE failed HOT 1
- Windows 11 ARM64 Processor x86, x64 COM API Hook Crash.
- `detour_skip_jmp` for x64 doesn't support `rex.w` prefix
- Wiki is missing sample tracessl
- `detour_skip_jmp` for arm64 doesn't support unconditional branch HOT 1
- `detour_sign_extend` is implemented incorrectly
- Noting the Optimizations greatly influence the result
- return value of 'main()'
- Calling DetourCreateProcessWithDllsW crashes .NET applications compiled for Any-CPU
- Hooking inline function
- Incorrect Behaviour: Arm64 CopyLdrLiteral for non-SIMD inlines Pointer Read
- Incorrect Behaviour: Arm64 CopyLdrLiteral rewrites Prefetch as Memory Read, which can Trash a Potentially Used Register
- <BUG>crash on jmp addr? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from detours.