-
-
Notifications
You must be signed in to change notification settings - Fork 173
Home
Welcome to the PolyHook Wiki This page contains the How-To portion of the project
-
PolyHook relies on a modified branch of Capstone. To use PolyHook you must download this modified branch, which can be found Here
-
Follow the build instruction for capstone to generate the .lib files
-
Place the entire capstone folder after building into the PolyHook folder, folder structure
--PolyHook -Capstone -PolyHook -PolyHook.sln -README.md
-
Set your project's library directory to the correct version for capstone, follow step 3 but click library directories instead.
-
Now that capstone in included into your project simply copy PolyHook.h into your project!
-
x86 Detour
-
E9 Relative Jump
-
Performs code relocation
-
Uses a Capstone as length disassembler to avoid corrupting instructions
-
-
x64 Detour
-
FF,25 Relative Absolute Jump, reads 64bit address from address pointed to jmp [RIP+Disp]
-
Performs code relocation, including RIP relative code
-
Uses Capstone as length disassembler to avoid corrupting instructions
-
Allocates trampoline within 2GB of source to support 32bit relative instructions
-
-
Virtual Function Detour
- Performs either x86 or x64 detour on the function pointed at by the vtable
-
Virtual Function Pointer Swap
- Replaces the function pointed to by the vtable with a pointer to the hook
-
Virtual Table Pointer Swap
- Allocates a new virtual table, copies all the virtual function pointers into the new vtable, changes the virtual function pointer for the source to the hook function, then swaps the old vtable pointer to the newly allocated one
-
IAT Hook
- Walks the import address table, finds the source function, swaps the pointer to the source with a pointer to the hook