Jump to content

HookInstall function in source code


Recommended Posts

I have been studying around the MTA source code lately and i'm kinda confused about the HookInstall function.

What does the last parameter called iJmpCodeSize do? How do i know what to put in that argument?

Another question is, how to use the HookInstallMethod and HookInstallCall functions? They have same arguments but different implementation code so i dont know how to use them.

Thanks in advance!

Link to comment
What does the last parameter called iJmpCodeSize do?

iJmpCodeSize specifies the amount of bytes you want to replace to install the hook. This must be at least 5 bytes since a jmp instruction has a size of 5 bytes. In most cases it's the best to replace the instruction at the source address entirely. To find out how long this instruction is, you can use IDA Pro's Hex-View subwindow.

That means: Mark/select the instruction you want to replace and switch to the Hex-View tab where you can see the length in bytes (each block is one byte) of the instruction.

Another question is, how to use the HookInstallMethod and HookInstallCall functions? They have same arguments but different implementation code so i dont know how to use them.

HookInstallCall works in a similar way. Instead of creating a jmp instruction, HookInstallCall creates a call instruction so that the current eip will be pushed onto the stack.

On the contrary HookInstallMethod which is often used in the context of VTables only replaces the function address and leaves the rest well enough alone.

Link to comment
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...