Answer the question
In order to leave comments, you need to log in
Are there any approaches for global interception of functions (without DLL injection) from a specific DLL?
Good day!
Studying intercepting in Windows , I noticed that it all comes down to SetWindowsHookEx , the DLL injection technique (DLL-injection) and kernel-level drivers (but here, apparently, only WinAPI too ).
The question arose whether it is possible to intercept a function call from a specific DLL without using these techniques. Suppose there is no need to intercept from a specific process, but interception from all processes is necessary.
As I imagine, if this DLL is already loaded into virtual memory, therefore its functions have specific addresses that are substituted during the application launch process using LoadLibrary(of course, if the application depends on this library). Those. you need to intercept calls to these addresses and it doesn’t matter which process accesses the library. And in the case of redefining the behavior of functions GLOBALLY , just patching these addresses is enough.
If I'm wrong - correct me.
If there is knowledge on approaches or libraries - share.
Thank you!
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question