Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sgraf812/bananahook

Simple .Net hooking library
https://github.com/sgraf812/bananahook

Last synced: 3 months ago
JSON representation

Simple .Net hooking library

Host: GitHub
URL: https://github.com/sgraf812/bananahook
Owner: sgraf812
Created: 2012-02-03T19:16:02.000Z (almost 13 years ago)
Default Branch: master
Last Pushed: 2017-01-19T08:50:30.000Z (almost 8 years ago)
Last Synced: 2023-03-18T05:01:11.405Z (almost 2 years ago)
Language: C#
Homepage:
Size: 4.62 MB
Stars: 32
Watchers: 5
Forks: 4
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # Hook native APIs in a managed flavour #

**BananaHook** provides an easy, signature agnostic detour handling mechanism. It originated in my hobby WoW bot.

## Supported Architectures ##

Currently it is only possible to hook in x86 processes, yet a simple X64Assembler combined with some restructuring should suffice to support x64. 

## Quick Example ##

```cs

[UnmanagedFunctionPointer(CallingConvention.StdCall)]

public delegate int EndSceneDelegate(IntPtr devicePointer);

...

EndSceneDelegate d = (EndSceneDelegate)Marshal.GetDelegateForFunctionPointer(new IntPtr(0x1234), typeof(EndSceneDelegate));

var notifier = new ReflectionDetourNotifier((t, h) => new RetnHook(new InProcessMemory(), t, h), d);

notifier.DetourCalled += (s, e) => { foreach (var p in e.Parameters) Console.WriteLine(p.ToString()); };

notifier.Hook.Apply();

```

Looks noisy, but definitely is extensible (added Int3Hook without much problems for example) and very clean.

----------

## Naming ##

A short legend for those concepts (or at least how I use them):

*Hooking* is the interception of control flow with a given function with the same signature. It does not necessarily call or simulate the behavior of the original.

A *detour* is a special hook that returns control flow to the original function after doing its work (a redirection).

A *detour notifier* is just a little extension to the detour concept, which defines 'doing its work' as firing up an event. 

## Why should I bother downloading this? ##

Through the use of this event model, one can intercept multiple functions, which may even differ in signature, with one generic event handler.

E.g.: Decide to detour EndScene or Present based on the used DirectX version (9 or 11 respectively) and intercept with the same signature agnostic handler. Pretty slick ;)

## Somewhat more elaborate example

Providing a factory with parameters to a constructor that actually instantiates its dependency with that factory is clumsy and headspinning.

Too be fair, it's supposed to be used with an IoC container such as Autofac:

```cs

// Inside the IoC containers initialization module:

builder.RegisterType();

builder.RegisterType().As();

builder.Register(DetourNotifierFactory);

builder.RegisterType(); // see below

...

private static IDetourNotifier DetourNotifierFactory(IComponentContext container, IEnumerable parameters)

{

    return new ReflectionDetourNotifier(container.Resolve(),

       parameters.TypedAs());

}

...

// Inside your actual code:

class WhatEver

{

    private readonly EndSceneDelegate _endScene = ...; // probably inject through a ctor parameter too

    private readonly IDetourNotifier _notifier;

    public WhatEver(Func notifierFactory)

    {

        _notifier = notifierFactory(_endScene);

        _notifier.DetourCalled += (s, e) => { foreach (var p in e.Parameters) Console.WriteLine(p.ToString()); }; // or sth

        _notifier.Hook.Apply();

    }

}

...

var we = container.Resolve(); 

```

Note how decoupled and testable `WhatEver` is now. No noise regarding signatures etc. 

You can even switch to another delegate signature without changing any code (if your event handler doesn't rely on certain parameters of course).