Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/stackoverflowexcept1on/function-interceptor

hooking functions with funchook library
https://github.com/stackoverflowexcept1on/function-interceptor

cmake cpp20 hooking-template reverse-engineering

Last synced: 5 days ago
JSON representation

hooking functions with funchook library

Awesome Lists containing this project

README 

          
### function-interceptor



[![Build Status](https://github.com/StackOverflowExcept1on/function-interceptor/actions/workflows/ci.yml/badge.svg)](https://github.com/StackOverflowExcept1on/function-interceptor/actions/workflows/ci.yml)



This project demonstrates how to hook functions through the [funchook](https://github.com/StackOverflowExcept1on/funchook) library



### Requirements



- g++ / msvc compiler

- cmake

- python3

- frida: https://frida.re



### Preparing (Linux)



```bash

# install dependencies

pip install frida



# change the ptrace_scope for frida

sudo sysctl kernel.yama.ptrace_scope=0



# build c++ project

./build.sh

```



### Preparing (Windows)



```bat

REM install dependencies

pip install frida



REM build c++ project

build.bat

```



### Running (Linux)



```bash

# run program (it is assumed that in different terminals)

LD_LIBRARY_PATH=./build/bin ./build/bin/program



# attach `./build/bin/libhook.so` to `$(pidof program)`

./scripts/loader.py $(pidof program) ./build/bin/libhook.so

```



### Running (Windows)



```bat

REM run program (it is assumed that in different terminals)

.\build\bin\program.exe



REM find the PID

frida-ps



REM attach .\build\bin\hook.dll to PID

python .\scripts\loader.py PID .\build\bin\hook.dll

```



### Output



```

exampleFunction(a=1, b=2, c=3)

ret = 48



handle = 0x7f79317921e0

exampleFunction_original = 0x7f793178e120

[+] done



exampleFunction(a=1, b=2, c=3)

[+] org ret = 48

[+] exampleFunction_hook(a=1, b=2, c=3)

ret = 42

```