- when hook an api,how can I distinguish the calling module?
- Posted by Ivanka on April 11th, 2008
I am using Detours library to hook api for a testing software.
but there will be more than one DLL in a process,and a same api is
called in many different DLL,how can I distinguish them and react
differently?
some people told me to get the return address of stack,but I am
umfarmiliar with ASM codes....is there an alternative option?
- Posted by doskey on April 11th, 2008
On 4ÔÂ11ÈÕ, ÏÂÎç12ʱ36·Ö, Ivanka <sarah.h...@gmail.com> wrote:
If you hook api function have a BP based frame. Then you can use this
code:
DWORD nRetnAddress;
__asm
{
mov nRetnAddress, dword ptr [ebp+4]
}
- Posted by Ivanka on April 16th, 2008
thank you ,Doskey,
but could you please give me a little explaination? or some key words
for reference subjects I should read? I am totally new about that
ASM...
On 4ÔÂ11ÈÕ, ÏÂÎç5ʱ40·Ö, doskey <doskey....@gmail.com> wrote:
