2

I have a DLL that I am loading into a process. The purpose of the DLL is to hook some Windows APIs by placing a jmp on top of the function to my handler. I'm just wondering can I just patch the function like this: 

*pFunction = 0xE9 //jmp 
*(pFunction+1) = &HookHandler

Or should I kind of lock the memory region first, so that the process can't call the function while I am patching it?

Harry Johnston
  • 35,639
  • 6
  • 68
  • 158
user2276094
  • 399
  • 1
  • 4
  • 11
  • Locking the memory region will not prevent the process from calling it, it will just ensure that if the process will raise an exception if it does. – Harry Johnston May 14 '14 at 22:59
  • Which admittedly may be a wiser solution than corrupting your IP – Mark Nunberg May 15 '14 at 00:10
  • actually what i have worked out is: 1) suspend all threads 2) patch function 3) resume all threads and fixx EIP for those threads that point to the patched function – user2276094 May 15 '14 at 21:11

0 Answers0