3

I've been learning about hooking functions of processes which has been fun and I have managed to hook a process by doing the following:

  1. Create jump to my own code in the function I've hooked
  2. Jump to my own code
  3. Jump back to the instruction after my jump in the hooked function

However, I've come across the trampoline hook and I understand what it's doing but I don't quite understand the benefit of using it over the basic hook I have mentioned above. I don't suppose someone could let me know the benefits of using a trampoline hook over the basic hook or point me in the right direction?

Any help is greatly appreciated

Kryton
  • 95
  • 1
  • 5
  • what you called *basic* hook can not work in general case. when you set jump - you overwrite initial function instructions. but it must be executed. and return you need not to *instruction after my jump in the hooked function* but to original first instruction of function. without trampoline can work only in api begin with 2 bytes "nop" instruction ( like *mov edi,edi* and 5 bytes of *nop* or *int 3* before function body. and this is only in x86) – RbMm Dec 11 '22 at 12:25

0 Answers0