Skip to content

Instantly share code, notes, and snippets.

@stevemk14ebr

stevemk14ebr/multi_hook_pseudo.cpp

Last active April 22, 2025 22:30
Show Gist options
  • Save stevemk14ebr/9183a0a91bfeba7bf3b1070e8162f2ef to your computer and use it in GitHub Desktop.
Save stevemk14ebr/9183a0a91bfeba7bf3b1070e8162f2ef to your computer and use it in GitHub Desktop.
Download ZIP
Raw
multi_hook_pseudo.cpp
// chain of user callbacks
std::vector<uint64_t> userCallbacks = { 0xdeadbeef, .... };
uint64_t oCreateMutexExA = 0;
HOOK_CALLBACK(&CreateMutexExA, hCreateMutexExA, { // NOLINT(cert-err58-cpp)
auto ret = PLH::FnCast(oCreateMutexExA, &CreateMutexExA)(_args...);
//alternatively re-order: auto ret = PLH::callback_return_type_t<decltype(&CreateMutexExA)> = {};
for(auto&& user_hk: userCallbacks) {
ret = PLH::FnCast(user_hk, &CreateMutexExA)(_args...)
}
printf("kernel32!CreateMutexExA Name:%s\n", GET_ARG(1));
return ret;
});
// -------------------------
// chain of user actual assembly callbacks
std::vector<uint64_t> userCallbacks = { 0xdeadbeef, .... };
uint64_t oCreateMutexExA = 0;
HOOK_CALLBACK(&CreateMutexExA, hCreateMutexExA, {
printf("kernel32!CreateMutexExA Name:%s\n", lpName);
return PLH::FnCast(oCreateMutexExA, &CreateMutexExA)(_args...);
});
// hook top level yourself
PLH::x64Detour detour((uint64_t) &CreateMutexExA, (uint64_t) hCreateMutexExA, &oCreateMutexExA);
detour.hook()
// chain user callbacks
std::vector<PLH::Detour*> detours = {};
std::vector<uint64_t> trampolines = std::vector<uint64_t>(userCallbacks.size());
uint64_t nextCallback = &hCreateMutexExA;
for(int i = 0; i < userCallbacks.size(); i++) {
PLH::x64Detour* detour = new PLH::x64Detour((uint64_t)&nextCallback, (uint64_t)userCallbacks[i], &trampolines[i]);
detour->hook();
detours.push_back(detour);
nextCallback = userCallbacks[i];
}
// give users their hook index to get trampolines[i] to call.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment