The world desperately needed another hooking library, so here it is. YAHL is more robust than most other hooking libraries. Supporting inline code cave hooking instead of IAT hooking.
- Only supports x86 binary hooking currently
- Not calling the original function at all
- Calling the original function with a different argument
- Different calling conventions of original functions (stdcall, cdecl, fastcall, and thiscall supported)
A full working example is provided in the ./YAHL/src/hook_example.cpp file which compiles to a injectable DLL. (See below for how to compile and run the example.)
The gist of how to use YAHL is the following:
- Create a
YAHL::Detourobject and pass the address of the function you want to hook, detour function, and how many bytes to overwrite. - Create a function which mirrors the signature of the original function to hook, but has an additional parameter at the beginning of type
YAHL::Detour &detour. (e.g. If your original function signature isbool __cdecl MyFunction(int a, int b), then your detour function signature should bebool __cdecl MyFunctionDetour(YAHL::Detour &detour, int a, int b)). - Call
YAHL::Detour::Enable()to hook the function. - If the program terminates, it's likely you have have an issue with how many bytes you are overwriting (You must have at least 5 bytes to assemble a long
jmpbut it can be more), or you have the incorrect signature/calling convention for the detour/original function.
- Compile the
HookMeandYAHLprojects. - Run the
Releaseversion ofHookMe.exe, observe the output. - Run
Inject32.batin the./examplesdirectory, this will inject the YAHL example dll into the HookMe process. - Observe the changed output of
HookMe.exe.