Skip to content
Funchook - an API Hook Library
Branch: master
Clone or download
kubo Don't run test_hook_open_and_fopen() under Wine.
The test fails because of memory allocation failure near target functions.
Latest commit 0a1629a Jan 22, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
distorm @ ded330b
include Rename the project name from duckhook to funchook. Jan 1, 2017
src Fix memory allocation failure when `open` is hooked on macOS. Jan 20, 2019
test Don't run test_hook_open_and_fopen() under Wine. Jan 22, 2019
win32 Rename the project name from duckhook to funchook. Jan 1, 2017
.gitignore Add VC2015 project files and fix to run tests on Windows. Aug 11, 2016
.gitmodules
.travis.yml
LICENSE Rename the project name from duckhook to funchook. Jan 1, 2017
Makefile.in Check out submodule distorm if it isn't checked out at compilation time. Jan 1, 2017
README.md Don't run test_hook_open_and_fopen() under Wine. Jan 22, 2019
appveyor.yml Rename the project name from duckhook to funchook. Jan 1, 2017
autogen.sh autoconfize and add tests. Jul 12, 2016
config.guess autoconfize and add tests. Jul 12, 2016
config.sub autoconfize and add tests. Jul 12, 2016
configure.ac Rename the project name from duckhook to funchook. Jan 1, 2017
install-sh autoconfize and add tests. Jul 12, 2016

README.md

Funchook - an API hook library

This library depends on diStorm3.

Build Status Build status

TODO

  • write documents.

Supported Platforms

  • Linux x86_64 (*1)
  • Linux x86 (*1)
  • OS X x86_64 (*1)
  • OS X x86 (*1)
  • Windows x64 (*2) (except C-runtime functions under Wine)
  • Windows 32-bit (*2)

*1 tested on Travis CI
*2 tested on AppVeyor

Compilation

$ git clone --recursive https://github.com/kubo/funchook.git
$ cd funchook
$ ./autogen.sh
$ ./configure
$ make
$ make test

Example

static ssize_t (*send_func)(int sockfd, const void *buf, size_t len, int flags);
static ssize_t (*recv_func)(int sockfd, void *buf, size_t len, int flags);

static ssize_t send_hook(int sockfd, const void *buf, size_t len, int flags);
{
    ssize_t rv;

    ... do your task: logging, etc. ...
    rv = send_func(sockfd, buf, len, flags); /* call the original send(). */
    ... do your task: logging, checking the return value, etc. ...
    return rv;
}

static ssize_t recv_hook(int sockfd, void *buf, size_t len, int flags);
{
    ssize_t rv;

    ... do your task: logging, etc. ...
    rv = recv_func(sockfd, buf, len, flags); /* call the original recv(). */
    ... do your task: logging, checking received data, etc. ...
    return rv;
}

int install_hooks()
{
    funchook_t *funchook = funchook_create();
    int rv;

    /* Prepare hooking.
     * The return value is used to call the original send function
     * in send_hook.
     */
    send_func = send;
    rv = funchook_prepare(funchook, (void**)&send_func, send_hook);
    if (rv != 0) {
       /* error */
       ...
    }

    /* ditto */
    recv_func = recv;
    rv = funchook_prepare(funchook, (void**)&recv_func, recv_hook);
    if (rv != 0) {
       /* error */
       ...
    }

    /* Install hooks.
     * The first 5-byte code of send() and recv() are changed respectively.
     */
    rv = funchook_install(funchook, 0);
    if (rv != 0) {
       /* error */
       ...
    }
}

License

GPLv2 or later with a GPL linking exception.

You can use funchook in any software. Though funchook is licensed under the GPL, it doesn't affect outside of funchook due to the linking exception. You have no need to open your souce code under the GPL except funchook itself.

If you modify funchook itself and release it, the modifed part must be open under the GPL with or without the linking exception because funchook itself is under the GPL.

diStorm3 has been released under 3-clause BSD since Nov 19, 2016. The license is compatible with the GPL.

You can’t perform that action at this time.