In Windows, all applications must communicate with the kernel through API functions; as such, these functions are critical to even the simplest Windows application. Thus, the ability to intercept, monitor, and modify a program's API calls, commonly called API hooking, effectively gives one full control over that process. This can be useful for a multitude of reasons including debugging, reverse engineering, and hacking (in all interpretations of the word).
While there are several methods which can be used to achieve our goal, this tutorial will examine only DLL redirection. This approach was chosen for several reasons:
- It is relatively simple to implement.
- It allows us to view and modify parameters passed to an API function, change return values of that function, and run any other code we desire.
- While most other methods require code to be injected into the target process or run from an external application, DLL redirection requires only write access to the target application's working directory.
- We can intercept any API call without modifying the target (either on disk or in memory) or any system files.
Let us know what you think or if you have questions for Craig.