recreate project as DLL
This commit is contained in:
37
test_cases/README.md
Normal file
37
test_cases/README.md
Normal file
@@ -0,0 +1,37 @@
|
||||
Introduction
|
||||
============
|
||||
|
||||
This project aims to give a simple overview on how good various x64 hooking
|
||||
engines (on windows) are. I'll try to write various functions, that are hard to
|
||||
patch and then see how each hooking engine does.
|
||||
|
||||
I'll test:
|
||||
* [EasyHook](https://easyhook.github.io/)
|
||||
* [PolyHook](https://github.com/stevemk14ebr/PolyHook)
|
||||
* [MinHook](https://www.codeproject.com/Articles/44326/MinHook-The-Minimalistic-x-x-API-Hooking-Libra)
|
||||
* [Mhook](http://codefromthe70s.org/mhook24.aspx)
|
||||
|
||||
(I'd like to test detours, but I'm not willing to pay for it. So that isn't
|
||||
tested :( )
|
||||
|
||||
There are multiple things that make hooking difficult. Maybe you want to patch
|
||||
while the application is running -- in that case you might get race conditions,
|
||||
as the application is executing your half finished hook. Maybe the software has
|
||||
some self protection features (or other software on the system provides that,
|
||||
e.g. Trustee Rapport)
|
||||
|
||||
Evaluating how the hooking engines stack up against that is not the goal here.
|
||||
Neither are non-functional criteria, like how fast it is or how much memory it
|
||||
needs for each hook. This is just about the challenges the function to be
|
||||
hooked itself poses.
|
||||
|
||||
Namely:
|
||||
* Are jumps relocated?
|
||||
* What about RIP adressing?
|
||||
* If there's a loop at the beginning / if it's a tail recurisve function, does
|
||||
the hooking engine handle it?
|
||||
* How good is the dissassembler, how many instructions does it know?
|
||||
* Can it hook already hooked functions?
|
||||
|
||||
Test cases
|
||||
==========
|
||||
Reference in New Issue
Block a user