Discussion:
API Hooking: Failing for free and Malloc: Jeffrey Ritcher's Code
(too old to reply)
Janardhan
21 years ago
Permalink
I tried API hooking using jeffrey ritcher's which uses
replacing IAT(Import Address Table) of the dll.

It is failing for malloc and free. Even though there are so many new and
delete done, the control is not coming to my hooking functions. Can anyone
help me w.r.t this.

void * __cdecl OverRiden_malloc(size_t);
void __cdecl OverRiden_free(void *);


CAPIHook* my_MallocObj = new CAPIHook("msvcrt.dll", "malloc",
(PROC)OverRiden_malloc,TRUE);

CAPIHook* my_DeleteObj = new CAPIHook("msvcrt.dll", "free",
(PROC)OverRiden_free,TRUE);
xbunny
21 years ago
Permalink
...
I had a similar problem. It appears on the surface at least that the MS
implementations of new and delete do not call malloc or free but some
other memory allocation functions. I didnt find a solution.
Sten Westerback
21 years ago
Permalink
...
Maybe the module in question is linked statically to a CRT malloc()...
... or maybe Microsoft uses their own suballocation to memory allocated
by HeapAlloc() or GlobalAlloc() or....

- Sten
Stephen Kellett
21 years ago
Permalink
Post by xbunny
I had a similar problem. It appears on the surface at least that the MS
implementations of new and delete do not call malloc or free but some
other memory allocation functions. I didnt find a solution.
The Microsoft implementations of new and delete call free and malloc.
This is true for static or dynamic implementations. Read the source code
if you don't believe me.

The problem you have is one or both of:
1) You are statically linked. You need to dynamically link to use Jeff
Richter's approach.
2) You are doing a debug build. Your code is hooking a release DLL.

You will better invest your time using an existing memory spy tool than
reinventing the wheel. There are several free and commercial ones to
choose from.

Stephen
--
Stephen Kellett
Object Media Limited http://www.objmedia.demon.co.uk
RSI Information: http://www.objmedia.demon.co.uk/rsi.html
Loading...