How to temporarily bypass all hooks?

Jan 14, 2011 at 6:17 AM

Hi! Is there same way in EasyHook to temporarily stop bypass all hooks, other than setting a flag in my code and checking it in all hook-functions? Or some other method for solving the following situation?

- I am hooking API functions A and B with my own versions hookA and hookB.

- Thanks to EasyHook, it's very simple to call the original A from hookA and the original B from hookB.

- But I am not at all sure how to call the original A from hookB or the original B from hookA - logging showed me that in this situation, hookA gets called instead of A, and hookB gets called instead of B.

I could solve this issue with a flag:

static int internalCall = 0;

void hookA() {
  if (internalCall) 
    A();
  else {
    ...
    A();
    ...
    internalCall = 1;
    B();
    internalCall = 0;
    ...
}

void hookB() {
  if (internalCall) 
    B();
  else {
    ...
    B();
    ...
    internalCall = 1;
    A();
    internalCall = 0;
    ...
}

But this is both ugly AND I would surely run into problems as soon as multiple threads were concerned. Surely there is a better way in EasyHook?

Jan 20, 2011 at 6:46 PM

There may be a solution, depending on why you want to call the other. If you call B() from A() because you need the functionality of B from within A (and, obviously, you're trying to avoid infinite recursion), then you could get away with passing special argument values that you can recognize in B().

I've had the same problem, but with A() trying to call A() for itself, with A == HeapAlloc(), and I solved it by using a private heap and detecting that my private heap was being used in the call. If you can pass such "passcode" parameter, then you won't need the global flag and avoid race conditions. Of course, this depend on the possiblity of passing such magic parameters without breaking or API or be able to filter them out when calling the original function being hooked.

Jan 22, 2011 at 5:40 AM

I am afraid I can't do that. The functions that I am hooking are such that I don't have an argument which I could use as a flag.