Hook anonymous calls

Apr 21, 2013 at 5:49 PM
Ok, let's say you inject your DLL into a native process. You know the offset of a method you want to call, and does something similiar to this:

MyMethodHook = LocalHook.Create(MyMethodAddress, new MyMethodDelegate(MyMethod_Hooked), this)

In the MyMethod_Hooked function, since you can't DllImport, how should you call the original method after you're done doing your stuff?
Coordinator
Apr 22, 2013 at 8:58 AM
Edited Apr 22, 2013 at 8:59 AM
Like the following:

var original = (MyMethodDelegate)(Object)Marshal.GetDelegateForFunctionPointer(myMethodAddress);
original(....);

If you call it from within the handler, then EasyHook will automatically skip the trampoline and call the original code.

Cheers,
Justin
Apr 22, 2013 at 12:24 PM
Edited Apr 22, 2013 at 12:59 PM
But then you'll have to create your own function pointer in C++ and Marshal the function pointer from the library you created.
There is no way to call the method address, like in assembly (example): CALL (or JMP) PTR [EAX]. (?)

Anyway, thanks for the answer,
iPHAnTom
Coordinator
Apr 23, 2013 at 9:54 AM
You have already passed the function pointer to create your hook in the first place (IntPtr MyMethodAddress). This is the same value you use here.