Can Easyhook hook the middle of a function?

Mar 7, 2013 at 7:13 PM
Im working on using easyhook to replace a tool that i use now that uses hardware breakpoints at certain addresses to grab some data from a running process. Is it possible to hook in the middle of a function using easyhook?
Mar 8, 2013 at 6:27 AM
In theory yes you could pass the address of to any point within the function. EasyHook will move the required number of instructions and install the trampoline.

You may find more situations where this doesn't work as you are more likely to find exotic instructions that the disassembler doesn't know about (it has a fairly impressive supported list already tho).

I would be interested to hear how you go with this.
Jun 17, 2013 at 6:37 AM
I have been trying to do this too but I simply do not know enough what it does at the assembly level when hooking the functions.

How does it know what parameters are passed to the function?

Then when you hook the middle of the function, how do you know what arguments you need for the hooked function and the replacement function?

And when it returns, which address does it return to? Is it the return address on the stack (of the original function)?