Module inline_hook

Expand description

Inline hooking framework

Provides comprehensive inline hooking capabilities including:

Standard inline hooks (prologue replacement)
Hot-patch style hooks
Mid-function hooks with context
Hook chaining with priorities

§Architecture Support

Both x86 and x86_64 are supported via the Architecture trait. Use NativeArch for compile-time architecture selection.

§Example

use wraith::manipulation::inline_hook::{hook, NativeArch};

// define the original function type
type TargetFn = extern "system" fn(i32) -> i32;

// your detour function
extern "system" fn my_detour(x: i32) -> i32 {
    // do something
    // call original via trampoline
    unsafe { ORIGINAL.unwrap()(x) }
}

static mut ORIGINAL: Option<TargetFn> = None;

// install hook
let guard = hook::<NativeArch>(target_addr, my_detour as usize)?;
unsafe {
    ORIGINAL = Some(std::mem::transmute(guard.trampoline().unwrap()));
}

// hook is active until guard is dropped
// or call guard.leak() to keep it permanently

§Hook Types

InlineHook: Standard prologue replacement hook
HotPatchHook: Uses Windows hot-patching space (2-byte atomic)
MidFunctionHook: Hook at arbitrary location with context
HookChain: Multiple hooks on same target with priorities

§Builder Pattern

For more control, use the type-state builder:

use wraith::manipulation::inline_hook::{HookBuilder, NativeArch};

let guard = HookBuilder::<NativeArch, _>::new()
    .target(target_addr)?
    .detour(detour_addr)?
    .allocate_trampoline()?
    .build_trampoline()?
    .prepare()?
    .install()?;

Re-exports§

pub use arch::Architecture;
pub use arch::NativeArch;
pub use arch::X64;
pub use arch::X86;
pub use builder::state as BuilderState;
pub use builder::HookBuilder;
pub use guard::HookGuard;
pub use guard::HookState;
pub use guard::StatefulHookGuard;
pub use hook::Hook;
pub use hook::HookChain;
pub use hook::HotPatchHook;
pub use hook::InlineHook;
pub use hook::MidFunctionHook;
pub use registry::HookRegistry;
pub use registry::HookType;
pub use registry::RegisteredHook;
pub use trampoline::ExecutableMemory;
pub use hook::mid::HookContext;
pub use hook::mid::MidHookFn;

Modules§

arch: Architecture abstraction for inline hooking
asm: Assembly instruction encoding and decoding utilities
builder: Type-state hook builder
guard: RAII hook guard for automatic cleanup
hook: Hook type implementations
registry: Global hook registry
trampoline: Trampoline building and memory management

Functions§

create_chain: create a hook chain on a target function
hook: install an inline hook with native architecture
hook_export: convenience function to hook by module export name
hook_export_native: convenience function to hook export using native architecture
hook_native: install an inline hook using the native architecture
hotpatch: install a hot-patch hook
is_hot_patchable: check if a function is hot-patchable
mid_hook: install a mid-function hook

Module inline_hook

Module inline_hook Copy item path

§Architecture Support

§Example

§Hook Types

§Builder Pattern

Re-exports§

Modules§

Functions§

Module inline_hook