Module inline_hook 

Inline hooking framework

Provides comprehensive hooking capabilities including:

• Standard inline hooks (prologue replacement)
• Hot-patch style hooks
• Mid-function hooks with context
• Hook chaining with priorities
• IAT (Import Address Table) hooks
• EAT (Export Address Table) hooks
• VEH (Vectored Exception Handler) hooks
• VMT (Virtual Method Table) hooks

Architecture Support

Both x86 and x86_64 are supported via the Architecture trait. Use NativeArch for compile-time architecture selection.

Example

use wraith::manipulation::inline_hook::{hook, NativeArch};

// define the original function type
type TargetFn = extern "system" fn(i32) -> i32;

// your detour function
extern "system" fn my_detour(x: i32) -> i32 {
    // do something
    // call original via trampoline
    unsafe { ORIGINAL.unwrap()(x) }
}

static mut ORIGINAL: Option<TargetFn> = None;

// install hook
let guard = hook::<NativeArch>(target_addr, my_detour as usize)?;
unsafe {
    ORIGINAL = Some(std::mem::transmute(guard.trampoline().unwrap()));
}

// hook is active until guard is dropped
// or call guard.leak() to keep it permanently

Hook Types

Code Modification Hooks

• InlineHook: Standard prologue replacement hook
• HotPatchHook: Uses Windows hot-patching space (2-byte atomic)
• MidFunctionHook: Hook at arbitrary location with context
• HookChain: Multiple hooks on same target with priorities

Table Modification Hooks

• IatHook: Import Address Table hook (per-module imports)
• EatHook: Export Address Table hook (affects GetProcAddress)
• VmtHook: Virtual Method Table hook (C++ virtual functions)
• ShadowVmt: Shadow VMT for instance-specific hooking

Exception-Based Hooks

• VehHook: Vectored Exception Handler hook (hardware/software breakpoints)

Builder Pattern

For more control, use the type-state builder:

use wraith::manipulation::inline_hook::{HookBuilder, NativeArch};

let guard = HookBuilder::<NativeArch, _>::new()
    .target(target_addr)?
    .detour(detour_addr)?
    .allocate_trampoline()?
    .build_trampoline()?
    .prepare()?
    .install()?;

Re-exports

pub use arch::Architecture;

pub use arch::NativeArch;

pub use arch::X64;

pub use arch::X86;

pub use builder::state as BuilderState;

pub use builder::HookBuilder;

pub use guard::HookGuard;

pub use guard::HookState;

pub use guard::StatefulHookGuard;

pub use hook::Hook;

pub use hook::HookChain;

pub use hook::HotPatchHook;

pub use hook::InlineHook;

pub use hook::MidFunctionHook;

pub use registry::HookRegistry;

pub use registry::HookType;

pub use registry::RegisteredHook;

pub use trampoline::ExecutableMemory;

pub use hook::iat::IatHook;

pub use hook::iat::IatHookGuard;

pub use hook::iat::IatEntry;

pub use hook::iat::enumerate_iat_entries;

pub use hook::iat::find_iat_entry;

pub use hook::iat::hook_import;

pub use hook::iat::hook_import_all;

pub use hook::eat::EatHook;

pub use hook::eat::EatHookBuilder;

pub use hook::eat::EatHookGuard;

pub use hook::eat::EatEntry;

pub use hook::eat::enumerate_eat_entries;

pub use hook::eat::find_eat_entry;

pub use hook::eat::find_eat_entry_by_ordinal;

pub use hook::veh::VehHook;

pub use hook::veh::VehHookType;

pub use hook::veh::DebugRegister;

pub use hook::veh::BreakCondition;

pub use hook::veh::BreakLength;

pub use hook::veh::get_available_debug_register;

pub use hook::vmt::VmtHook;

pub use hook::vmt::VmtHookGuard;

pub use hook::vmt::VmtHookBuilder;

pub use hook::vmt::ShadowVmt;

pub use hook::vmt::VmtObject;

pub use hook::vmt::get_vtable;

pub use hook::vmt::get_vtable_entry;

pub use hook::vmt::estimate_vtable_size;

pub use hook::mid::HookContext;

pub use hook::mid::MidHookFn;

Modules

arch

Architecture abstraction for inline hooking

asm

Assembly instruction encoding and decoding utilities

builder

Type-state hook builder

guard

RAII hook guard for automatic cleanup

hook

Hook type implementations

registry

Global hook registry

trampoline

Trampoline building and memory management

Functions

create_chain

create a hook chain on a target function

eat_hook

hook an export in a module’s EAT

hook

install an inline hook with native architecture

hook_export

convenience function to hook by module export name

hook_export_native

convenience function to hook export using native architecture

hook_native

install an inline hook using the native architecture

hotpatch

install a hot-patch hook

iat_hook

hook an import in the current module’s IAT

iat_hook_in

hook an import in a specific module’s IAT

is_hot_patchable

check if a function is hot-patchable

mid_hook

install a mid-function hook

shadow_vmt^⚠

create a shadow VMT for instance-specific hooking

veh_hook_hardware

create a VEH hook using a hardware breakpoint

veh_hook_int3

create a VEH hook using INT3 software breakpoint

vmt_hook^⚠

hook a virtual function in an object’s VMT