x64 API Hooking - VC++

[Master674]

Hey, just figured out that MS Detours 3.0 Express is shit... does not include x64 API Hooking and only works with x86 processors -.-
(Used MS Detours 1.5 before to get it working with all windows processor types).

Then i wanted to get MS Detours Professional... But WTF 10.000 USD?! OMFG

Is there a good alternative to MS Detours Professional?
Also why is inline asm disabled in x64 compilers?

How would i write my asm code into it? Any good library around that bypasses this restriction?

[SKU]

asmjit - Complete x86/x64 JIT Assembler for C++ Language. - Google Project Hosting

hadesmem - Windows memory hacking library - Google Project Hosting

[Cypher]

The next release of HadesMem (check out the link SKU posted -- thanks SKU!) will include a detour component. It's available now under /branches/v1.0.0 if you don't wish to wait for v1.6.0 Final.

I use BeaEngine to disassemble the target, and AsmJit to dynamically generate parts of the trampoline (where things like jump resolution etc are necessary). It's not 'complete' yet, but it should work better than most of the other free alternatives to Detours 3.0 (most don't do any instruction resolution at all, and some won't even do automatic trampoline generation).

[Master674]

The next release of HadesMem (check out the link SKU posted -- thanks SKU!) will include a detour component. It's available now under /branches/v1.0.0 if you don't wish to wait for v1.6.0 Final.

I use BeaEngine to disassemble the target, and AsmJit to dynamically generate parts of the trampoline (where things like jump resolution etc are necessary). It's not 'complete' yet, but it should work better than most of the other free alternatives to Detours 3.0 (most don't do any instruction resolution at all, and some won't even do automatic trampoline generation).

Thanks for that! HadesMem looks really promising, I'll wait for the final version to come out.
So I guess HadesMem's Detours will work like in MS Detours? I just need basic Detour Functions. Place / Remove.

[Cypher]

Thanks for that! HadesMem looks really promising, I'll wait for the final version to come out.
So I guess HadesMem's Detours will work like in MS Detours? I just need basic Detour Functions. Place / Remove.

Some of the HadesMem APIs are kinda complicated, but that Patcher APIs in particular are pretty drop-dead simple.

I'll make it a priority to get v1.6.0 out 'soon'.

[sitnspinlock]

not to take away from your hooking library but let not the OP forget use of linking with .asm files under x64. Can generally get by just fine using those as opposed to inline and naked functions.

I'm naked right now by the way.

[Cypher]

not to take away from your hooking library but let not the OP forget use of linking with .asm files under x64. Can generally get by just fine using those as opposed to inline and naked functions.

I'm naked right now by the way.

It doesn't matter whether you use AsmJit (or whatever) or use an assembler and link in the object files manually, you still need a detour/hooking library to actually do the 'dirty work'.