Hooking in x64 bits

Questions
1

Hi 0x00sec !!

I’m working on a behaviour detection engine for personal research, in which I should hook windows API function to have such visibility over the monitored process.
I wonder if anyone has already performed hooking in x64 mode?
Using the same technique described in x32 mode presented by dtm, here is the code I tried to inject (0xdeadbeefdeadbeef represent the address of the hooked function)

patch2

patch1

And here is how it’s looks like in the debugger

patch0

As you can see, it doesent seem like a jumpable addr .

PS : I don’t want to use other hooking library, I want to implement my own.
Thank you in advance

1 Like
2

Have you tried changing the line with dwNewAddress to use DWORD64 instead of BYTE?

WriteMemory<DWORD64>((LPVOID)(dwFuncAddress + 3), dwNewAddress);
2 Likes
3

It works :smiley: !!! Thank you so much @dtm !!

newhook

4