Hooking is a powerful process-observation technique that is used to change the flow of a process in order to monitor or alter data that is being accessed. Hooking is what enables rootkits to hide themselves, keyloggers to steal keystrokes, and debuggers to debug! A reverse engineer can save many hours of manual debugging by implementing simple hooks to automatically glean the information he is seeking. It is an incredibly simple yet very powerful technique.
On the Windows platform, a myriad of methods are used to implement
hooks. We will be focusing on two primary techniques that I call "soft"
and "hard" hooking. A soft hook is one where you are
attached to the target process and implement
INT3 breakpoint handlers to intercept ...