2011-08-01 22:34:21 8 Comments
I have a third party function
function DataCompare(const S1, S2: string; APartial: Boolean): Boolean;
begin
...
end;
It is used in another third party unit.
I wish to replace the body of the function at runtime with another new implementation.
Is this possible? I guess there will be a need of some hack (ala VirtualMemoryUnprotect). A non-assembler solution is very welcome.
Related Questions
Sponsored Content
11 Answered Questions
9 Answered Questions
[SOLVED] Meaning of = delete after function declaration
- 2011-04-01 13:14:30
- Pat O'Keefe
- 98508 View
- 225 Score
- 9 Answer
- Tags: c++ function c++11 declaration delete-operator
10 Answered Questions
13 Answered Questions
7 Answered Questions
[SOLVED] How do you pass a function as a parameter in C?
- 2008-08-13 02:16:32
- andrewrk
- 516364 View
- 562 Score
- 7 Answer
- Tags: c function pointers syntax parameters
18 Answered Questions
[SOLVED] How to return a string value from a Bash function
- 2010-07-13 11:55:37
- Tomas F
- 307082 View
- 439 Score
- 18 Answer
- Tags: string bash function return-value
1 Answered Questions
[SOLVED] Delphi XE3 Invalid Pointer when trying to free FSQL (TStringList)
- 2014-07-17 20:45:47
- Rich R
- 788 View
- 0 Score
- 1 Answer
- Tags: delphi delphi-xe3 object-destruction invalid-pointer
2 comments
@RRUZ 2011-08-01 22:59:08
Yes you can do that, using the
ReadProcessMemory
andWriteProcessMemory
functions to patch the code of the current process. Basically, you get the address of the procedure or function to patch and then insert a Jump instruction to the address of the new procedure.Check this code
Now every time you execute your app and a call to the
DataCompare
function was made, the jump instruction (to he new address) will be executed causing which theDataCompareHack
function will be called instead.@Michael Riley - AKA Gunny 2011-08-01 23:23:54
Now where did you learn that? That's way to cool to be called a hack. Instead of calling it a "Hack" I think you should call it a "Ninja". DataCompareNinja
@Remy Lebeau 2011-08-02 01:09:03
This kind of redirection is known as a Detour. Microsoft has a research project about it: research.microsoft.com/en-us/projects/detours
@Rob Kennedy 2012-06-01 19:45:39
@Premature, I suspect it may have something to do with avoiding having to change memory protection. I see no calls to
VirtualProtect
here, which would ordinarily be required to overwrite executable code. Am I right, Rruz? Otherwise, why not just use plain oldMove
?@ain 2011-08-01 23:12:30
I think JCL has some utils for this kind of stuff... I haven't used it myself but had a quick look and following items look promising:
I think the
jclHookExcept.JclHookExceptions()
demonstrates how to use them.