1

I am using Detours to hook malloc/free of any target .exe without the access of its source code.

I have succeeded in hooking malloc/free which are dynamically linked from the .exe.

I'm wondering whether Detours can be used to hook statically linked malloc/free.

I understand that might be more difficult, since the malloc/free code is already inside .exe and it is even difficult to locate them. "malloc" may become something like "0x804f400". But I guess there may exist some other technique that can locate malloc/free function inside the .exe.

Has anybody tried it? Or is it simply not feasible?

Infinite
  • 3,198
  • 4
  • 27
  • 36

1 Answers1

0

In Windows, all implementations of malloc and free ultimately boil down to a call to the HeapAlloc/HeapFree API in kernel32. You should consider detouring that instead.

SecurityMatt
  • 6,593
  • 1
  • 22
  • 28