RE: "Win32::API::Callback::IATPatch" name for DLL/SO hooker for Win32::API

Tue, 16 Oct 2012 12:25:18 -0700 


----------------------------------------
> From: j...@activestate.com
> To: bul...@hotmail.com; cos...@streppone.it; libwi...@perl.org; 
> modules@perl.org; cos...@cpan.org
> Subject: RE: "Win32::API::Callback::IATPatch" name for DLL/SO hooker for 
> Win32::API
> Date: Mon, 15 Oct 2012 13:33:55 -0700
>
> On Sun, 14 Oct 2012, bulk 88 wrote:
>>
>> I haven't heard from you since my last post a month ago.
>
> Sorry, I didn't have time to look at this in details. My gut
> feeling is that API hooking should be in a separate module, not
> not jammed into Win32::API. But this is not a fully informed
> opinion, so if e.g. implementation sharing makes this more
> convenient, then that may be a good reason to do so.
>
The post you replied to was mostly intended to Cosimo, not you. But lets go on.

::IATPatch is a class that is implemented in Callback.dll. Its full name is 
Win32::API::IATPatch and it is OO. It has no Perl code. Currently ::IATPatch 
peeks inside a ::Callback non publically.

Also many provisions or future changes (I have no plans to implement them ATM) 
would require ::IATPatch or (future) sister classes to use private API of other 
parts of Win32::API. ::IATPatch has proposed method, in a src comment, to 
create a Win32::API automatically from a Win32::API::Callback. Also if a 
Win32::API::HMODULE class is ever created for proper refcounting of DLLs, 
::IATPatch *may* need to use it, and it probably will be 100% internal to 
Win32::API with no public exposure. If something like MS Detours or a FOSS 
clone of it is ever added to Win32::API, it would need ::Callback's private API 
just as ::IATPatch does now.

::IATPatch is really small. It has no Perl code,  1 C func 0x2a3,  2 1 line 
method XSUBs 0x33+0xA2, 1 DESTROY XSUB 0xCD, 1 constructor XSUB 0x248, and 1 
other xsub 0x173, for a total of 0x7a0, 1952 bytes of 32 bit machine code, 
string literals and everything else excluded. Callback.dll is 10KB. ::IATPatch 
is not large enough to need a separate DLL.

Are you concerned about any security issues with adding API hooking to the 
Win32::API distribution?
                                          





















					Reply via email to