The previous part is here. In this part, we will investigate more exotic cases of intercepting function calls.

VMT for Case 1

VMT stands for virtual method table. VMT is created by the compiler when the class introduces a virtual method or overrides one from any parent class.

Finding VMT depends on the language and the compiler, so I will not explain it here. For most languages, the first 4 bytes in x86 or 8 bytes in x64 points to VMT. Then you need to know where is pointer to the function is in this table.

Then you need to save this address somewhere. Then write a different address into VMT using the WriteProcessMemory function. After that,

In the previous part, I explained certain issues in Example 2 for all types of cases: multithreading issues, and issues with recursive calls. Also must state that there is also a cost involved in calling the WriteProcessMemory function twice each call to the XYZ function. If the XYZ function is called often then we will have a performance hit. But is there anything we can improve? And it turns out that we can for Case 1.

Example 3 for Case 1

The main idea for this case is to call the WriteProcessMemory function only once. And when we need to call the original function we need to simulate instructions that were overwritten with jump instruction

Why

There are times when you want to change the behavior of a function that you cannot recompile for some reason. For example, there could be a bug in a runtime function of your language. Changing the version of your language is typically quite a challenge and it could be much better to patch that function instead of making drastic changes like switching to a different version.

Or as another example, there could be some 3rd party library that has a bug and the author didn’t provide a source code. Or perhaps you want to do some pre or post-processing. For example, you may want to save some input or output parameters or even modify them.

For further discussion let's

Disclaimer: I have no financial or any other interest in this or any other products mentioned in this review. I review this product because I really like it.

Typically at home, I use relatively cheap headphones to listen to music, play computer games, and discuss stuff over Zoom or any other applications. Typically I buy something in the range of $25-$35.

Last several years I have been buying Koss multimedia headphones (SB45 or SB49). They cost around $32 and to the most degree, they were fine. But they have a few issues that eventually start to annoy me.

The most common issue is that, after some time fake leather starts to peel from head cups and stick to the skin