Hard Hooking with Immunity Debugger

Now we get to the interesting stuff, the hard hooking technique. This technique is more advanced, but it also has far less impact on the target process because our hook code is written directly in x86 assembly. With the case of the soft hook, there are many events (and many more instructions) that occur between the time the breakpoint is hit, the hook code gets executed, and the process resumes execution. With a hard hook you are really just extending a particular piece of code to run your hook and then return to the normal execution path. The nice thing is that when you use a hard hook, the target process never actually halts, unlike the soft hook.

Immunity Debugger reduces the complicated process of setting ...

Get Gray Hat Python now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.