Python hooks in Windows processes with pe-hedera
Binary instrumentation is one of my favorite approaches when reverse engineering complex software, especially malware. The first step I took in this direction was APIhookLib, a static library written in C that allows setting hooks before and after the execution of functions. The main problem with it was that every time I needed to modify a hook routine I would have to recompile it and retransfer the binary in the lab environment. Wouldn’t it be nice to use an interpreted language like Python to quickly modify the hooks? Meet pe-hedera.