In computer programming, the term hooking covers a range of techniques used to alter or augment the behaviour of an operating system, of applications, or of other software components by intercepting function calls or messages or events passed between software components.
It is also widely used in benchmarking programs, for example frame rate measuring in 3D games, where the output and input is done through hooking.
For example, rootkits, pieces of software that try to make themselves invisible by faking the output of API calls that would otherwise reveal their existence, often use hooking techniques.
Hooking can be achieved by modifying the source of the executable or library before an application is running, through techniques of reverse engineering.
This table can be modified to load any additional library modules as well as changing what external code is invoked when a function is called by the application.
Operating systems and software may provide the means to easily insert event hooks at runtime.
Linux provides another example where hooks can be used in a similar manner to process network events within the kernel through NetFilter.
Essentially these tactics employ the same ideas as those of source modification, but instead altering instructions and structures located in the memory of a process once it is already running.
Therefore, in order for a hook function to properly intercept the "this" pointer that is passed and take it as an argument, it must look into the ECX register.
The Portable Executable header contains the Import Address Table (IAT), which can be manipulated as shown in the source below.