Glossary
API Hooking
Intercepting calls to API or library functions at runtime to monitor, modify, or redirect their behavior.
API hooking is the technique of intercepting calls to OS or library functions at runtime to observe or alter their arguments and return values. Common methods include overwriting the first bytes of a function with a JMP to a hook handler (inline/trampoline hooking), or replacing entries in the Import Address Table (IAT). Security tools (antivirus, sandboxes) use hooking to monitor malware behavior; malware itself uses hooking to hide files or network connections (rootkit techniques). Understanding hooking is essential for both dynamic analysis and bypassing security products.