Hello all! My name is Harris.

I wanna ask what is the difference between hooking and DBI(dynamic binary instrumentation)?

I am asking this because i wanna know also what is the best observation technique.
eg You have a client communicating with a server sending data with a send() function.. I want that intercepted! printing me the data that is about to send on the connected socket or saving them in a file or i want to sit for 10 hours playing with my client ,take a break and look for all the printed data.

This is a quick example but i want you try and think another ,something that has to do with observing how a program works and how to achieve that and is related to hooking or DBI or these are the same thing?

Thx in advance i hope my question is clear.

well in a crude level you can call one the other
refining a bit you can describe dbi as a sanctioned locksmith breaking a safe
while hooking can be termed as an art performed by a unsanctioned connoisseur of lock smithy on the same safe
with dbi you can probably advertise yourself but with hooking you need the word of the mouth publicity

with dbi you can pick locks in broad daylight while onlookers are staring at you
to hook you need the dark of night with no one near you

ah enough bs

iirc skywing wrote a paper in uninformed about dynamorio and
dynamorio itself has published a few pdfs and provide a precompiled package that you can play as far as DBI is concerned
GIYF for hooking

WOW, I didn't know anything of DynamoRIO, thanks for the tip, Blabberer. It is a superset of hooking, it is a complete virtual machine... I should have known it is listed in RCE Tool Library, sorry for my laziness...
Unfortunately, it is a pain for debugging, due to the way it injects its DLL's

Best regards, bilbo

P.S. maybe the article you are referring to is "http://www.uninformed.org/?v=7&a=18&t=txt", by skape?

yes bilbo you are right it seems i didn't recall correctly it was a paper by skape not skywing