HookAPI source code

• Download demo project - 499 Kb

Introduction

HookAPI is the API SDK that sets up system wide hooks for all windows platforms. It could easily hook 32-bit windows system APIs or 32-bit user-defined DLL. It could be used easily and all you need to do is write a DLL file named mydll.dll or mydll_9x.dll. It is based on ApiSpy32 by Yariv Kaplan.

The code injects two DLLs into the destination application. The first DLL, HookAPIxx.dll, updates the API's first 5 bytes:

 papi[0] =0xE8;
 *(DWORD *)&papi[1] =(DWORD)ProcessCall -(DWORD)papi -CALL_BYTES_SIZE;

The nother DLL mydllxxx.dll, runs the new API instead of the old API, like this sample to hook the socket function:

int WINAPI mysocket(int af, int type, int protocol)
{
   WriteLog("debug mysocket, af=%d, type=%d, protocol=%d", af, type, protocol);

   return socket(af, type, protocol);
}

And HookAPIxx.dll hooks the CreateProcessW/CreateProcessA functions, so it can catch the creation of new processes and inject the two DLLs:

#ifdef WINNT
   if(!strcmp(pinfo->api_name, "CreateProcessW") || 
      !strcmp(pinfo->api_name, "CreateProcessA") )
   {
      pi =(PROCESS_INFORMATION *)pdwParam[9];
      if(pi->hProcess)
      {
          InjectLib(pi->hProcess, fname);  // hook new process<CODE>
      }
   }
#endif

If you want to use it, then load the first DLL HookAPIxx.dll. If it's an NT system(WinNT/XP/200x), you should call function HookAllProcess() in the DLL and call UnhookAllProcess when you exit. There are other functions in the DLL, like HookOneProcess, HookOneProcess2 to hook one application on NT system.

mydllxx.dll is loaded by HookAPIxx.dll when HookAPIxx.dll is initialized, and then makes the hook:

CHookAPI::CHookAPI()
{
   LoadMyDll(); 
   Init();
   HookAllAPI();
}

It includes the following parts:

• HookAPI SDK full source codes

• many examples source codes, such as;

1. Hook socket functions like socket, send, recv, connect, ...

2. Hook file functions like CreateFile, ReadFile, ...

3. Hook registry functions like RegOpenKey, RegQueryValue, RegQueryValueEx, ...

4. Delphi sample for Hook socket function

5. Delphi sample for Hook file function

6. Hook ExitWindowsEx

7. Hook LoadLibrary and GetProcAddress

8. Hook GDI functions like TextOut, ExtTextOut

9. Hook Shell API function like SHBrowseForFolder, SHGetFileInfo, ...

10. Hiden Processes sample, it can hide processes, task managers cannot find it

11. Filter Advertisement bar sample, it can filter AD bar of IE or other network application, or filter the data from some ports of TCP/UDP

12. Message Filter sample, it can filter some messages of the windows

13. Execute file manager sample, it can forbide some files open, execute, and hidden some folders or files

14. Net encrypt sample, it can encrypt all the application that wrriten with socket. With this, you will not need encrypt in your application.

15. hook a ship game to auto drop bomb and auto elude bullet

About pudn.com

An old C programmer in China. Click here to view pudn.com's online profile.

Other popular articles: Driver Development Part 1: Introduction to Drivers This article will go into the basics of creating a simple driver. A simple demo for WDM Driver development WDM Driver programming introduction with three Pseudo Drivers. API hooking revealed The article demonstrates how to build a user mode Win32 API spying system Using MC.exe, message resources and the NT event log in your own projects A tutorial that shows how to integrate mc.exe in the build environment of Visual Studio and use it for event logging and string resources.