Results 1 to 4 of 4
  1. #1
    Dwar
    Dwar is offline
    Veteran Dwar's Avatar
    Join Date
    2010 Mar
    Posts
    2,222
    Thanks Thanks Given 
    211
    Thanks Thanks Received 
    2,230
    Thanked in
    292 Posts
    Rep Power
    10

    Api hooking Technique

    Api hooking Technique
    Hooking api is one of many ways we can control the way windows & 3rd party software behaves under certain circumstances. This technique shown here is a global api hook for the current process address space.

    It works by putting together a buffer with machine code instructions that cause a jump to a place in memory when executed. So when we hook the specific api, we place this code inside of the exported function causing an unconditional jump when the export is called.

    apihook.c
    Code:
     #include <windows.h>
    #include <stdio.h>
    
    DWORD HookFunction(LPCSTR lpModule, LPCSTR lpFuncName, LPVOID lpFunction, unsigned char *lpBackup);
    BOOL UnHookFunction(LPCSTR lpModule, LPCSTR lpFuncName, unsigned char *lpBackup);
    int MyMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType);
    
    BYTE hook[6];
    
    
    void WinMainCRTStartup()
    {
    
    	HookFunction("user32.dll", "MessageBoxA", MyMessageBoxA, hook);
    
    	MessageBox(0, "HEY", "", MB_OK);
    
    }
    
    int MyMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
    {
    	UnHookFunction("user32.dll", "MessageBoxA", hook);
    
    	char msg[strlen(lpText)];
    	sprintf(msg, "HOOKED!!nn%s", lpText);
    
    	int x = MessageBox(hWnd, msg, lpCaption, uType);
    
    	HookFunction("user32.dll", "MessageBoxA", MyMessageBoxA, hook);
    	return x;
    }
    
    
    
    DWORD HookFunction(LPCSTR lpModule, LPCSTR lpFuncName, LPVOID lpFunction, unsigned char *lpBackup)
    {
    	DWORD dwAddr = (DWORD)GetProcAddress(GetModuleHandle(lpModule), lpFuncName);
    	BYTE jmp[6] = { 0xe9,	//jmp
    		0x00, 0x00, 0x00, 0x00,	//address
    		0xc3
    	};	//retn
    
    	ReadProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, lpBackup, 6, 0);
    
    	DWORD dwCalc = ((DWORD)lpFunction - dwAddr - 5);	//((to)-(from)-5)
    
    	memcpy(&jmp[1], &dwCalc, 4);	//build the jmp
    
    	WriteProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, jmp, 6, 0);
    
    	return dwAddr;
    }
    
    BOOL UnHookFunction(LPCSTR lpModule, LPCSTR lpFuncName, unsigned char *lpBackup)
    {
    	DWORD dwAddr = (DWORD)GetProcAddress(GetModuleHandle(lpModule), lpFuncName);
    
    	if (WriteProcessMemory(GetCurrentProcess(), (LPVOID)dwAddr, lpBackup, 6, 0))
    		return TRUE;
    
    	return FALSE;
    }
    Author: ANUBIS

    Please register or login to download attachments.

    Please, post your questions on forum, not by PM or mail

    I spend my time, so please pay a little bit of your time to keep world in equilibrium

  2. The Following 2 Users Say Thank You to Dwar For This Useful Post:


  3. #2
    joneele
    joneele is offline
    Guest
    Join Date
    2012 Sep
    Posts
    2
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0
    thanks, I wonder why that ex did not work with me, i got 2 errors

    lnk1120
    lnk2019

    and another one with strlen
    even with changing the character set

    underVS2010

    can you check it again?

  4. #3
    misko2k
    misko2k is offline
    Guest
    Join Date
    2012 Oct
    Posts
    2
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0
    Do you have sample what is working under 64 platform

  5. #4
    danielc
    danielc is offline
    New member
    Join Date
    2013 May
    Posts
    16
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    1
    Thanked in
    1 Post
    Rep Power
    0
    Dwar yo the best

Similar Threads

  1. [C++] Beginner's Guide to Hooking
    By Dwar in forum Programming Tutorials
    Replies: 4
    Last Post: 2017-08-11, 12:25 AM
  2. [C++] DirectX9.0 Hooking via Detours
    By Dwar in forum D3D Programming
    Replies: 1
    Last Post: 2010-11-29, 04:14 PM
  3. [Asm] IAT Hooking
    By Dwar in forum Programming Tutorials
    Replies: 1
    Last Post: 2010-11-29, 04:12 PM
  4. [Tutorial] API Hooking (Force OpenGL windowed)
    By Genz in forum Programming Tutorials
    Replies: 0
    Last Post: 2010-11-29, 04:07 PM
  5. Function Hooking, Video Tutorial
    By Dwar in forum Programming Tutorials
    Replies: 1
    Last Post: 2010-11-29, 03:59 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •