HookAPI source code, 32-bit windows system API 후킹
Posted 2010/01/14 18:02|
|
|
댓글 하나가 운영자에겐 커다란 힘이 됩니다!
출처 : http://www.codeproject.com/KB/system/Paladin.aspx
Introduction
HookAPI is the API SDK that sets up system wide hooks for all windows platforms. It could easily hook 32-bit windows system APIs or 32-bit user-defined DLL. It could be used easily and all you need to do is write a DLL file named mydll.dll or mydll_9x.dll. It is based on ApiSpy32 by Yariv Kaplan.
The code injects two DLLs into the destination application. The first DLL, HookAPIxx.dll, updates the API's first 5 bytes:
papi[0] =0xE8; *(DWORD *)&papi[1] =(DWORD)ProcessCall -(DWORD)papi -CALL_BYTES_SIZE;
The nother DLL mydllxxx.dll, runs the new API instead of the old API, like this sample to hook the
socket function:
int WINAPI mysocket(int af, int type, int protocol) { WriteLog("debug mysocket, af=%d, type=%d, protocol=%d", af, type, protocol); return socket(af, type, protocol); }
And HookAPIxx.dll hooks the CreateProcessW/CreateProcessA functions, so it can catch the creation of new processes and inject the two DLLs:
#ifdef WINNT if(!strcmp(pinfo->api_name, "CreateProcessW") || !strcmp(pinfo->api_name, "CreateProcessA") ) { pi =(PROCESS_INFORMATION *)pdwParam[9]; if(pi->hProcess) { InjectLib(pi->hProcess, fname); // hook new process<CODE> } } #endif
If you want to use it, then load the first DLL HookAPIxx.dll. If it's an NT system(WinNT/XP/200x), you should call function HookAllProcess() in the DLL and call UnhookAllProcess when you exit. There are other functions in the DLL, like HookOneProcess, HookOneProcess2 to hook one application on NT system.
mydllxx.dll is loaded by HookAPIxx.dll when HookAPIxx.dll is initialized, and then makes the hook:
CHookAPI::CHookAPI()
{
LoadMyDll();
Init();
HookAllAPI();
}It includes the following parts:
- HookAPI SDK full source codes
-
many examples source codes, such as;
Hook socket functions like socket,
send,recv,connect, ...Hook file functions like
CreateFile,ReadFile, ...Hook registry functions like
RegOpenKey,RegQueryValue,RegQueryValueEx, ...Delphi sample for Hook socket function
Delphi sample for Hook file function
Hook
ExitWindowsExHook
LoadLibraryandGetProcAddressHook GDI functions like
TextOut,ExtTextOutHook Shell API function like
SHBrowseForFolder,SHGetFileInfo, ...Hiden Processes sample, it can hide processes, task managers cannot find it
Filter Advertisement bar sample, it can filter AD bar of IE or other network application, or filter the data from some ports of TCP/UDP
Message Filter sample, it can filter some messages of the windows
Execute file manager sample, it can forbide some files open, execute, and hidden some folders or files
Net encrypt sample, it can encrypt all the application that wrriten with socket. With this, you will not need encrypt in your application.
hook a ship game to auto drop bomb and auto elude bullet
위의 정보가 도움이 되셨나요? 그렇다면 댓글 하나만 남겨주세요.
댓글 하나가 운영자에겐 커다란 힘이 됩니다!
- Filed under : 프로그래밍/MFC & Win32
- Comment Trackback
