Click here to Skip to main content
15,867,488 members
Articles / Desktop Programming / MFC
Article

HookImportFunctionByName v1.0

Rate me:
Please Sign up or sign in to vote.
4.78/5 (11 votes)
3 Mar 2000 213.3K   2.8K   66   42
A class to hook any imported function call made by your app.
  • Download source files - 6 Kb
  • Introduction

    Enclosed is MFC source code for a function which can be used to hook any imported function call which your application makes. Since most of the Win32 API is implemented using import functions in dlls, this means that you hook Win32 API calls. This is useful when for example you want to be called for every call to the file system (::CreateFile() & CloseHandle()) which your app makes. This example of hooking the file system calls your app makes could form the basis of code to ensure you do not have any handle leaks in your application. You could also use this code to spy on COM port activity in remote processes by injecting the DLL into the remote process.

    The code is based on the code developed by John Robbins for his "BugSlayer" articles in the MSJ magazine. I have removed the dependencies on his other DLL functions, converted the code to MFC and addition of numerous ASSERTs.


    History
    API
    Planned Enhancements
    Contacting the Author


    History

    V1.0 (24 December 1999)
    • Initial Public Release.


    API

    The API consists of the single global function:

    HookImportFunctionsByName

    HookImportFunctionsByName

    BOOL HookImportFunctionsByName(HMODULE hModule, LPCSTR szImportMod, UINT uiCount, LPHOOKFUNCDESC paHookArray, PROC* paOrigFuncs, UINT* puiHooked);

    Return Value:
    TRUE if the specified API call(s) were hooked, therwise FALSE. To get extended error information, call ::GetLastError().

    Parameters:

    • hModule -- This is the instance handle of the process calling the function. Normally in MFC you can obtain this from the function AfxGetInstanceHandle().
    • szImportMod -- This is the name of the module which contains the functions which you want to hook. e.g. for hooking file system calls, this would be KERNEL32.DLL.
    • uiCount -- This is the size of the paHookArray parameter.
    • paHookArray -- This is an array which specifies what functions to hook. The members of the HOOKFUNCDESC are "szFunc", which is the name of your function to hook, and "pProc", which is a function pointer to the function which you want to have called instead of normal unhooked case.
    • paOrigFuncs -- Upon successful return this will contain the original unhooked function pointers. These would be useful if you want to pass the request onto the original function after your hook function has been called.
    • puiHooked -- Upon return this will contain the number of functions which were hooked. This will be less than or equal to "uiCount".

    Remarks:
    If you are hooked standard Win32 API calls then make sure that your hook function is using the right calling convention namely STDCALL. This is one of the most common problems encountered when using the hooking function.



    Planned Enhancements

    • Provide a sample app. I started using this code for a number of private contracts which I have been working on. Some ideas for sample apps would be a serial port monitor, a file system monitor to do the same as the Filemon application on the System Internals Web site.
    • If you have any other suggested improvements, please let me know so that I can incorporate them into the next release.


    Contacting the Author

    PJ Naughter
    Email: pjn@indigo..ie
    Web: http://www.naughter.com
    24 November 1999


    License

    This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

    A list of licenses authors might use can be found here


    Written By
    United States United States
    This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.

    Comments and Discussions

     
    GeneralThanx for the article Pin
    bnc2-May-09 19:58
    bnc2-May-09 19:58 
    QuestionSerial port monitor Pin
    Mariano Capezzani30-Apr-08 10:52
    Mariano Capezzani30-Apr-08 10:52 
    NewsThanks for Post Pin
    satish_abiram11-Jul-07 4:26
    satish_abiram11-Jul-07 4:26 
    Generalneed help serial port hooking Pin
    fionashrek0328-Jun-06 2:22
    fionashrek0328-Jun-06 2:22 
    GeneralMonitor WriteProcessMemory Pin
    Vitoto12-Jan-06 6:50
    Vitoto12-Jan-06 6:50 
    QuestionWho can give me a example of use HookImportFunctionByName v1.0? Pin
    dimu28-Mar-05 2:31
    dimu28-Mar-05 2:31 
    Generalkernel hooking pleas Pin
    eslamspider26-Mar-05 22:01
    eslamspider26-Mar-05 22:01 
    GeneralRe: kernel hooking pleas Pin
    pjnaughter27-Mar-05 1:38
    pjnaughter27-Mar-05 1:38 
    GeneralCAPIHook another Process Pin
    neo260077728-May-04 6:01
    neo260077728-May-04 6:01 
    GeneralRe: CAPIHook another Process Pin
    pjnaughter28-May-04 6:33
    pjnaughter28-May-04 6:33 
    GeneralRe: CAPIHook another Process Pin
    neo260077728-May-04 8:06
    neo260077728-May-04 8:06 
    GeneralRe: CAPIHook another Process Pin
    pjnaughter28-May-04 9:42
    pjnaughter28-May-04 9:42 
    GeneralRe: CAPIHook another Process Pin
    neo260077728-May-04 11:29
    neo260077728-May-04 11:29 
    GeneralCan't hook into the kernel under Win9x Pin
    Member 1390438-Oct-03 16:29
    Member 1390438-Oct-03 16:29 
    GeneralRe: Can't hook into the kernel under Win9x Pin
    pjnaughter9-Oct-03 2:30
    pjnaughter9-Oct-03 2:30 
    GeneralRe: Can't hook into the kernel under Win9x Pin
    vawksel10-Oct-03 23:41
    vawksel10-Oct-03 23:41 
    GeneralRe: Can't hook into the kernel under Win9x Pin
    vawksel10-Oct-03 23:43
    vawksel10-Oct-03 23:43 
    GeneralRe: Can't hook into the kernel under Win9x Pin
    pjnaughter11-Oct-03 6:04
    pjnaughter11-Oct-03 6:04 
    GeneralRe: Can't hook into the kernel under Win9x Pin
    vawksel11-Oct-03 9:50
    vawksel11-Oct-03 9:50 
    GeneralRe: Can't hook into the kernel under Win9x Pin
    pjnaughter12-Oct-03 4:07
    pjnaughter12-Oct-03 4:07 
    GeneralA Problem Pin
    KevinBai13-Jan-02 15:52
    KevinBai13-Jan-02 15:52 
    GeneralRe: A Problem Pin
    Tom Daffin24-Apr-03 15:40
    Tom Daffin24-Apr-03 15:40 
    GeneralRe: A Problem Pin
    espboy18-May-03 3:29
    espboy18-May-03 3:29 
    GeneralRe: A Problem Pin
    pjnaughter18-May-03 5:54
    pjnaughter18-May-03 5:54 
    GeneralRe: A Problem Pin
    dimu28-Mar-05 2:24
    dimu28-Mar-05 2:24 

    General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

    Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.