Click here to Skip to main content
Click here to Skip to main content
Search within:



 
Comments & Discussions (131)

HookAPI source code

By , 31 Jan 2005
 

Introduction

HookAPI is the API SDK that sets up system wide hooks for all windows platforms. It could easily hook 32-bit windows system APIs or 32-bit user-defined DLL. It could be used easily and all you need to do is write a DLL file named mydll.dll or mydll_9x.dll. It is based on ApiSpy32 by Yariv Kaplan.

The code injects two DLLs into the destination application. The first DLL, HookAPIxx.dll, updates the API's first 5 bytes: 

 papi[0] =0xE8;
 *(DWORD *)&papi[1] =(DWORD)ProcessCall -(DWORD)papi -CALL_BYTES_SIZE;

The nother DLL mydllxxx.dll, runs the new API instead of the old API, like this sample to hook the socket function:
int WINAPI mysocket(int af, int type, int protocol)
{
   WriteLog("debug mysocket, af=%d, type=%d, protocol=%d", af, type, protocol);

   return socket(af, type, protocol);
}

And HookAPIxx.dll hooks the CreateProcessW/CreateProcessA functions, so it can catch the creation of new processes and inject the two DLLs:

#ifdef WINNT
   if(!strcmp(pinfo->api_name, "CreateProcessW") || 
      !strcmp(pinfo->api_name, "CreateProcessA") )
   {
      pi =(PROCESS_INFORMATION *)pdwParam[9];
      if(pi->hProcess)
      {
          InjectLib(pi->hProcess, fname);  // hook new process<CODE>
</CODE>      }
   }
#endif

If you want to use it, then load the first DLL HookAPIxx.dll. If it's an NT system(WinNT/XP/200x), you should call function HookAllProcess() in the DLL and call UnhookAllProcess when you exit. There are other functions in the DLL, like HookOneProcess, HookOneProcess2 to hook one application on NT system.

mydllxx.dll is loaded by HookAPIxx.dll when HookAPIxx.dll is initialized, and then makes the hook: 

CHookAPI::CHookAPI()
{
   LoadMyDll(); 
   Init();
   HookAllAPI();
}
It includes the following parts:
  • HookAPI SDK full source codes

  • many examples source codes, such as;

  1. Hook socket functions like socket, send, recv, connect, ...

  2. Hook file functions like CreateFile, ReadFile, ...

  3. Hook registry functions like RegOpenKey, RegQueryValue, RegQueryValueEx, ...

  4. Delphi sample for Hook socket function

  5. Delphi sample for Hook file function

  6. Hook ExitWindowsEx

  7. Hook LoadLibrary and GetProcAddress

  8. Hook GDI functions like TextOut, ExtTextOut

  9. Hook Shell API function like SHBrowseForFolder, SHGetFileInfo, ...

  10. Hiden Processes sample, it can hide processes, task managers cannot find it

  11. Filter Advertisement bar sample, it can filter AD bar of IE or other network application, or filter the data from some ports of TCP/UDP

  12. Message Filter sample, it can filter some messages of the windows

  13. Execute file manager sample, it can forbide some files open, execute, and hidden some folders or files

  14. Net encrypt sample, it can encrypt all the application that wrriten with socket. With this, you will not need encrypt in your application.

  15. hook a ship game to auto drop bomb and auto elude bullet

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

About the Author

 pudn.com
Web Developer
China China
Member
An old C programmer in China.

Article Top
 
Sign Up to vote   Poor Excellent
Add a reason or comment to your vote: x
Votes of 3 or less require a comment

Comments and Discussions

 
You must Sign In to use this message board.
Search this forum  
    Spacing  Noise  Layout  Per page   
FirstPrevNext
Generalwhen I hook same process for second time and close app window process also closed :( [modified]membertruestepper15 Jan '08 - 8:28 
when I hook and close app window process is also closed sometimes Frown | :(
for exmple charmap.exe with hook textout. What could it be?
 
modified on Tuesday, January 15, 2008 3:01:14 PM
Sign In·View Thread·Permalink
GeneralRe: when I hook same process for second time and close app window process also closed :(memberprogramsalon24 Feb '08 - 15:22 
try latest version:
http://www.pudn.com/HookAPI1.70.rar
Sign In·View Thread·Permalink
AnswerRe: when I hook same process for second time and close app window process also closed :(membertruestepper24 Feb '08 - 23:08 
Actually I've found what is the problem: 1. I'm hooking ExtTextOut, and there is such situation: When program inside MyDll.dll in myExtTextOut function and I'm trying to unload this dll from proccess throug CreateRemoteThread it unloads dll in which program currently situated, so Exception takes place. As I understand I have to hook WndProc and to handle special message (something like WM_SLEEP3SECONDS), so it will not draw anything, and to unload MyDll during this Sleep. And then unhook WndProc.
Sign In·View Thread·Permalink
GeneralHook socket example..memberherlimam7 Jan '08 - 16:20 
Hi,
I want to ask two questions.
In Hook socket example..
Question(1):
Can I use the hooked socket send data? Not upon on on-going mysend or mysendto function, Is using this socket connection send additional myself data.
 
My question means that,
use the following hooked "SOCKET s" , send additional myself data.
 
int WINAPI mysend(SOCKET s, char *buf, int len, int flags)
int WINAPI mysendto (SOCKET s, char FAR * buf, int len, int flags, struct sockaddr FAR * to, int tolen)
 
Question(2):
What is the difference between mysend or mysendto function?
which one is peer to peer sending? How does mysendto function send?
Sign In·View Thread·Permalink
GeneralRe: Hook socket example..memberprogramsalon24 Feb '08 - 15:13 
you can send yourself data anywhere when function hooked because the send function is the old api in mysend().
 
mysendto is sending UDP packet when no connected, send is using in UDP or TCP connection.
Sign In·View Thread·Permalink
GeneralHook a DLLmemberZorro937317 Jan '08 - 3:07 
How can i Hook a DLL, when i just have the Handle to it ?
Sign In·View Thread·Permalink
QuestionHow to avoid the Anti-Virus Software?memberwangk070519 Dec '07 - 14:50 
In fact,most anti-virus software have the function that block the use of "CreateRemoteThread",so HookAPI here would be blocked.How to avoid this pls?
Thanks!
Sign In·View Thread·Permalink
GeneralRe: How to avoid the Anti-Virus Software?memberprogramsalon24 Feb '08 - 15:19 
you can check CreateRemoteThread api's asm code, if it's possible to insert jmp code in other position instead of the start position, (in hookapi's some struct's startpos !=0), or it's should check LoadLibraryA/W
Sign In·View Thread·Permalink
GeneralIt supports Win9x/NT/XP/2003/Vista.memberalva.shi26 Nov '07 - 16:50 
I find Hook API is updated at web site. The web site remark with bold letter, “It supports Win9x/NT/XP/2003/Vista.”
Can It's really be hooked the application on Windows Vista?
 
I've already test on Windows Vista with (Hook API SDK Trial v1.20 ) & (v.1.7). It can't work.
 
I want to buy the source code. How can I communicate with the owner??


Sign In·View Thread·Permalink
GeneralRe: It supports Win9x/NT/XP/2003/Vista.memberprogramsalon28 Nov '07 - 15:48 
I never said it support Vista, and there is no Trial version, it's full freely, if somebody said, I think he's a theft.
Sign In·View Thread·Permalink
Generalvisual c++ 2005memberchmouc219 Nov '07 - 7:39 
can you transform the project to a visual c++ 2005 project please
Sign In·View Thread·Permalink
GeneralRe: visual c++ 2005memberhnxthuyao19 Nov '07 - 17:04 
when i transform the project to .NET2005.i find something wrong.
1. the project folder of EXE can't run well.
2. InstHook.dll and injlib.dll i can not found when i download the file.
could you sengd this two file for me?
my e-mail huyao520@hotmail.com think you!
Sign In·View Thread·Permalink
QuestionIt conflicts with Explorer.exe process sometimesmemberwangk070514 Sep '07 - 19:37 
On some machines,it went on well.But on the others,it conflicts with exploere.exe process,I'll have to filter it in HookAPINT.dll.but in some applications,explorer.exe can not be ignored.
All the machines are installed with Windows XP SP2
Need Help!Thanks!
Sign In·View Thread·Permalink
AnswerRe: It conflicts with Explorer.exe process sometimesmemberprogramsalon16 Sep '07 - 7:13 
you should use lasted version 1.7:
http://www.pudn.com/HookAPI1.70.rar
Sign In·View Thread·Permalink
GeneralRe: It conflicts with Explorer.exe process sometimesmemberSloanCode14 Sep '08 - 12:29 
Hello.
 
It still crashes on hooking explorer.exe. On some PCs it doesn't.
Trying to figure out why. Crash happens in the RemoveProtection function of HookAPI.cpp, right on this line:
ret =VirtualProtect(papi, 20, dwProtectionFlags, &dwScratch);
 
br,
wz.
Sign In·View Thread·Permalink
GeneralHook on Windows Vistamemberalva.shi9 Sep '07 - 15:29 
Can I hook the application on Windows Vista?
Or do you have schedule for this?
thanks.
Sign In·View Thread·Permalink
GeneralRe: Hook on Windows Vistamemberprogramsalon16 Sep '07 - 7:14 
I have no vista installed, it's too expensive for me.
Sign In·View Thread·Permalink
GeneralRe: Hook on Windows Vistamemberalva.shi22 Nov '07 - 19:46 
I find Hook API is updated at web site. The web site remark with bold letter, “It supports Win9x/NT/XP/2003/Vista.”
Can It's really can be hooked the application on Windows Vista?
I want to buy the source code.
Sign In·View Thread·Permalink
Generalto download the full lastest versionmemberprogramsalon10 Aug '07 - 17:20 
http://www.pudn.com/HookAPI1.70.rar
Sign In·View Thread·Permalink
GeneralApplications not opening in Windows XP SP2.memberAttVis16 Apr '07 - 0:20 
Hi,
I have started using the hookapi. I have got a Windows XP SP2 installed in my dual-core PC. I have also kept my computer updated with all XP hotfixes. I find that many applications fail to open at all!! Once (and if) they open, everything seems to be fine from then onwards. I am using the latest one (version 1.7) with all the fixes available.
 
Applications which fail to open are RDP (mstsc.exe), iexplore.exe, wordpad, etc.
Does someone have a solution for my problem?
 
Thanks.
 
Aspiring developer
Sign In·View Thread·Permalink
GeneralRe: Applications not opening in Windows XP SP2.memberwangk070519 Dec '07 - 15:03 
WinXP SP2 has a mechanism called "DEP"
Just try to google it and you'll find the answer
Sign In·View Thread·Permalink
Generalcodememberxiyaa11 Mar '07 - 23:40 
hey any know vistas source code
 
push against pull
Sign In·View Thread·Permalink
QuestionAmd Environmentmemberyuchul520 Jan '07 - 21:22 
Sleepy | :zzz: Hi Friend
i have two com.
Amd Turion 64bit cpu / windows 2003 sp1-32bit
Intel pentium4 32bit(hyperthreading) / windows 2003 sp1-32bit
 
it run perfectly on intel platform
but.. it invoke blue screen on amd platform
this hook program have cpu dependency??
plz tell me..
Sign In·View Thread·Permalink
Generalto download new versionmemberprogramsalon28 Dec '06 - 1:46 
to download new version 1.7 of HookAPI, goto http://www.codeexchange.net
Sign In·View Thread·Permalink
QuestionRe: to download new versionmemberzantoy4 Oct '07 - 23:45 
Hello !
 
I can not found the version 1.7 of HookAPI on http://www.codeexchange.net??
Can you update the codeprojet source code please?
Sign In·View Thread·Permalink
Last Visit: 31 Dec '99 - 18:00     Last Update: 18 May '13 - 20:44Refresh123456 Next »

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

About Article
A system wide api source code for windows api hook developpers
Type Article
Licence 
First Posted 21 Jan 2005
Views 282,450
Bookmarked 109 times
Top News

Math Primers for Programmers

Get the Insider News free each morning.
Related Videos
MVC 3: Custom HTML Helper Methods
Objective-C: XCode Source Control Views and Utility Toolbar
Fun with the Matrix code and Markov chains
Get The HTML Source of Any Web Page
Counting Lines in a MS VC++ 6.0 project
Generate Automated Builds for Source Code from Multiple Branches using Team Foundation Server and Team Builds
Converting VS2010 Solution to VS2008
XCrypt - encryption & decryption class wrapper
Message with style
.NET Mass Downloader - Download the .NET Framework Source Code
Free tool for selection of source code control provider in Visual Studio
How to determine corresponding source line from offset number
Replace in Files AddIn
Chat With US DI
String Helpers
How to use symbol server? (and why you really like to do it...)
Huffman Coding Class
Per Pixel Alpha Blend in C#
Code Counter Tool
WPF Dependency Property: Compatible with XAML Binding and Code Behind Binding.
EasiReports
How does it work in Mono's C# compiler?
Permalink | Advertise | Privacy | Mobile
Web03 | 2.6.130516.1 | Last Updated 31 Jan 2005
Article Copyright 2005 by pudn.com
Everything else Copyright © CodeProject, 1999-2013
Terms of Use
Layout: fixed | fluid