HookAPI source code

• Download demo project - 499 Kb

Introduction

HookAPI is the API SDK that sets up system wide hooks for all windows platforms. It could easily hook 32-bit windows system APIs or 32-bit user-defined DLL. It could be used easily and all you need to do is write a DLL file named mydll.dll or mydll_9x.dll. It is based on ApiSpy32 by Yariv Kaplan.

The code injects two DLLs into the destination application. The first DLL, HookAPIxx.dll, updates the API's first 5 bytes:

 papi[0] =0xE8;
 *(DWORD *)&papi[1] =(DWORD)ProcessCall -(DWORD)papi -CALL_BYTES_SIZE;

The nother DLL mydllxxx.dll, runs the new API instead of the old API, like this sample to hook the socket function:

int WINAPI mysocket(int af, int type, int protocol)
{
   WriteLog("debug mysocket, af=%d, type=%d, protocol=%d", af, type, protocol);

   return socket(af, type, protocol);
}

And HookAPIxx.dll hooks the CreateProcessW/CreateProcessA functions, so it can catch the creation of new processes and inject the two DLLs:

#ifdef WINNT
   if(!strcmp(pinfo->api_name, "CreateProcessW") || 
      !strcmp(pinfo->api_name, "CreateProcessA") )
   {
      pi =(PROCESS_INFORMATION *)pdwParam[9];
      if(pi->hProcess)
      {
          InjectLib(pi->hProcess, fname);  // hook new process<CODE>

      }
   }
#endif

If you want to use it, then load the first DLL HookAPIxx.dll. If it's an NT system(WinNT/XP/200x), you should call function HookAllProcess() in the DLL and call UnhookAllProcess when you exit. There are other functions in the DLL, like HookOneProcess, HookOneProcess2 to hook one application on NT system.

mydllxx.dll is loaded by HookAPIxx.dll when HookAPIxx.dll is initialized, and then makes the hook:

CHookAPI::CHookAPI()
{
   LoadMyDll(); 
   Init();
   HookAllAPI();
}

It includes the following parts:

• HookAPI SDK full source codes

• many examples source codes, such as;

1. Hook socket functions like socket, send, recv, connect, ...

2. Hook file functions like CreateFile, ReadFile, ...

3. Hook registry functions like RegOpenKey, RegQueryValue, RegQueryValueEx, ...

4. Delphi sample for Hook socket function

5. Delphi sample for Hook file function

6. Hook ExitWindowsEx

7. Hook LoadLibrary and GetProcAddress

8. Hook GDI functions like TextOut, ExtTextOut

9. Hook Shell API function like SHBrowseForFolder, SHGetFileInfo, ...

10. Hiden Processes sample, it can hide processes, task managers cannot find it

11. Filter Advertisement bar sample, it can filter AD bar of IE or other network application, or filter the data from some ports of TCP/UDP

12. Message Filter sample, it can filter some messages of the windows

13. Execute file manager sample, it can forbide some files open, execute, and hidden some folders or files

14. Net encrypt sample, it can encrypt all the application that wrriten with socket. With this, you will not need encrypt in your application.

15. hook a ship game to auto drop bomb and auto elude bullet

You must Sign In to use this message board.

FAQ    Noise Tolerance Very HighHighMediumLowVery Low   Layout Expand Posts & RepliesThread ViewNo JavascriptNo JS + Preview   Per page 102550

Msgs 1 to 25 of 130 (Total in Forum: 130) (Refresh) FirstPrevNext

BSoD RedZenBird 6:37 21 Jul '08   Attempting to run this code on a multi-core system w/ XP SP3 consistently causes BSOD. Too bad....Would have been nice if this had worked for my application. I guess I'll experiment w/ Microsoft Detours libray to see if it can do what I need... Just trying to keep the forces of entropy at bay Sign In·View Thread·PermaLink Re: BSoD Wizardtop 22:42 30 Nov '08   this problem fixed in version 1.7 Sign In·View Thread·PermaLink Hook explorer.exe crash Member 3969375 20:50 15 Jun '08   Hello, When I call the HookOneProcess2 to hook explorer.exe on WindowsXP, when it call "CreateRemoteThread" the explorer.exe crashed. Could you give any suggestion? Sign In·View Thread·PermaLink 2.00/5 (1 vote) HOOKAPI on WinCE 6.0 Stiven Wang 16:56 20 Mar '08   Yo do great project !! I am trying porting the HOOKAPI to WinCE environment, but many different for WinXP & WinCE , example XP use kernel32 and WinCE use coredll.dll. And can't get the module handle from "SMSS.EXE" or "CSRSS.EXE"..., do you have any experience on this ? Thanks for your answer!! Sign In·View Thread·PermaLink 1.50/5 (2 votes) Re: HOOKAPI on WinCE 6.0 programsalon 17:22 4 Apr '08   I have no experience on wince Sign In·View Thread·PermaLink 2.00/5 (2 votes) Hooking into an undocumented API rusty brooks 7:35 16 Jan '08   Say I have a DLL that I know a list of functions in (via a program like APIMonitor). I can hook into these functions with HookAPI, but I don't know the function prototypes, so I have trouble calling the function, plus I don't know what prototype to use for my own callback. Are there any methods to help determine what the function prototypes are? Sign In·View Thread·PermaLink 3.00/5 (2 votes) Re: Hooking into an undocumented API programsalon 16:05 24 Feb '08   get paramerter count from asm code of dll, then write your own dll, replyed any parameter type by DWORD type. Sign In·View Thread·PermaLink Find window handle from TextOut functions rusty brooks 12:32 15 Jan '08   If I hook into one of the TextOut functions, there is a HDC passed, which is the DC that is having the text written to it. Is there a reliable way to determine what the HWND that is being written to is? I've tried a few things, namely hooking into GetDC and GetDCEx, so that whenever a DC is obtained for an HWND I can store it and retrieve it during the TextOut functions. This doesn't really seem to work for me, either I have some mistakes, or something. I'm not able to reliably figure out the proper HWND. Sign In·View Thread·PermaLink 1.50/5 (2 votes) Re: Find window handle from TextOut functions programsalon 16:06 24 Feb '08   CDC::GetWindow() Sign In·View Thread·PermaLink when I hook same process for second time and close app window process also closed :( [modified] truestepper 9:28 15 Jan '08   when I hook and close app window process is also closed sometimes for exmple charmap.exe with hook textout. What could it be? modified on Tuesday, January 15, 2008 3:01:14 PM Sign In·View Thread·PermaLink Re: when I hook same process for second time and close app window process also closed :( programsalon 16:22 24 Feb '08   try latest version: http://www.pudn.com/HookAPI1.70.rar Sign In·View Thread·PermaLink Re: when I hook same process for second time and close app window process also closed :( truestepper 0:08 25 Feb '08   Actually I've found what is the problem: 1. I'm hooking ExtTextOut, and there is such situation: When program inside MyDll.dll in myExtTextOut function and I'm trying to unload this dll from proccess throug CreateRemoteThread it unloads dll in which program currently situated, so Exception takes place. As I understand I have to hook WndProc and to handle special message (something like WM_SLEEP3SECONDS), so it will not draw anything, and to unload MyDll during this Sleep. And then unhook WndProc. Sign In·View Thread·PermaLink Hook socket example.. herlimam 17:20 7 Jan '08   Hi, I want to ask two questions. In Hook socket example.. Question(1): Can I use the hooked socket send data? Not upon on on-going mysend or mysendto function, Is using this socket connection send additional myself data. My question means that, use the following hooked "SOCKET s" , send additional myself data. int WINAPI mysend(SOCKET s, char *buf, int len, int flags) int WINAPI mysendto (SOCKET s, char FAR * buf, int len, int flags, struct sockaddr FAR * to, int tolen) Question(2): What is the difference between mysend or mysendto function? which one is peer to peer sending? How does mysendto function send? Sign In·View Thread·PermaLink 1.00/5 (1 vote) Re: Hook socket example.. programsalon 16:13 24 Feb '08   you can send yourself data anywhere when function hooked because the send function is the old api in mysend(). mysendto is sending UDP packet when no connected, send is using in UDP or TCP connection. Sign In·View Thread·PermaLink 2.00/5 (1 vote) Hook a DLL Zorro93731 4:07 7 Jan '08   How can i Hook a DLL, when i just have the Handle to it ? Sign In·View Thread·PermaLink 1.00/5 (1 vote) How to avoid the Anti-Virus Software? wangk0705 15:50 19 Dec '07   In fact,most anti-virus software have the function that block the use of "CreateRemoteThread",so HookAPI here would be blocked.How to avoid this pls? Thanks! Sign In·View Thread·PermaLink 1.33/5 (3 votes) Re: How to avoid the Anti-Virus Software? programsalon 16:19 24 Feb '08   you can check CreateRemoteThread api's asm code, if it's possible to insert jmp code in other position instead of the start position, (in hookapi's some struct's startpos !=0), or it's should check LoadLibraryA/W Sign In·View Thread·PermaLink 1.25/5 (3 votes) It supports Win9x/NT/XP/2003/Vista. alva.shi 17:50 26 Nov '07   I find Hook API is updated at web site. The web site remark with bold letter, “It supports Win9x/NT/XP/2003/Vista.” Can It's really be hooked the application on Windows Vista? I've already test on Windows Vista with (Hook API SDK Trial v1.20 ) & (v.1.7). It can't work. I want to buy the source code. How can I communicate with the owner?? Sign In·View Thread·PermaLink Re: It supports Win9x/NT/XP/2003/Vista. programsalon 16:48 28 Nov '07   I never said it support Vista, and there is no Trial version, it's full freely, if somebody said, I think he's a theft. Sign In·View Thread·PermaLink visual c++ 2005 chmouc2 8:39 19 Nov '07   can you transform the project to a visual c++ 2005 project please Sign In·View Thread·PermaLink 1.00/5 (2 votes) Re: visual c++ 2005 hnxthuyao 18:04 19 Nov '07   when i transform the project to .NET2005.i find something wrong. 1. the project folder of EXE can't run well. 2. InstHook.dll and injlib.dll i can not found when i download the file. could you sengd this two file for me? my e-mail huyao520@hotmail.com think you! Sign In·View Thread·PermaLink It conflicts with Explorer.exe process sometimes wangk0705 20:37 14 Sep '07   On some machines,it went on well.But on the others,it conflicts with exploere.exe process,I'll have to filter it in HookAPINT.dll.but in some applications,explorer.exe can not be ignored. All the machines are installed with Windows XP SP2 Need Help!Thanks! Sign In·View Thread·PermaLink 2.00/5 (1 vote) Re: It conflicts with Explorer.exe process sometimes programsalon 8:13 16 Sep '07   you should use lasted version 1.7: http://www.pudn.com/HookAPI1.70.rar Sign In·View Thread·PermaLink 1.00/5 (1 vote) Re: It conflicts with Explorer.exe process sometimes SloanCode 13:29 14 Sep '08   Hello. It still crashes on hooking explorer.exe. On some PCs it doesn't. Trying to figure out why. Crash happens in the RemoveProtection function of HookAPI.cpp, right on this line: ret =VirtualProtect(papi, 20, dwProtectionFlags, &dwScratch); br, wz. Sign In·View Thread·PermaLink Hook on Windows Vista alva.shi 16:29 9 Sep '07   Can I hook the application on Windows Vista? Or do you have schedule for this? thanks. Sign In·View Thread·PermaLink 2.00/5 (3 votes)

Last Visit: 23:15 8 Nov '09     Last Update: 23:15 8 Nov '09 123456 Next »