HookAPI source code

pudn.com

Rate me:

3.09/5 (36 votes)

31 Jan 20052 min read

390.3K

9.6K

117

132

A system wide api source code for windows api hook developpers

Download demo project - 499 Kb

Introduction

HookAPI is the API SDK that sets up system wide hooks for all windows platforms. It could easily hook 32-bit windows system APIs or 32-bit user-defined DLL. It could be used easily and all you need to do is write a DLL file named mydll.dll or mydll_9x.dll. It is based on ApiSpy32 by Yariv Kaplan.

The code injects two DLLs into the destination application. The first DLL, HookAPIxx.dll, updates the API's first 5 bytes:

papi[0] =0xE8;
*(DWORD *)&papi[1] =(DWORD)ProcessCall -(DWORD)papi -CALL_BYTES_SIZE;

The nother DLL mydllxxx.dll, runs the new API instead of the old API, like this sample to hook the socket function:

int WINAPI mysocket(int af, int type, int protocol)
{
   WriteLog("debug mysocket, af=%d, type=%d, protocol=%d", af, type, protocol);

   return socket(af, type, protocol);
}

And HookAPIxx.dll hooks the CreateProcessW/CreateProcessA functions, so it can catch the creation of new processes and inject the two DLLs:

#ifdef WINNT
   if(!strcmp(pinfo->api_name, "CreateProcessW") || 
      !strcmp(pinfo->api_name, "CreateProcessA") )
   {
      pi =(PROCESS_INFORMATION *)pdwParam[9];
      if(pi->hProcess)
      {
          InjectLib(pi->hProcess, fname);  // hook new process<CODE>
</CODE>      }
   }
#endif

If you want to use it, then load the first DLL HookAPIxx.dll. If it's an NT system(WinNT/XP/200x), you should call function HookAllProcess() in the DLL and call UnhookAllProcess when you exit. There are other functions in the DLL, like HookOneProcess, HookOneProcess2 to hook one application on NT system.

mydllxx.dll is loaded by HookAPIxx.dll when HookAPIxx.dll is initialized, and then makes the hook:

CHookAPI::CHookAPI()
{
   LoadMyDll(); 
   Init();
   HookAllAPI();
}

It includes the following parts:

HookAPI SDK full source codes
many examples source codes, such as;

Hook socket functions like socket, send, recv, connect, ...

Hook file functions like CreateFile, ReadFile, ...

Hook registry functions like RegOpenKey, RegQueryValue, RegQueryValueEx, ...

Delphi sample for Hook socket function

Delphi sample for Hook file function

Hook ExitWindowsEx

Hook LoadLibrary and GetProcAddress

Hook GDI functions like TextOut, ExtTextOut

Hook Shell API function like SHBrowseForFolder, SHGetFileInfo, ...

Hiden Processes sample, it can hide processes, task managers cannot find it

Filter Advertisement bar sample, it can filter AD bar of IE or other network application, or filter the data from some ports of TCP/UDP

Message Filter sample, it can filter some messages of the windows

Execute file manager sample, it can forbide some files open, execute, and hidden some folders or files

Net encrypt sample, it can encrypt all the application that wrriten with socket. With this, you will not need encrypt in your application.

hook a ship game to auto drop bomb and auto elude bullet

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

Written By

pudn.com

Web Developer

China

An old C programmer in China.

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

HookAPI source code

Introduction

License

Comments and Discussions