|
Introduction
HookAPI is the API SDK that sets up system wide hooks for all windows platforms. It could easily hook 32-bit windows system APIs or 32-bit user-defined DLL. It could be used easily and all you need to do is write a DLL file named mydll.dll or mydll_9x.dll. It is based on ApiSpy32 by Yariv Kaplan.
The code injects two DLLs into the destination application. The first DLL, HookAPIxx.dll, updates the API's first 5 bytes: papi[0] =0xE8;
*(DWORD *)&papi[1] =(DWORD)ProcessCall -(DWORD)papi -CALL_BYTES_SIZE;
The nother DLL mydllxxx.dll, runs the new API instead of the old API, like this sample to hook the socket function: int WINAPI mysocket(int af, int type, int protocol)
{
WriteLog("debug mysocket, af=%d, type=%d, protocol=%d", af, type, protocol);
return socket(af, type, protocol);
}
And HookAPIxx.dll hooks the CreateProcessW/CreateProcessA functions, so it can catch the creation of new processes and inject the two DLLs: #ifdef WINNT
if(!strcmp(pinfo->api_name, "CreateProcessW") ||
!strcmp(pinfo->api_name, "CreateProcessA") )
{
pi =(PROCESS_INFORMATION *)pdwParam[9];
if(pi->hProcess)
{
InjectLib(pi->hProcess, fname);
}
}
#endif
If you want to use it, then load the first DLL HookAPIxx.dll. If it's an NT system(WinNT/XP/200x), you should call function HookAllProcess() in the DLL and call UnhookAllProcess when you exit. There are other functions in the DLL, like HookOneProcess, HookOneProcess2 to hook one application on NT system.
mydllxx.dll is loaded by HookAPIxx.dll when HookAPIxx.dll is initialized, and then makes the hook:
CHookAPI::CHookAPI()
{
LoadMyDll();
Init();
HookAllAPI();
}It includes the following parts:
-
Hook socket functions like socket, send, recv, connect, ...
-
Hook file functions like CreateFile, ReadFile, ...
-
Hook registry functions like RegOpenKey, RegQueryValue, RegQueryValueEx, ...
-
Delphi sample for Hook socket function
-
Delphi sample for Hook file function
-
Hook ExitWindowsEx
-
Hook LoadLibrary and GetProcAddress
-
Hook GDI functions like TextOut, ExtTextOut
-
Hook Shell API function like SHBrowseForFolder, SHGetFileInfo, ...
-
Hiden Processes sample, it can hide processes, task managers cannot find it
-
Filter Advertisement bar sample, it can filter AD bar of IE or other network application, or filter the data from some ports of TCP/UDP
-
Message Filter sample, it can filter some messages of the windows
-
Execute file manager sample, it can forbide some files open, execute, and hidden some folders or files
-
Net encrypt sample, it can encrypt all the application that wrriten with socket. With this, you will not need encrypt in your application.
-
hook a ship game to auto drop bomb and auto elude bullet
| You must Sign In to use this message board. |
|
| | Msgs 1 to 25 of 129 (Total in Forum: 129) (Refresh) | FirstPrevNext |
|
 |
|
|
Attempting to run this code on a multi-core system w/ XP SP3 consistently causes BSOD. Too bad....Would have been nice if this had worked for my application. I guess I'll experiment w/ Microsoft Detours libray to see if it can do what I need...
Just trying to keep the forces of entropy at bay
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
Hello,
When I call the HookOneProcess2 to hook explorer.exe on WindowsXP,
when it call "CreateRemoteThread" the explorer.exe crashed.
Could you give any suggestion?
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
Yo do great project !! I am trying porting the HOOKAPI to WinCE environment, but many different for WinXP & WinCE , example XP use kernel32 and WinCE use coredll.dll. And can't get the module handle from "SMSS.EXE" or "CSRSS.EXE"..., do you have any experience on this ? Thanks for your answer!!
|
| Sign In·View Thread·PermaLink | 1.50/5 (2 votes) |
|
|
|
|
|
|
|
|
|
Say I have a DLL that I know a list of functions in (via a program like APIMonitor). I can hook into these functions with HookAPI, but I don't know the function prototypes, so I have trouble calling the function, plus I don't know what prototype to use for my own callback.
Are there any methods to help determine what the function prototypes are?
|
| Sign In·View Thread·PermaLink | 3.00/5 (2 votes) |
|
|
|
|
|
|
get paramerter count from asm code of dll, then write your own dll, replyed any parameter type by DWORD type.
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
If I hook into one of the TextOut functions, there is a HDC passed, which is the DC that is having the text written to it.
Is there a reliable way to determine what the HWND that is being written to is?
I've tried a few things, namely hooking into GetDC and GetDCEx, so that whenever a DC is obtained for an HWND I can store it and retrieve it during the TextOut functions. This doesn't really seem to work for me, either I have some mistakes, or something. I'm not able to reliably figure out the proper HWND.
|
| Sign In·View Thread·PermaLink | 1.00/5 (1 vote) |
|
|
|
|
|
|
|
|
|
when I hook and close app window process is also closed sometimes 
for exmple charmap.exe with hook textout. What could it be?
modified on Tuesday, January 15, 2008 3:01:14 PM
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
|
|
|
Actually I've found what is the problem: 1. I'm hooking ExtTextOut, and there is such situation: When program inside MyDll.dll in myExtTextOut function and I'm trying to unload this dll from proccess throug CreateRemoteThread it unloads dll in which program currently situated, so Exception takes place. As I understand I have to hook WndProc and to handle special message (something like WM_SLEEP3SECONDS), so it will not draw anything, and to unload MyDll during this Sleep. And then unhook WndProc.
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
Hi,
I want to ask two questions.
In Hook socket example..
Question(1):
Can I use the hooked socket send data? Not upon on on-going mysend or mysendto function, Is using this socket connection send additional myself data.
My question means that,
use the following hooked "SOCKET s" , send additional myself data.
int WINAPI mysend(SOCKET s, char *buf, int len, int flags)
int WINAPI mysendto (SOCKET s, char FAR * buf, int len, int flags, struct sockaddr FAR * to, int tolen)
Question(2):
What is the difference between mysend or mysendto function?
which one is peer to peer sending? How does mysendto function send?
|
| Sign In·View Thread·PermaLink | 1.00/5 (1 vote) |
|
|
|
|
|
|
you can send yourself data anywhere when function hooked because the send function is the old api in mysend().
mysendto is sending UDP packet when no connected, send is using in UDP or TCP connection.
|
| Sign In·View Thread·PermaLink | 2.00/5 (1 vote) |
|
|
|
|
|
|
|
|
|
In fact,most anti-virus software have the function that block the use of "CreateRemoteThread",so HookAPI here would be blocked.How to avoid this pls?
Thanks!
|
| Sign In·View Thread·PermaLink | 1.00/5 (1 vote) |
|
|
|
|
|
|
you can check CreateRemoteThread api's asm code, if it's possible to insert jmp code in other position instead of the start position, (in hookapi's some struct's startpos !=0), or it's should check LoadLibraryA/W
|
| Sign In·View Thread·PermaLink | 1.25/5 (3 votes) |
|
|
|
|
|
|
I find Hook API is updated at web site. The web site remark with bold letter, “It supports Win9x/NT/XP/2003/Vista.”
Can It's really be hooked the application on Windows Vista?
I've already test on Windows Vista with (Hook API SDK Trial v1.20 ) & (v.1.7). It can't work.
I want to buy the source code. How can I communicate with the owner??
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
I never said it support Vista, and there is no Trial version, it's full freely, if somebody said, I think he's a theft.
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
|
|
|
when i transform the project to .NET2005.i find something wrong.
1. the project folder of EXE can't run well.
2. InstHook.dll and injlib.dll i can not found when i download the file.
could you sengd this two file for me?
my e-mail huyao520@hotmail.com think you!
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
On some machines,it went on well.But on the others,it conflicts with exploere.exe process,I'll have to filter it in HookAPINT.dll.but in some applications,explorer.exe can not be ignored.
All the machines are installed with Windows XP SP2
Need Help!Thanks!
|
| Sign In·View Thread·PermaLink | 2.00/5 (1 vote) |
|
|
|
|
|
|
|
|
|
Hello.
It still crashes on hooking explorer.exe. On some PCs it doesn't.
Trying to figure out why. Crash happens in the RemoveProtection function of HookAPI.cpp, right on this line:
ret =VirtualProtect(papi, 20, dwProtectionFlags, &dwScratch);
br,
wz.
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
|
|
|
|
|
|
 General  News  Question  Answer  Joke  Rant  Admin
|
