Click here to Skip to main content
15,883,705 members
Search within:


Articles / Programming Languages / C++
 

HookAPI source code

Rate me:
Please Sign up or sign in to vote.
3.09/5 (36 votes)
31 Jan 20052 min read 389.9K   9.6K   117  
A system wide api source code for windows api hook developpers
 
// ------------------------------------- //
// �����Ҫʹ�ñ��ļ����벻Ҫɾ����˵��  //
// ------------------------------------- //
//             HOOKAPI ��������          //
//   Copyright 2002 ���ɳ�� Paladin     //
//       www.ProgramSalon.com            //
// ------------------------------------- //

#include "stdafx.h"
#include <winsock2.h>
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <lmcons.h>
#include <lmalert.h>
#include "mydll.h"
#include <nb30.h>
#include "util.h"
#include "const.h"
#include "cryptfilter.h"

CryptFilter g_CryptFilter;

BOOL APIENTRY DllMain( HANDLE hModule, 
                       DWORD  ul_reason_for_call, 
                       LPVOID lpReserved
					 )
{
	switch(ul_reason_for_call)
	{
	case DLL_PROCESS_ATTACH:
		GetProfileString("HookAPI", "dll_path", "", g_szDllPath, sizeof(g_szDllPath));
		GetFileName(g_szAppBaseName);
		strupr(g_szAppBaseName);
		break;
	}

	return TRUE;
}

int WINAPI mysocket(int af, int type, int protocol)
{
	WriteLog("mysocket, af=%d, type=%d, protocol=%d", af, type, protocol);

	return socket(af, type, protocol);
}

struct hostent * WINAPI mygethostbyname (const char * name)
{
	// filter IE url
	WriteLog("gethostbyname:name:%s", name);
	return gethostbyname(name);
}

int WINAPI myaccept(SOCKET s, struct sockaddr *pname, int *pnamelen)
{
	int port =GetLocalPortBySocket(s);

	WriteLog("myaccept");

	int s1 =accept(s, pname, pnamelen);

	if(s1 >0)
	{
		int ov, len =sizeof(ov);
		getsockopt(s1, SOL_SOCKET, SO_ACCEPTCONN, (char *)&ov, &len);
		WriteLog("accept...%d", ov); 
	}

	return s1;
}

int WINAPI myconnect(SOCKET s, struct sockaddr *name, int namelen)
{
	struct sockaddr_in *paddr =(struct sockaddr_in *)name;

	char *ip =inet_ntoa(paddr->sin_addr);
	int port =ntohs(paddr->sin_port);
	WriteLog("connect: ip=%s, port=%d\n", ip, port);
	// check filter
	return connect(s, name, namelen);
}

// ����mysend������myrecv֧���첽��ʽ
int WINAPI myrecv(SOCKET s,	char *buf, int len, int flags)
{
	WriteLog("\nmyrecv");

	int f_crypted;
	int port =GetLocalPortBySocket(s);
	int port1 =GetRemotePortBySocket(s);
	char ip[16];
	GetRemoteIPBySocket(s, ip);
	char *buf1 =NULL;
	int recved_len;
	int ret;
	int err;

	f_crypted =g_CryptFilter.CryptCheck(ip, port, port1);
	if(f_crypted)
	{
		buf1 =(char *)malloc(len*2);
		int len2;
		if(recv(s, (char *)&len2, sizeof(len2), flags) !=sizeof(len2))
		{
			err =WSAGetLastError();
			free(buf1);
			WSASetLastError(err);
			return -1;
		}
		len =ntohl(len2);
		WriteLog("myrecv:len=%d", len);
		int len1;
		time_t t1, t2;
		time(&t1);
		t2 =t1;
		recved_len =0;
		while(t2-t1 <10 && recved_len <len)
		{
			len2 =recv(s, (char *)buf, len-recved_len, flags);
			if(len2 >0)
				recved_len +=len2;
			time(&t2);
		}
		err =WSAGetLastError();
		WriteLog("recved_len:%d", recved_len);
		if(recved_len <=0)
		{
			free(buf1);
			WSASetLastError(err);
			return -1;
		}
		WriteLog("DecryptData...");
		ret =g_CryptFilter.DecryptData(buf, recved_len, buf1, &len1);
		if(ret >0)
		{
			memcpy(buf, buf1, len1);
			recved_len =len1;
		}
		else if(ret <0)
		{
			free(buf1);
			WSASetLastError(-1);
			return -1;
		}
		WriteLog("DecryptData ret:%d", ret);
		free(buf1);
		WSASetLastError(err);
	}
	else
		recved_len =recv(s, (char *)buf, len, flags);

	return recved_len;
}

int WINAPI mysend(SOCKET s,	char *buf, int len,	int flags)
{
	WriteLog("\nmysend");

	int f_crypted;
	int port =GetLocalPortBySocket(s);
	int port1 =GetRemotePortBySocket(s);
	char ip[16];
	GetRemoteIPBySocket(s, ip);
	char *buf1 =NULL;
	int ret, ret_len =len;

	f_crypted =g_CryptFilter.CryptCheck(ip, port, port1);
	if(f_crypted)
	{
		buf1 =(char *)malloc(len*2);
		int len1;
		WriteLog("CryptData...");
		ret =g_CryptFilter.CryptData(buf, len, buf1, &len1);
		if(ret >0)
		{
			memcpy(buf, buf1, len1);
			len =len1;
		}
		else if(ret <0)
		{
			free(buf1);
			WSASetLastError(-1);
			return -1;
		}
		WriteLog("Crypt ret:%d", ret);
		free(buf1);
		int len2 =htonl(len);
		if(send(s, (char *)&len2, sizeof(len2), flags) !=sizeof(len2))
			return -1;
		WriteLog("send len=%d", len);
	}

	if(send(s, (char *)buf, len, flags) !=len)
		ret_len =-1;
	return ret_len;
}

int WINAPI mysendto (SOCKET s, char FAR * buf, int len, int flags, struct sockaddr FAR * to, int tolen)
{
	WriteLog("mysendto");
	return sendto(s, buf, len, flags, to, tolen);
}

int WINAPI myrecvfrom (SOCKET s, char FAR * buf, int len, int flags, struct sockaddr FAR * from, int *fromlen)
{
	WriteLog("mysendto");
	return recvfrom(s, buf, len, flags, from, fromlen);
}

HINSTANCE WINAPI myLoadLibraryA(char *name)
{
	char fname[128];
	GetModuleFileName(NULL, fname, sizeof(fname));
	WriteLog("%s,LoadLibraryA:%s", fname, name);
	return LoadLibraryA(name);
}

HINSTANCE WINAPI myLoadLibraryW(LPWSTR name)
{
	char fname[128];
	GetModuleFileName(NULL, fname, sizeof(fname));

	char aname[128];
	WideCharToMultiByte( CP_ACP, 0, name, -1, aname, 128,NULL,NULL); 
	WriteLog("%s,LoadLibraryW:%s", fname, aname);

	return LoadLibraryW(name);
}

FARPROC WINAPI myGetProcAddress(HMODULE hMod, char *name)
{
	char fname[128];
	GetModuleFileName(NULL, fname, sizeof(fname));
	if(strstr(fname, "HookAPI") ==NULL)
		WriteLog("%s,GetProcAddress:%s", fname, name);
	return GetProcAddress(hMod, name);
}

int WINAPI myNetbios(PNCB pncb)
{
	WriteLog("Netbios");

	return Netbios(pncb);
}

int WINAPI myNetAlertRaise(	LPWSTR event_name, LPVOID buf, DWORD buf_len)
{
	WriteLog("myNetAlertRaise...");
	return NetAlertRaise(event_name, buf, buf_len);
}

int WINAPI myWSHOpenSocket(	int *family, int *type, int *protocol, LPWSTR device_name, LPVOID *context, LPDWORD event)
{
	WriteLog("WSHOpenSocket:event=%d", *event);

	HMODULE hMod=GetModuleHandle("WSHTcpip.dll");
	if(hMod ==NULL) return -1;
	WSHOPENSOCKET WSHOpenSocket =(WSHOPENSOCKET)GetProcAddress(hMod, "WSHOpenSocket");
	if(WSHOpenSocket ==NULL) return -1;

	return WSHOpenSocket(family, type, protocol, device_name, context,event);
}

int WINAPI myWSHOpenSocket2(int *family, int *type, int *protocol, int group, int flags, LPWSTR device_name, LPVOID *context, LPDWORD event)
{
	WriteLog("WSHOpenSocket2");

	HMODULE hMod=GetModuleHandle("WSHTcpip.dll");
	if(hMod ==NULL) return -1;
	WSHOPENSOCKET2 WSHOpenSocket2 =(WSHOPENSOCKET2)GetProcAddress(hMod, "WSHOpenSocket2");
	if(WSHOpenSocket2 ==NULL) return -1;

	return WSHOpenSocket2(family, type, protocol, group, flags, device_name, context,event);
}

int WINAPI myWSHNotify(	PVOID context, int sock, HANDLE ao, HANDLE co, DWORD event)
{
	
	HMODULE hMod=GetModuleHandle("WSHTcpip.dll");
	if(hMod ==NULL) return -1;
	WSHNOTIFY WSHNotify =(WSHNOTIFY)GetProcAddress(hMod, "WSHNotify");

	WriteLog("myWSHNotify:event=%d", event);

	return WSHNotify(context, sock, ao, co, event);
}

// test hookprocess
int WINAPI myExitProcess(int exit_code)
{
	char mod_name[128];

	WriteLog("myExitProcess:exit_code=%d", exit_code);
	GetModuleFileName(NULL, mod_name, sizeof(mod_name));
	if(!strstr(mod_name, "hookprocess"))
	{
		ExitProcess(exit_code);
	}
	return 0;
}


DWORD WINAPI myCreateProcessW(
	LPCWSTR lpApplicationName,
	LPWSTR lpCommandLine, 
	LPSECURITY_ATTRIBUTES lpProcessAttributes,
	LPSECURITY_ATTRIBUTES lpThreadAttributes,
	BOOL bInheritHandles,
	DWORD dwCreationFlags,
	LPVOID lpEnvironment,
	LPCWSTR lpCurrentDirectory,
	LPSTARTUPINFOW lpStartupInfo,
	LPPROCESS_INFORMATION lpProcessInformation
)
{
	char cmd[600];
	int len =WideCharToMultiByte( CP_ACP, 0, lpCommandLine, -1, cmd, 128,NULL,NULL); 
	cmd[len] =0;

	BOOL ifsuccess = CreateProcessW(lpApplicationName,
		lpCommandLine, lpProcessAttributes,
		lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment,
		lpCurrentDirectory, lpStartupInfo, lpProcessInformation);
	DWORD err =GetLastError();
	if(ifsuccess)
	{
		//HWND hWndNotify =FindWindow("HookAPINotify", NULL);
		//if(hWndNotify) PostMessage(hWndNotify, WM_APP+100, lpProcessInformation->dwProcessId, 0L);
		/*ResumeThread(lpProcessInformation->hThread);
		int ret=WaitForInputIdle(lpProcessInformation->hProcess, INFINITE);
		ResumeThread(lpProcessInformation->hThread);
		HANDLE hProcess=lpProcessInformation->hProcess;
		if((int)SuspendThread(lpProcessInformation->hThread) !=-1)
		{
		//if(is_nt)
		{
			char szdll[128];
			wsprintf(szdll, "%s\\mydll.dll", g_szDllPath);
		WriteLog("CreateProcessW: InjectLib %s", szdll);
			InjectLib(hProcess, szdll, TRUE);
			wsprintf(szdll, "%s\\HookAPINT.dll", g_szDllPath);
		WriteLog("CreateProcessW: InjectLib %s", szdll);
			InjectLib(hProcess, szdll, TRUE);
		}
		ResumeThread(lpProcessInformation->hThread);
		}
		WriteLog("CreateProcessW:%s, wait ret=%d, processid=%d", cmd, ret,lpProcessInformation->dwProcessId);
		*/
	}
	else WriteLog("CreateProcessW failed:%s", cmd);
	SetLastError(err);
	return (DWORD)ifsuccess;
}

DWORD WINAPI myCreateProcessA(
	LPCSTR lpApplicationName,
	LPSTR lpCommandLine, 
	LPSECURITY_ATTRIBUTES lpProcessAttributes,
	LPSECURITY_ATTRIBUTES lpThreadAttributes,
	BOOL bInheritHandles,
	DWORD dwCreationFlags,
	LPVOID lpEnvironment,
	LPCSTR lpCurrentDirectory,
	LPSTARTUPINFO lpStartupInfo,
	LPPROCESS_INFORMATION lpProcessInformation
)
{
	WriteLog("myCreateProcessA, cmd=%s", lpCommandLine);

	BOOL ifsuccess = CreateProcessA(lpApplicationName, lpCommandLine, lpProcessAttributes,
		lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment,
		lpCurrentDirectory, lpStartupInfo, lpProcessInformation);
	//WriteLog("CreateProcessA ok! ifsuccess=%d", ifsuccess);
	if(ifsuccess)
	{
		HANDLE hProcess =lpProcessInformation->hProcess;

		//if(is_nt)
		{
			//InjectLib(hProcess, "mydll.dll", TRUE);
			//InjectLib(hProcess, "HookAPINT.dll", TRUE);
		}
	}
	else
	{
		DWORD err;
		err =GetLastError();
		WriteLog("CreateProcessA failed:err=%d, cmd=%s\n", err, lpCommandLine);
		SetLastError(err);
	}
	return (DWORD)ifsuccess;
}

MYAPIINFO myapi_info[] =
{
	{"WSOCK32.DLL", "socket(a,b,c)", "mysocket"},
	{"WSOCK32.DLL", "accept(a,b,c)", "myaccept"},
	{"WSOCK32.DLL", "connect(SOCKET, struct sockaddr *, INT)", "myconnect"},
	{"WSOCK32.DLL", "recv(INT, char *, INT, INT)", "myrecv"},
	{"WSOCK32.DLL", "send(INT, char *, INT, INT)", "mysend"},
	{"WSOCK32.DLL", "sendto(INT, char *, INT, INT, struct sockaddr *, int)", "mysendto"},
	{"WSOCK32.DLL", "recvfrom(INT, char *, INT, INT, struct sockaddr *, int)", "myrecvfrom"},
	{"WSOCK32.DLL", "gethostbyname(char *)", "mygethostbyname"},
	//{"WSHTCPIP.DLL", "WSHOpenSocket(int *, int *, int *, LPWSTR, LPVOID *, LPDWORD)", "myWSHOpenSocket"},
	//{"WSHTCPIP.DLL", "WSHOpenSocket2(int *, int *, int *, int, int, LPWSTR, LPVOID *, LPDWORD)", "myWSHOpenSocket2"},
	//{"WSHTCPIP.DLL", "WSHNotify(PVOID, int, HANDLE, HANDLE, DWORD)", "myWSHNotify"},
	//{"NETAPI32.DLL", "Netbios(PNCB)", "myNetbios"},
	//{"KERNEL32.DLL", "LoadLibraryA(char *)", "myLoadLibraryA"},
	//{"KERNEL32.DLL", "ExitProcess(int)", "myExitProcess"},
	//{"KERNEL32.DLL", "CreateProcessA(1,2,3,4,5,6,7,8,9,10)", "myCreateProcessA"},
	//{"KERNEL32.DLL", "CreateProcessW(1,2,3,4,5,6,7,8,9,10)", "myCreateProcessW"},
	{NULL,NULL,NULL}
};

MYAPIINFO *GetMyAPIInfo()
{
	return &myapi_info[0];
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here


Written By
pudn.com
Web Developer
China China
An old C programmer in China.

Comments and Discussions

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 21 Jan 2005

Article Copyright 2005 by pudn.com
Everything else Copyright © CodeProject, 1999-2024

Web01 2.8:2024-04-02:1