Click here to Skip to main content
12,702,886 members (31,520 online)
Click here to Skip to main content

Stats

2M views
58.6K downloads
1.2K bookmarked
Posted

API hooking revealed

, 2 Dec 2002 CPOL
The article demonstrates how to build a user mode Win32 API spying system
//---------------------------------------------------------------------------
//
// NtInjectorThread.cpp
//
// SUBSYSTEM: 
//				API Hooking system
// MODULE:    
//				Implements a thread that uses an NT device driver
//              for monitoring process creation
//
// DESCRIPTION:
//
// AUTHOR:		Ivo Ivanov (ivopi@hotmail.com)
//                                                                         
//---------------------------------------------------------------------------
#include "NtInjectorThread.h"
#include "Injector.h"

//---------------------------------------------------------------------------
//
// class CNtInjectorThread
//
//---------------------------------------------------------------------------
CNtInjectorThread::CNtInjectorThread(CRemThreadInjector* pInjector):
	CNtProcessMonitor(),
	m_pInjector(pInjector)
{

}

CNtInjectorThread::~CNtInjectorThread()
{

}


void CNtInjectorThread::OnCreateProcess(DWORD dwProcessId)
{
	m_pInjector->InjectModuleInto(dwProcessId);
}

void CNtInjectorThread::OnTerminateProcess(DWORD dwProcessId)
{
	//
	// We shouldn't eject the module here, because the process
	// already has been terminated, meaning that the DLL probably
	// is unloaded or possibly the process is not running anymore.
	//
}

//----------------------------End of the file -------------------------------

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Ivo Ivanov
United States United States
I specialize in OS Internals and Reverse Engineering.
Before joining my current employer I used to run a security blog for malware analysis: http://vinsula.com/security-blog

You may also be interested in...

| Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.170118.1 | Last Updated 3 Dec 2002
Article Copyright 2002 by Ivo Ivanov
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid