Click here to Skip to main content
12,623,027 members (36,639 online)
Click here to Skip to main content

Stats

2M views
58.3K downloads
1.2K bookmarked
Posted

API hooking revealed

, 2 Dec 2002 CPOL
The article demonstrates how to build a user mode Win32 API spying system
//---------------------------------------------------------------------------
//
// NtInjectorThread.h
//
// SUBSYSTEM: 
//				API Hooking system
// MODULE:    
//				Implements a thread that uses an NT device driver
//              for monitoring process creation
//
// DESCRIPTION:
//
// AUTHOR:		Ivo Ivanov (ivopi@hotmail.com)
//                                                                         
//---------------------------------------------------------------------------
#if !defined(_NTINJECTORTHREAD_H_)
#define _NTINJECTORTHREAD_H_

#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000

//---------------------------------------------------------------------------
//
// Includes
//
//---------------------------------------------------------------------------

#include "NtProcessMonitor.h"

//---------------------------------------------------------------------------
//
// Forward declararions
//
//---------------------------------------------------------------------------

class CRemThreadInjector;

//---------------------------------------------------------------------------
//
// class CNtInjectorThread
//
//---------------------------------------------------------------------------
class CNtInjectorThread: public CNtProcessMonitor  
{
public:
	CNtInjectorThread(CRemThreadInjector* pInjector);
	virtual ~CNtInjectorThread();
private:
	virtual void OnCreateProcess(DWORD dwProcessId);
	virtual void OnTerminateProcess(DWORD dwProcessId);
	CRemThreadInjector* m_pInjector;
};

#endif // !defined(_NTINJECTORTHREAD_H_)
//----------------------------End of the file -------------------------------

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Ivo Ivanov
United States United States
I specialize in OS Internals and Reverse Engineering.
Before joining my current employer I used to run a security blog for malware analysis: http://vinsula.com/security-blog

You may also be interested in...

| Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.161128.1 | Last Updated 3 Dec 2002
Article Copyright 2002 by Ivo Ivanov
Everything else Copyright © CodeProject, 1999-2016
Layout: fixed | fluid