|
|
typedef struct tag_HOOKFUNCDESCA
{
// The name of the function to hook.
LPCSTR szFunc ;
// The procedure to blast in.
PROC pProc ;
} HOOKFUNCDESCA , * LPHOOKFUNCDESCA ;
typedef struct tag_HOOKFUNCDESCW
{
// The name of the function to hook.
LPCWSTR szFunc ;
// The procedure to blast in.
PROC pProc ;
} HOOKFUNCDESCW , * LPHOOKFUNCDESCW ;
#ifdef UNICODE
#define HOOKFUNCDESC HOOKFUNCDESCW
#define LPHOOKFUNCDESC LPHOOKFUNCDESCW
#else
#define HOOKFUNCDESC HOOKFUNCDESCA
#define LPHOOKFUNCDESC LPHOOKFUNCDESCA
#endif // UNICODE
/*----------------------------------------------------------------------
FUNCTION : HookImportedFunctionsByName
DISCUSSION :
Hooks the specified functions imported into hModule by the module
indicated by szImportMod. This function can be used to hook from one
to 'n' of the functions imported.
The techniques used in the function are slightly different than
that shown by Matt Pietrek in his book, "Windows 95 System Programming
Secrets." He uses the address of the function to hook as returned by
GetProcAddress. Unfortunately, while this works in almost all cases, it
does not work when the program being hooked is running under a debugger
on Windows95 (and presumably, Windows98). The problem is that
GetProcAddress under a debugger returns a "debug thunk," not the address
that is stored in the Import Address Table (IAT).
This function gets around that by using the real thunk list in the
PE file, the one not bashed by the loader when the module is loaded and
fixed up, to find where the named import is located. Once the named
import is found, then the original table is blasted to make the hook.
As the name implies, this function will only hook functions imported by
name.
PARAMETERS :
hModule - The module where the imports will be hooked.
szImportMod - The name of the module whose functions will be
imported.
uiCount - The number of functions to hook. This is the size of
the paHookArray and paOrigFuncs arrays.
paHookArray - The array of function descriptors that list which
functions to hook. At this point, the array does not
have to be in szFunc name order. Also, if a
particular pProc is NULL, then that item will just be
skipped. This makes it much easier for debugging.
paOrigFuncs - The array of original addresses that were hooked. If
a function was not hooked, then that item will be
NULL. This parameter can be NULL if the returned
information is not needed.
pdwHooked - Returns the number of functions hooked out of
paHookArray. This parameter can be NULL if the
returned information is not needed.
RETURNS :
FALSE - There was a problem, check GetLastError.
TRUE - The function succeeded. See the parameter discussion for
the output parameters.
----------------------------------------------------------------------*/
BOOL __stdcall HookImportedFunctionsByName (
HMODULE hModule ,
LPCSTR szImportMod ,
UINT uiCount ,
LPHOOKFUNCDESCA paHookArray ,
PROC * paOrigFuncs ,
LPDWORD pdwHooked ) ;
|
By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.
If a file you wish to view isn't highlighted, and is a text file (not binary), please
let us know and we'll add colourisation support for it.
This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.
A list of licenses authors might use can be found here
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.
Submit an article or tip