C # r3 Inline hook

Objective

Wife like to play in the QQ game tractor, and installed a card small software, open when a few IE page loaded many ads, so that I remove the ads. Think you can use OD for NOP filling, you can also write API hooks to replace the call of ShellExecute function, have seen someone use Hex editor to modify the ShellExecute function, but for many years C #, and many other original unfamiliar have forgotten, Forced to choose the API hook this way. Choosing this API hook also faces many challenges, how to remotely inject, how to get the remote process to load the. NET assembly, how to complete the API hook work, online search of Microsoft's detours library, to meet API hook requirements, due to non-bancor origin, So starting from the 0 base, we use VC to encapsulate and export the detours library to. NET to make PInvoke calls (formerly Delphi).

Solution Solutions

1. Use C + + to write Core.dll This dynamic connection library, encapsulate the functions of the Detours library and export, while opening C + +/CLI, using managed code to write reflection loading and executing external. NET assembly's main entry function;

2, external. NET assemblies use PInvoke call Core.dll to complete API hooks;

3, and then write a Main.dll dynamic connection library, DllMain create a line preempted Core.dll, so Core.dll load and run the specified. NET assembly.

Core.dll function

Remote injection and Hook API

More Convenient Package

The above main.dll is for remote injection, Core.dll is the detours package, and also the. NET assembly loader, in order to make it easier to use core.dll, I wrote an assembly called CoreNet.dll with. NET, which encapsulates Core.dll's exported function, providing APi hooks, Window hooks, and injection-related methods.

Create the process and inject the Dotnet_apihook.dll Example:

Inject.injecttoprocess ("TargetProcess.exe"null"dotnet_ ApiHook.dll");

Dotnet_apihook.dll code example, here is the hook MessageBoxW function:

 Public classProgram {[Unmanagedfunctionpointer (Callingconvention.stdcall, CharSet=CharSet.Unicode)]Private Delegate intMessageBoxW (INTPTR hwnd,stringTextstringCaptioninttype); Private StaticHookresult<messageboxw>MessageBoxW; /// <summary>        ///Assembly Entry Function/// </summary>        /// <param name= "args" ></param>         Public Static voidMain (string[] args) {MessageBoxW= Hook.hookapi<messageboxw> ("user32.dll","MessageBoxW", Messageboxw_proxy); }        Private Static intMessageboxw_proxy (INTPTR hwnd,stringTextstringCaptioninttype) {            returnMessageBoxW.TargetApi.Invoke (hwnd,"[Hook]"+ Text,"[Hook]"+ caption, type = =0?1: type); }    }

Code download

Of course, all the code, including my crappy part of the unmanaged code, and the online transcription, as well. NET, all take out to everybody to see, the project already put in the HTTPS://GITHUB.COM/XLJIULANG/HOOKSLN

If you want to download only the compiled good can click here to download

Other projects: high-performance, highly scalable socket components

C # r3 Inline hook