C # inline-hook/api-hook,

C # inline-hook/api-hook,

I checked the relevant C # documents, but I did not find any information about api-hook.

Including the application library. Therefore, I wrote a set of inline-hook libraries to support x64 and x86 based on

Common clr languages, such as c #, c ++ clr, and vb.net, can all use this class library to change the underlying api execution.

Line result. If we need to create a packet capture tool or intercept functions internally called by an ActiveX object

It is widely used. Some people use SPI when making the "packet capture" tool, but it can also be implemented through this technology.

The CB_MessageBox function is redirected when MessageBox. Show ("Hello world", "Advapi32") is called.

The MessageBox. Show () method calls the MessageBoxW function in the lower layer. If you do not believe it, try it.

 

[Csharp]View plaincopy

1. [DllImport ("user32", EntryPoint = "MessageBoxW", CharSet = CharSet. Unicode)]
2. Public static extern int MessageBox (IntPtr hWnd, string lpText, string lpCaption, uint uType );
4. [STAThread]
5. Static void Main (string [] args)
6. {
7. InlineHook ich = new InlineHook ();
8. Ich. Install (ich. GetProcAddress ("user32", "MessageBoxW"), ich. GetProcAddress (new MessageBoxW (CB_MessageBox )));
9. // MessageBox. Show ("Hello world", "Advapi32 ");
10. MessageBox (IntPtr. Zero, "Hello world", "Advapi32", 0 );
11. Console. ReadKey (false );
12. }

The result of the above code execution is the same as that at the top. This class library provides two types of. net 2/4

 

Different class libraries basically meet the development needs, but this one has always been in the C ++ aspect. However, I believe that in the future

C # will do this, but it is better to provide the Class Library earlier than to wait for the class library to be provided.

I will study how to implement it in my class library. Although the class library is slightly obfuscated, you will not study it.

It is very difficult, but I am too lazy to discuss how to implement the DLL in the lower layer, it is not copyrighted information, very

Simple: you cannot see any information in the attribute, except for an internal name, so you do not

The following describes the function interfaces and definitions exported in InlineHook.

 

InlineHook. GetProcAddress (string strLibraryName, string strMethodName) // obtain the function address (library file, function name)

InlineHook. GetProcAddress (System. Delegate d) // obtain the function address (valid Delegate)

InlineHook. Install (System. IntPtr oldMethodAddress, System. IntPtr newMethodAddress) // Install the hook (source function address, new function address)

 

InlineHook. Resume () // restore hook

InlineHook. Suspend () // suspends the hook

InlineHook. Uninstall () // Uninstall the hook

Sample:

CAT (inline-hook) http://pan.baidu.com/s/1kTKjFPt // example address contains class library

Each version folder contains two different libraries, x86 and x64. If you have any questions about using this class library, you can leave a message below you.