Function hooks for any process in Windows XP operating system-API hook

Source: Internet
Author: User
Shaoji (Machine of cahua Shusheng) 12:17:56 on VC/MFC/ Process/thread/DLLQuestion API hook cainiao: Windows XP operating system function hook
-------------- Hook any function of any process
Step 1: Prepare the tool
1. VC ++ development tools; 2. Microsoft Research detours package (version 1.5) includes detours. h and detours. Lib.
Step 2: implementation
1. Inject the DLL to the target process. For example:

# Include "stdafx. H"
# Include "hookother. H"
# Include "hookotherdlg. H"
# Include "detours. H"
# Include "tlhelp32.h"

// Find the window whose name is hookwindow and hookwindow is the process to be linked.
Hwnd thread_hwnd =: findwindow (null, hookwindow );
If (null = thread_hwnd)
{
// If no corresponding program is found, exit the hook installer.
: MessageBox (null, "the linked window cannot be found", "the window cannot be found", mb_ OK );
Return false;
}
// Snapshot takes a snapshot of all processes in the system and finds the process to be linked.

Processentry32 pe32 = {0 };
Pe32.dwsize = sizeof (processentry32 );
DWORD process_id;
Handle hsnapshot;
Bool bfind = false;
// Processentry32: Describes the struct of a module applied by a specified process.
Hsnapshot = createconlhelp32snapshot (th32cs_snapprocess, 0 );

Bool Bok = process32first (hsnapshot, & pe32 );
While (Bok &&(! Bfind ))
{
If (0 =: lstrcmpia (pe32.szexefile, hookmoudle ))
{
// Obtain the ID of the process to be linked and prepare the parameters required by OpenProcess.
Process_id = pe32.th32processid;
: MessageBox (null, pe32.szexefile, "hook process:", mb_ OK );
Bfind = true;
}
Bok = process32next (hsnapshot, & pe32 );
}
If (null = process_id)
{
: MessageBox (null, "the ID of the linked process is empty", "the process ID is empty", mb_ OK );
Return false;
}
: Closehandle (hsnapshot );
Handle hprocess =: OpenProcess (process_all_access, false, process_id );
If (null = hprocess)
{
: MessageBox (null, "the hook process is empty", "hprocess is empty", mb_ OK );
Return false;
}


If (! Detourcontinueprocesswithdlla (hprocess, szdllpath ))
{
: MessageBox (null, "detourcontinueprocesswithdll_fail", "failed", mb_ OK );
Return false;
}

2. Replace the function of the target process. Implemented in the dllmain function of hookdll. dll,
As follows:


// Hookdll. cpp: defines the entry point for the DLL application.
//
# Include "stdafx. H"
# Include "imagehlp. H"
# Include "detours. H"
//
# Pragma comment (Lib, "imagehlp") // defines the global shared data segment

# Pragma data_seg ("shared ")
Hmodule hmodcaller = NULL; // the module to call the Function
Proc pfnold = NULL; // Original Function address
Proc pfnnew = NULL; // new function address
# Pragma data_seg ()

# Pragma comment (linker, "/section: shared, RWS") // you can specify the attribute of the global shared data segment.

// To do handle


# Ifdef _ debug
# Define new debug_new
# UNDEF this_file
Static char this_file [] = _ file __;
# Endif

Bool apientry dllmain (handle hmodule,
DWORD ul_reason_for_call,
Lpvoid lpreserved
)
{

If (ul_reason_for_call = dll_process_attach)
{
If (! (Pfnold =: getprocaddress (: getmodulehandle ("dialogdll. dll"), "showdlg ")))

Return false;
If (! (Pfnnew =: getprocaddress (: getmodulehandle ("hookdll. dll"), "hookdialog ")))
Return false;
Detourfunction (pbyte) pfnold, (pbyte) pfnnew); // Replace the Function

}
Return true;

}

// New dialog
// New dialog box function, used to replace the old dialog box
Void hookdialog ()
{
// A new dialog box is displayed.
: MessageBox (null, "this is the new dialog box from other DLL", "Other DLL dialog", mb_ OK );
// Call the original dialog box
Pfnold ();

}
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.