Introduction
HookAPI is the API SDK that sets up system wide hooks for all windows platforms. It could easily hook 32-bit windows system APIs or 32-bit user-defined DLL. It could be used easily and all you need to do is write a DLL file named mydll.dll or mydll_9x.dll. It is based on ApiSpy32 by Yariv Kaplan.
The code injects two DLLs into the destination application. The first DLL, HookAPIxx.dll, updates the API's first 5 bytes:
papi[0] =0xE8;
*(DWORD *)&papi[1] =(DWORD)ProcessCall -(DWORD)papi -CALL_BYTES_SIZE;
The nother DLL
mydllxxx.dll, runs the new API instead of the old API, like this sample to hook the
socket function:
int WINAPI mysocket(int af, int type, int protocol)
{
WriteLog("debug mysocket, af=%d, type=%d, protocol=%d", af, type, protocol);
return socket(af, type, protocol);
}
And HookAPIxx.dll hooks the CreateProcessW/CreateProcessA functions, so it can catch the creation of new processes and inject the two DLLs:
#ifdef WINNT
if(!strcmp(pinfo->api_name, "CreateProcessW") ||
!strcmp(pinfo->api_name, "CreateProcessA") )
{
pi =(PROCESS_INFORMATION *)pdwParam[9];
if(pi->hProcess)
{
InjectLib(pi->hProcess, fname);
}
}
#endif
If you want to use it, then load the first DLL HookAPIxx.dll. If it's an NT system(WinNT/XP/200x), you should call function HookAllProcess() in the DLL and call UnhookAllProcess when you exit. There are other functions in the DLL, like HookOneProcess, HookOneProcess2 to hook one application on NT system.
mydllxx.dll is loaded by HookAPIxx.dll when HookAPIxx.dll is initialized, and then makes the hook:
CHookAPI::CHookAPI()
{
LoadMyDll();
Init();
HookAllAPI();
}It includes the following parts:
-
Hook socket functions like socket, send, recv, connect, ...
-
Hook file functions like CreateFile, ReadFile, ...
-
Hook registry functions like RegOpenKey, RegQueryValue, RegQueryValueEx, ...
-
Delphi sample for Hook socket function
-
Delphi sample for Hook file function
-
Hook ExitWindowsEx
-
Hook LoadLibrary and GetProcAddress
-
Hook GDI functions like TextOut, ExtTextOut
-
Hook Shell API function like SHBrowseForFolder, SHGetFileInfo, ...
-
Hiden Processes sample, it can hide processes, task managers cannot find it
-
Filter Advertisement bar sample, it can filter AD bar of IE or other network application, or filter the data from some ports of TCP/UDP
-
Message Filter sample, it can filter some messages of the windows
-
Execute file manager sample, it can forbide some files open, execute, and hidden some folders or files
-
Net encrypt sample, it can encrypt all the application that wrriten with socket. With this, you will not need encrypt in your application.
-
hook a ship game to auto drop bomb and auto elude bullet
