Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles
 
(untagged)

HookImportFunctionByName v1.0

0.00/5 (No votes)
3 Mar 2000 1  
A class to hook any imported function call made by your app.
  • Download source files - 6 Kb

    • Introduction

    Enclosed is MFC source code for a function which can be used to hook any imported function call which your application makes. Since most of the Win32 API is implemented using import functions in dlls, this means that you hook Win32 API calls. This is useful when for example you want to be called for every call to the file system (::CreateFile() & CloseHandle()) which your app makes. This example of hooking the file system calls your app makes could form the basis of code to ensure you do not have any handle leaks in your application. You could also use this code to spy on COM port activity in remote processes by injecting the DLL into the remote process.

    The code is based on the code developed by John Robbins for his "BugSlayer" articles in the MSJ magazine. I have removed the dependencies on his other DLL functions, converted the code to MFC and addition of numerous ASSERTs.


    History
    API
    Planned Enhancements
    Contacting the Author


    History

    V1.0 (24 December 1999)
    • Initial Public Release.


    API

    The API consists of the single global function:

    HookImportFunctionsByName

    HookImportFunctionsByName

    BOOL HookImportFunctionsByName(HMODULE hModule, LPCSTR szImportMod, UINT uiCount, LPHOOKFUNCDESC paHookArray, PROC* paOrigFuncs, UINT* puiHooked);

    Return Value:
    TRUE if the specified API call(s) were hooked, therwise FALSE. To get extended error information, call ::GetLastError().

    Parameters:

    • hModule -- This is the instance handle of the process calling the function. Normally in MFC you can obtain this from the function AfxGetInstanceHandle().
    • szImportMod -- This is the name of the module which contains the functions which you want to hook. e.g. for hooking file system calls, this would be KERNEL32.DLL.
    • uiCount -- This is the size of the paHookArray parameter.
    • paHookArray -- This is an array which specifies what functions to hook. The members of the HOOKFUNCDESC are "szFunc", which is the name of your function to hook, and "pProc", which is a function pointer to the function which you want to have called instead of normal unhooked case.
    • paOrigFuncs -- Upon successful return this will contain the original unhooked function pointers. These would be useful if you want to pass the request onto the original function after your hook function has been called.
    • puiHooked -- Upon return this will contain the number of functions which were hooked. This will be less than or equal to "uiCount".

    Remarks:
    If you are hooked standard Win32 API calls then make sure that your hook function is using the right calling convention namely STDCALL. This is one of the most common problems encountered when using the hooking function.



    Planned Enhancements

    • Provide a sample app. I started using this code for a number of private contracts which I have been working on. Some ideas for sample apps would be a serial port monitor, a file system monitor to do the same as the Filemon application on the System Internals Web site.
    • If you have any other suggested improvements, please let me know so that I can incorporate them into the next release.


    Contacting the Author

    PJ Naughter
    Email: pjn@indigo..ie
    Web: http://www.naughter.com
    24 November 1999


    License

    This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

    A list of licenses authors might use can be found here



    Permalink

    Privacy
    Cookies
    Terms of Use
    Layout: fixed | fluid

    Article Copyright 2000 by PJ Naughter
    Everything else Copyright © CodeProject, 1999-2024

    Web01 2.8:2024-10-19:1