APIHijack – A Library for Easy DLL Function Hooking.

Based on DelayLoadProfileDLL.CPP, by Matt Pietrek for MSJ February 2000. This code is intended to be included in a DLL inserted through a global Windows Hook (CBT hook for example). It will replace functions from other DLLs (e.g. DDRAW.DLL) with functions from your DLL.

Functions are hooked by passing a parameter structure to the HookAPICalls() function as follows:


// Hook structure.
SDLLHook D3DHook =
{
“DDRAW.DLL”,
false, NULL, // Default hook disabled, NULL function pointer.
{
{ “DirectDrawCreate”, MyDirectDrawCreate },
{ NULL, NULL }
}
};

BOOL APIENTRY DllMain( HINSTANCE hModule,
DWORD fdwReason,
LPVOID lpReserved )
{
// When initializing….
if ( fdwReason == DLL_PROCESS_ATTACH )
{
hDLL = hModule;

// We don’t need thread notifications for what we’re doing.
// Thus, get rid of them, thereby eliminating some of the
// overhead of this DLL
DisableThreadLibraryCalls( hModule );

// Only hook the APIs if this is the Everquest process.
GetModuleFileName( GetModuleHandle( NULL ),
Work,
sizeof(Work) );
PathStripPath( Work );

if ( stricmp( Work, “myhooktarget.exe” ) == 0 )
HookAPICalls( &D3DHook );
}

return TRUE;
}

Now all that remains is to get your DLL loaded into the target process. The MSDN has a few good articles on Windows hooks, which are the preferred way to get an arbitrary DLL loaded into a process:

http://msdn.microsoft.com/library/techart/msdn_hooks32.htm

Also, the article from which this code is based shows another way to do it, which involves loading the process to be hooked as a debug target:

http://msdn.microsoft.com/library/periodic/period00/hood0200.htm

Downloads

Download source code and demo project – 102 Kb

More by Author

Previous article
Next article

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends & analysis

Must Read