APIHijack - A Library for Easy DLL Function Hooking.


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

Based on DelayLoadProfileDLL.CPP, by Matt Pietrek for MSJ February 2000. This code is intended to be included in a DLL inserted through a global Windows Hook (CBT hook for example). It will replace functions from other DLLs (e.g. DDRAW.DLL) with functions from your DLL.

Functions are hooked by passing a parameter structure to the HookAPICalls() function as follows:

// Hook structure.
SDLLHook D3DHook = 
 false, NULL, // Default hook disabled, NULL function pointer.
  { "DirectDrawCreate", MyDirectDrawCreate },
  { NULL, NULL }

                       DWORD fdwReason, 
                       LPVOID lpReserved )
 // When initializing....
 if ( fdwReason == DLL_PROCESS_ATTACH )  
  hDLL = hModule;

  // We don't need thread notifications for what we're doing.
  // Thus, get rid of them, thereby eliminating some of the 
  // overhead of this DLL
  DisableThreadLibraryCalls( hModule );

  // Only hook the APIs if this is the Everquest process.
  GetModuleFileName( GetModuleHandle( NULL ), 
                     sizeof(Work) );
  PathStripPath( Work );

  if ( stricmp( Work, "myhooktarget.exe" ) == 0 )
   HookAPICalls( &D3DHook );

 return TRUE;

Now all that remains is to get your DLL loaded into the target process. The MSDN has a few good articles on Windows hooks, which are the preferred way to get an arbitrary DLL loaded into a process:


Also, the article from which this code is based shows another way to do it, which involves loading the process to be hooked as a debug target:



Download source code and demo project - 102 Kb

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date