//API Hook //API Hook Through IAT //coded by robinh00d*inh4ss* //QQ:530222815 //MSN:Robinh00d@263.net //Credit: "Hooking Windows API" By Holy_Father From 29A#7 #include #include #include #pragma comment(lib,"Dbghelp.lib") /************************************************************/ char *szHookModName = "USER32.dll" ; char *szHookFunName = "MessageBoxA" ; char *szModName = NULL ; char *szHacked = "MessageBoxA() has been hooked!" ; DWORD dwHookFun ; DWORD dwHookApiAddr ; DWORD *dwCurAddr ; DWORD dwOldProtect ; PIMAGE_IMPORT_DESCRIPTOR pImportDesc ; PIMAGE_THUNK_DATA32 pImageThunkData ; MEMORY_BASIC_INFORMATION mbi ; ULONG uSize ; /************************************************************/ void Hooked() { __asm { mov esp,ebp push szHacked pop DWORD PTR [ebp+12] pop ebp jmp dwHookApiAddr } } int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd) { HMODULE hUser32 = LoadLibrary(szHookModName) ; if (hUser32 == NULL) { printf("Load User32.dll failed!\n") ; return -1 ; } dwHookFun = (DWORD)Hooked ; dwHookApiAddr = (DWORD)GetProcAddress(hUser32,szHookFunName) ; pImportDesc = (PIMAGE_IMPORT_DESCRIPTOR)ImageDirectoryEntryToData(hInstance, TRUE, IMAGE_DIRECTORY_ENTRY_IMPORT, &uSize) ; while(pImportDesc->Name) { szModName = (char *)((PBYTE)hInstance+pImportDesc->Name) ; if (strcmp(szModName,szHookModName)==0) { break ; } pImportDesc++ ; } pImageThunkData = (PIMAGE_THUNK_DATA32)((PBYTE)hInstance+pImportDesc->FirstThunk) ; while(pImageThunkData->u1.Function) { dwCurAddr = &pImageThunkData->u1.Function ; if (*dwCurAddr == dwHookApiAddr) { VirtualQuery(dwCurAddr,&mbi,sizeof(MEMORY_BASIC_INFORMATION)) ; VirtualProtect(mbi.BaseAddress,mbi.RegionSize,PAGE_READWRITE,&mbi.Protect) ; *dwCurAddr = dwHookFun ; VirtualProtect(mbi.BaseAddress,mbi.RegionSize,mbi.Protect,&dwOldProtect) ; break ; } pImageThunkData++ ; } MessageBoxA(0,"NOT HOOKED!","robinh00d/[Inh4ss]",0) ; return 0 ; }