-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathWinHook.h
163 lines (150 loc) · 5.45 KB
/
WinHook.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
/* Example Code :
#include <stdio.h>
#include <windows.h>
#include "WinHook.h"
typedef int(__stdcall* MESSAGEBOXA)(HWND, LPCSTR, LPCSTR, UINT);
typedef struct {
MESSAGEBOXA pFunc;
char Text[10];
} data;
int NewMessageBox(HWND hWnd, LPCSTR lpText, LPCSTR lpCation, UINT uType)
{
volatile data *Data = 0xCCCCCCCC;
return ((MESSAGEBOXA)Data->pFunc)(hWnd, Data->Text, Data->Text, uType);
}
int AtherFunc() {}
int main()
{
data Data;
strcpy(Data.Text, "Hooked!");
WINAPI_BASIC_HOOK_DATAA WinApi_Basic_Hook_Data;
strcpy(WinApi_Basic_Hook_Data.DLLName, "user32.dll");
WinApi_Basic_Hook_Data.lpOrigin = MessageBoxA;
WinApi_Basic_Hook_Data.lpNewFunction = NewMessageBox;
WinApi_Basic_Hook_Data.lpParameter = &Data;
WinApi_Basic_Hook_Data.Parameter = TRUE;
WinApi_Basic_Hook_Data.dwParameterSize = sizeof(data);
WinApi_Basic_Hook_Data.dwNewFuncSize = (Address)AtherFunc - (Address)NewMessageBox;
WinApi_Basic_Hook_Data.lpCopyOrigin = &Data.pFunc;
// DWORD PID;
// scanf("%d", &PID);
// HookA(&WinApi_Basic_Hook_Data, NULL, "TEST.exe");
// HookA(&WinApi_Basic_Hook_Data, PID, NULL);
}
*/
#pragma once
#ifndef __WINHOOK_H__
#define __WINHOOK_H__
#define _one_is_require_
#define _require_
#define _caller_
#define _option_
#ifdef _M_AMD64
typedef ULONGLONG Address;
extern const BYTE Instruction[12];
#else
typedef ULONG Address;
extern const BYTE Instruction[7];
#endif
typedef struct _WINAPI_BASIC_HOOK_DATAW
{
PVOID lpOrigin;
PVOID *lpCopyOrigin;
PVOID lpNewFunction;
PVOID lpParameter;
BOOL Parameter;
DWORD dwParameterSize;
DWORD dwNewFuncSize;
WCHAR DLLName[MAX_PATH];
} WINAPI_BASIC_HOOK_DATAW, *PWINAPI_BASIC_HOOK_DATAW;
typedef struct _WINAPI_BASIC_HOOK_DATAA
{
PVOID lpOrigin;
PVOID *lpCopyOrigin;
PVOID lpNewFunction;
PVOID lpParameter;
BOOL Parameter;
DWORD dwParameterSize;
DWORD dwNewFuncSize;
char DLLName[MAX_PATH];
} WINAPI_BASIC_HOOK_DATAA, *PWINAPI_BASIC_HOOK_DATAA;
typedef struct _WINAPI_HOOK_DATAW
{
HANDLE hProcess;
HMODULE hModule;
_require_ PVOID lpOrigin;
_caller_ PVOID *lpCopyOrigin;
PVOID lpCopyBaseOfCode;
_require_ PVOID lpNewFunction;
PVOID lpNewFunctionEx;
PVOID lpParameter;
PVOID lpParameterEx;
BOOL Parameter;
DWORD dwParameterSize;
_require_ DWORD dwNewFuncSize;
BYTE jmpCode[sizeof(Instruction)];
_require_ WCHAR DLLName[MAX_PATH];
} WINAPI_HOOK_DATAW, *PWINAPI_HOOK_DATAW;
typedef struct _WINAPI_HOOK_DATAA
{
HANDLE hProcess;
HMODULE hModule;
_require_ PVOID lpOrigin;
_caller_ PVOID *lpCopyOrigin;
PVOID lpCopyBaseOfCode;
_require_ PVOID lpNewFunction;
PVOID lpNewFunctionEx;
PVOID lpParameter;
PVOID lpParameterEx;
BOOL Parameter;
DWORD dwParameterSize;
_require_ DWORD dwNewFuncSize;
BYTE jmpCode[sizeof(Instruction)];
_require_ char DLLName[MAX_PATH];
} WINAPI_HOOK_DATAA, *PWINAPI_HOOK_DATAA;
#ifdef UNICODE
typedef WINAPI_BASIC_HOOK_DATAW WINAPI_BASIC_HOOK_DATA;
typedef PWINAPI_BASIC_HOOK_DATAW PWINAPI_BASIC_HOOK_DATA;
typedef WINAPI_HOOK_DATAW WINAPI_HOOK_DATA;
typedef PWINAPI_HOOK_DATAW PWINAPI_HOOK_DATA;
#define Hook HookW
#define WriteNewFunction WriteNewFunctionW
#define CopyDLLCode CopyDLLCodeW
#define SetAssemblyInstruction SetAssemblyInstructionW
#define SetCopyFunction SetCopyFunctionW
#define WriteParameter WriteParameterW
#define CodePatch CodePatchW
#define Set_WINAPI_Struct Set_WINAPI_StructW;
#else
typedef WINAPI_BASIC_HOOK_DATAA WINAPI_BASIC_HOOK_DATA;
typedef PWINAPI_BASIC_HOOK_DATAA PWINAPI_BASIC_HOOK_DATA;
typedef WINAPI_HOOK_DATAA WINAPI_HOOK_DATA;
typedef PWINAPI_HOOK_DATAA PWINAPI_HOOK_DATA;
#define Hook HookA
#define WriteNewFunction WriteNewFunctionA
#define CopyDLLCode CopyDLLCodeA
#define SetAssemblyInstruction SetAssemblyInstructionA
#define SetCopyFunction SetCopyFunctionA
#define WriteParameter WriteParameterA
#define CodePatch CodePatchA
#define Set_WINAPI_Struct Set_WINAPI_StructA;
#endif
HANDLE GetProcessHandleByFileNameA(char* name);
HANDLE GetProcessHandleByFileNameW(WCHAR* name);
BOOL HookA(PWINAPI_BASIC_HOOK_DATAA lpWinApi_Basic_Hook_Data, DWORD PID, char *ProcessName);
BOOL HookW(PWINAPI_BASIC_HOOK_DATAW lpWinApi_Basic_Hook_Data, DWORD PID, wchar_t *ProcessName);
BOOL WriteNewFunctionA(PWINAPI_HOOK_DATAA lpWinApi_Hook_Data);
BOOL WriteNewFunctionW(PWINAPI_HOOK_DATAW lpWinApi_Hook_Data);
BOOL CopyDLLCodeA(PWINAPI_HOOK_DATAA lpWinApi_Hook_Data);
BOOL CopyDLLCodeW(PWINAPI_HOOK_DATAW lpWinApi_Hook_Data);
BOOL SetAssemblyInstructionA(PWINAPI_HOOK_DATAA lpWinApi_Hook_Data);
BOOL SetAssemblyInstructionW(PWINAPI_HOOK_DATAW lpWinApi_Hook_Data);
BOOL SetCopyFunctionA(PWINAPI_HOOK_DATAA lpWinApi_Hook_Data);
BOOL SetCopyFunctionW(PWINAPI_HOOK_DATAW lpWinApi_Hook_Data);
BOOL WriteParameterA(PWINAPI_HOOK_DATAA lpWinApi_Hook_Data);
BOOL WriteParameterW(PWINAPI_HOOK_DATAW lpWinApi_Hook_Data);
BOOL CodePatchA(PWINAPI_HOOK_DATAA lpWinApi_Hook_Data);
BOOL CodePatchW(PWINAPI_HOOK_DATAW lpWinApi_Hook_Data);
BOOL Set_WINAPI_StructA(PWINAPI_HOOK_DATAA lpWinApi_Hook_Data, PWINAPI_BASIC_HOOK_DATAA lpWinApi_Basic_Hook_Data);
BOOL Set_WINAPI_StructW(PWINAPI_HOOK_DATAW lpWinApi_Hook_Data, PWINAPI_BASIC_HOOK_DATAW lpWinApi_Basic_Hook_Data);
#endif