From 58ab66de4f41c998689b64dbdd385e7b54b2a876 Mon Sep 17 00:00:00 2001
From: jungjin0003 <43538880+jungjin0003@users.noreply.github.com>
Date: Fri, 17 Jul 2020 21:37:17 +0900
Subject: [PATCH] Update README.md
---
README.md | 86 ++++++++++++++++++++++++++++++++++++++++++++++---------
1 file changed, 73 insertions(+), 13 deletions(-)
diff --git a/README.md b/README.md
index 23f2e86..da81216 100644
--- a/README.md
+++ b/README.md
@@ -12,11 +12,63 @@ Korean
위 라이브러리는 윈도우 API 함수를 후킹해주는 라이브러리이다. 후킹대상은 현재 프로세스가 아닌 다른 프로세스를 대상으로도 진행 할 수 있다.
# How to used
-
-## Struct Explanation
+```
+#include
+#include
+#include "WinHook.h"
+
+typedef int(__stdcall* MESSAGEBOXA)(HWND, LPCSTR, LPCSTR, UINT);
+
+typedef struct {
+ MESSAGEBOXA pFunc;
+ char Text[10];
+} data;
+
+int NewMessageBox(HWND hWnd, LPCSTR lpText, LPCSTR lpCation, UINT uType)
+{
+ volatile data *Data = 0xCCCCCCCC;
+ return ((MESSAGEBOXA)Data->pFunc)(hWnd, Data->Text, Data->Text, uType);
+}
+int AtherFunc() {}
+
+int main()
+{
+ data Data;
+ strcpy(Data.Text, "Hooked!");
+ WINAPI_BASIC_HOOK_DATAA WinApi_Basic_Hook_Data;
+ strcpy(WinApi_Basic_Hook_Data.DLLName, "user32.dll");
+ WinApi_Basic_Hook_Data.lpOrigin = MessageBoxA;
+ WinApi_Basic_Hook_Data.lpNewFunction = NewMessageBox;
+ WinApi_Basic_Hook_Data.lpParameter = &Data;
+ WinApi_Basic_Hook_Data.Parameter = TRUE;
+ WinApi_Basic_Hook_Data.dwParameterSize = sizeof(data);
+ WinApi_Basic_Hook_Data.dwNewFuncSize = (Address)AtherFunc - (Address)NewMessageBox;
+ WinApi_Basic_Hook_Data.lpCopyOrigin = &Data.pFunc;
+
+ // DWORD PID;
+ // scanf("%d", &PID);
+ // HookA(&WinApi_Basic_Hook_Data, NULL, "TEST.exe");
+ // HookA(&WinApi_Basic_Hook_Data, PID, NULL);
+}
+```
+## Structs
ASCII Struct
```
-typedef struct _WINAPI_HOOK_DATAA {
+typedef struct _WINAPI_BASIC_HOOK_DATAA
+{
+ PVOID lpOrigin;
+ PVOID *lpCopyOrigin;
+ PVOID lpNewFunction;
+ PVOID lpParameter;
+ BOOL Parameter;
+ DWORD dwParameterSize;
+ DWORD dwNewFuncSize;
+ char DLLName[MAX_PATH];
+} WINAPI_BASIC_HOOK_DATAA, *PWINAPI_BASIC_HOOK_DATAA;
+```
+```
+typedef struct _WINAPI_HOOK_DATAA
+{
HANDLE hProcess;
HMODULE hModule;
_require_ PVOID lpOrigin; // Address of function to hook
@@ -28,18 +80,28 @@ typedef struct _WINAPI_HOOK_DATAA {
PVOID lpParameterEx;
BOOL Parameter; // True is Parameter enabled and False is disable
DWORD dwParameterSize;
- _require_ DWORD dwNewFuncSize; Size of (new) function address to be jumped
- _one_is_require_ DWORD dwPID; // Target process PID (Set PID or Process Name)
+ _require_ DWORD dwNewFuncSize; // Size of (new) function address to be jumped
BYTE jmpCode[sizeof(Instruction)];
_require_ char DLLName[MAX_PATH]; // DLL name of function to be hook
- _one_is_require_ char ProcessName[MAX_PATH]; // Target process name (Set PID or Process Name)
} WINAPI_HOOK_DATAA, *PWINAPI_HOOK_DATAA;
```
-Set to NULL if PID is not used.
-
Wide Char Struct
```
-typedef struct _WINAPI_HOOK_DATAW {
+typedef struct _WINAPI_BASIC_HOOK_DATAW
+{
+ PVOID lpOrigin;
+ PVOID *lpCopyOrigin;
+ PVOID lpNewFunction;
+ PVOID lpParameter;
+ BOOL Parameter;
+ DWORD dwParameterSize;
+ DWORD dwNewFuncSize;
+ WCHAR DLLName[MAX_PATH];
+} WINAPI_BASIC_HOOK_DATAW, *PWINAPI_BASIC_HOOK_DATAW;
+```
+```
+typedef struct _WINAPI_HOOK_DATAW
+{
HANDLE hProcess;
HMODULE hModule;
_require_ PVOID lpOrigin; // Address of function to hook
@@ -51,10 +113,8 @@ typedef struct _WINAPI_HOOK_DATAW {
PVOID lpParameterEx;
BOOL Parameter; // True is Parameter enabled and False is disable
DWORD dwParameterSize;
- _require_ DWORD dwNewFuncSize; Size of (new) function address to be jumped
- _one_is_require_ DWORD dwPID; // Target process PID (Set PID or Process Name)
+ _require_ DWORD dwNewFuncSize; // Size of (new) function address to be jumped
BYTE jmpCode[sizeof(Instruction)];
- _require_ char DLLName[MAX_PATH]; // DLL name of function to be hook
- _one_is_require_ WCHAR ProcessName[MAX_PATH]; // Target process name (Set PID or Process Name)
+ _require_ WCHAR DLLName[MAX_PATH]; // DLL name of function to be hook
} WINAPI_HOOK_DATAW, *PWINAPI_HOOK_DATAW;
```