APIHijack – A Library for Easy DLL Function Hooking.

CodeGuru content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Based on DelayLoadProfileDLL.CPP, by Matt Pietrek for MSJ February 2000. This code is intended to be included in a DLL inserted through a global Windows Hook (CBT hook for example). It will replace functions from other DLLs (e.g. DDRAW.DLL) with functions from your DLL.

Functions are hooked by passing a parameter structure to the HookAPICalls() function as follows:


// Hook structure.
SDLLHook D3DHook =
{
“DDRAW.DLL”,
false, NULL, // Default hook disabled, NULL function pointer.
{
{ “DirectDrawCreate”, MyDirectDrawCreate },
{ NULL, NULL }
}
};

BOOL APIENTRY DllMain( HINSTANCE hModule,
DWORD fdwReason,
LPVOID lpReserved )
{
// When initializing….
if ( fdwReason == DLL_PROCESS_ATTACH )
{
hDLL = hModule;

// We don’t need thread notifications for what we’re doing.
// Thus, get rid of them, thereby eliminating some of the
// overhead of this DLL
DisableThreadLibraryCalls( hModule );

// Only hook the APIs if this is the Everquest process.
GetModuleFileName( GetModuleHandle( NULL ),
Work,
sizeof(Work) );
PathStripPath( Work );

if ( stricmp( Work, “myhooktarget.exe” ) == 0 )
HookAPICalls( &D3DHook );
}

return TRUE;
}

Now all that remains is to get your DLL loaded into the target process. The MSDN has a few good articles on Windows hooks, which are the preferred way to get an arbitrary DLL loaded into a process:

http://msdn.microsoft.com/library/techart/msdn_hooks32.htm

Also, the article from which this code is based shows another way to do it, which involves loading the process to be hooked as a debug target:

http://msdn.microsoft.com/library/periodic/period00/hood0200.htm

Downloads

Download source code and demo project – 102 Kb

More by Author

Previous article
Next article

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends & analysis

Must Read