1 #include "stdafx.h"
2 #include "apihook.h"
3 #include <Windows.h>
4 using namespace std;
5
6 typedef int (WINAPI *PFNCREATEFILE)(LPCTSTR , DWORD, DWORD, LPSECURITY_ATTRIBUTES, DWORD , DWORD, HANDLE);
7 FARPROC g_OriginalProc = (FARPROC)CreateFileA;
8 FARPROC g_NewProc = (FARPROC)NewProc;
9
10 int SomeFunc()
11 {
12 HMODULE hModule;
13
14 hModule = GetModuleHandle(NULL);
15 ApiHook(hModule);
16
17 return FALSE;
18 }
19
20 int ApiHook(HMODULE hModule)
21 {
22 IMAGE_DOS_HEADER* pDosHdr = NULL;
23 IMAGE_NT_HEADERS32* pNTHdr = NULL;
24 IMAGE_IMPORT_DESCRIPTOR* pImportHdr = NULL;
25
26 pDosHdr = (IMAGE_DOS_HEADER *)hModule;
27 pNTHdr = (IMAGE_NT_HEADERS32 *) ((BYTE *)hModule + pDosHdr->e_lfanew);
28 pImportHdr = (IMAGE_IMPORT_DESCRIPTOR *) ((BYTE *)hModule
29 + pNTHdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
30
31 while(pImportHdr->FirstThunk)
32 {
33 IMAGE_THUNK_DATA* pThunk = (IMAGE_THUNK_DATA*)((BYTE *)hModule + pImportHdr->FirstThunk);
34
35 while(pThunk->u1.Function)
36 {
37 DWORD* lpAddr = (DWORD *) &(pThunk->u1.Function);
38 if(*lpAddr == (DWORD)g_OriginalProc)
39 {
40 DWORD dwOldPortect;
41 MEMORY_BASIC_INFORMATION mb;
42 VirtualQuery(lpAddr, &mb, sizeof(mb));
43 VirtualProtect(lpAddr, sizeof(DWORD), PAGE_READWRITE, &dwOldPortect);
44 WriteProcessMemory(GetCurrentProcess(), lpAddr, &g_NewProc, sizeof(DWORD), NULL);
45 VirtualProtect(lpAddr, sizeof(DWORD), dwOldPortect, NULL);
46 return TRUE;
47 }
48 pThunk++;
49 }
50 pImportHdr++;
51 }
52
53 return FALSE;
54 }
55
56 int WINAPI NewProc(LPCTSTR lpFileName,
57 DWORD dwDesiredAccess,
58 DWORD dwShareMode,
59 LPSECURITY_ATTRIBUTES lpSecurityAttributes,
60 DWORD dwCreationDisposition,
61 DWORD dwFlagsAndAttributes,
62 HANDLE hTemplateFile)
63 {
64 MessageBoxA(NULL, "What's The Fuck", "Kevin", MB_OK);
65 CreateFileA(lpFileName, dwDesiredAccess, dwShareMode,
66 lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile);
67 return 0;
68 }