APIHijack – A Library For Easy DLL Function Hooking

Published on: January 16, 2001
Last Updated: January 16, 2001

APIHijack – A Library For Easy DLL Function Hooking

Published on: January 16, 2001
Last Updated: January 16, 2001

This article was contributed by Wade Brainerd ([email protected]).

Based on DelayLoadProfileDLL.CPP, by Matt Pietrek for MSJ February 2000. This code is intended to be included in a DLL inserted through a global Windows Hook (CBT hook for example).

It will replace functions from other DLLs (e.g. DDRAW.DLL) with functions from your DLL.

Functions are hooked by passing a parameter structure to the HookAPICalls() function as follows:

// Hook structure.
SDLLHook D3DHook = 
{
 "DDRAW.DLL",
 false, NULL,		// Default hook disabled, NULL function pointer.
 {
  { "DirectDrawCreate", MyDirectDrawCreate },
  { NULL, NULL }
 }
};

BOOL APIENTRY DllMain( HINSTANCE hModule, DWORD fdwReason, LPVOID lpReserved )
{
 if ( fdwReason == DLL_PROCESS_ATTACH )  // When initializing....
 {
  hDLL = hModule;

  // We don't need thread notifications for what we're doing.  Thus, get
  // rid of them, thereby eliminating some of the overhead of this DLL
  DisableThreadLibraryCalls( hModule );

  // Only hook the APIs if this is the Everquest proess.
  GetModuleFileName( GetModuleHandle( NULL ), Work, sizeof(Work) );
  PathStripPath( Work );

  if ( stricmp( Work, "myhooktarget.exe" ) == 0 )
   HookAPICalls( &D3DHook; );
 }

 return TRUE;
}

Now all that remains is to get your DLL loaded into the target process. The MSDN has a few good articles on Windows hooks, which are the preferred way to get an arbitrary DLL loaded into a process:

http://msdn.microsoft.com/library/techart/msdn_hooks32.htm

Also, the article from which this code is based shows another way to do it, which involves loading the process to be hooked as a debug target:

http://msdn.microsoft.com/library/periodic/period00/hood0200.htm

Stay on top of the latest technology trends — delivered directly to your inbox, free!

Subscription Form Posts

Don't worry, we don't spam

Written by Bobby

Bobby Lawson is a seasoned technology writer with over a decade of experience in the industry. He has written extensively on topics such as cybersecurity, cloud computing, and data analytics. His articles have been featured in several prominent publications, and he is known for his ability to distill complex technical concepts into easily digestible content.