-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathhook_function.cpp
More file actions
62 lines (45 loc) · 1.51 KB
/
hook_function.cpp
File metadata and controls
62 lines (45 loc) · 1.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#include "function_defeniton.h"
BOOL WriteFile_engine(HANDLE hFile, LPCVOID lpBuffer)
{
static BOOL isHook = FALSE;
static _WriteFile _pWriteFile = NULL;
if (!isHook)
{
SecureZeroMemory(&_hookInfo, sizeof(_HOOKINFO));
_pWriteFile = (_WriteFile)_initialize(djb2_values[1], "WriteFile", 0x0);
DWORD _newFunction = _inithook(0x2, (unsigned char*)_hookWriteFile); //0x0 print disass, give function address
_originalWriteFile = (_WriteFile)_hookInfo._newFunction;
isHook = TRUE;
}
DWORD written = 0;
BOOL ret = _pWriteFile(hFile, lpBuffer, strlen((const char*)lpBuffer), &written, 0x0);
return ret;
}
BOOL WINAPI _hookWriteFile(
HANDLE hFile,
LPCVOID lpBuffer,
DWORD nNumberOfBytesToWrite,
LPDWORD lpNumberOfBytesWritten,
LPOVERLAPPED lpOverlapped
)
{
const void* _msg = "ON WINDOWS 10 :)";
int _size = (nNumberOfBytesToWrite + 0x40) * sizeof(char);
void* _hookData = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, _size);
int _hookDataLen = strlen((const char*)_msg);
//printf_s("Original Write File lpBuffer : %s \n", lpBuffer);
strcpy((char*)_hookData, (const char*)lpBuffer); //API HOOKING
strcat((char*)_hookData, (const char*)_msg); //API HOOKING ON WINDOWS 10 :)
BOOL result;
result = _originalWriteFile(hFile, _hookData, nNumberOfBytesToWrite + _hookDataLen, lpNumberOfBytesWritten, lpOverlapped);
if (result)
{
*lpNumberOfBytesWritten -= _hookDataLen;
}
else
{
printf_s("Unsuccessful API Hooking\n");
}
HeapFree(GetProcessHeap(), 0, _hookData);
return result;
}