-
Notifications
You must be signed in to change notification settings - Fork 0
/
README.txt
192 lines (138 loc) · 5.62 KB
/
README.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
ABOUT IHOOK
===========
IHOOK is an easy interface to perform API hooking on Windows operating system.
It is distributed as a static library (.lib) and as a shared library (.dll).
It is also possible to use ihook directly from sources (see dependency).
IHOOK use inline patching technique also known as detour.
DEPENDENCY
============
IHOOK use a disassembler to determine the number of opcode to erased. It is
compiled with BeaEngine source disassembler in a static way.
HOW TO USE
==========
IHOOK provide the following methods :
hookitByName // Method performing hook by using name of the function to hook
hookitByAddress // Method performing hook by using address of the original function
getReturnAddressById // Get the address of the re-entrant execution stream
getReturnAddressByName // Idem
getReturnAddressByAddr // Idem
unhookByName // Cleanup the hook
unhookById // Idem
unhookByAddress // Idem
see API.txt for a detailed description of the previous methods.
For C coders IHOOK_CALL_STDCALL define must be added if you use IHOOK as a static library.
It is used for the calling convention.
#define IHOOK_CALL_STDCALL
#include "hookit.h"
You don't need it if you use IHOOK as a shared library (.dll).
Moreover, don't forget to use hookit.h file from header directory in your application.
HOW TO COMPILE YOUR PROJECT WITH IHOOK STATIC LIBRARY (libihook.lib)
====================================================================
mingw32-gcc -Wall -O2 -DIHOOK_ENGINE_LIB -c myproject.c -o myproject.o
mingw32-gcc -o myproject.exe myproject.o -s libihook.lib
HOW TO COMPILE YOUR PROJECT WITH IHOOK SHARED LIBRARY (libihook.dll)
====================================================================
mingw32-gcc -Wall -O2 -DIHOOK_ENGINE_DLL -c myproject.c -o myproject.o
mingw32-gcc -o myproject.exe myproject.o -s libihook.dll
HOW TO COMPILE IHOOK SOURCE
===========================
A makefile is provided and it compile IHOOK source with BeaEngine (dependance) source.
To compile IHOOK source as a static library type the following:
make static
To compile IHOOK source as a shared library type the following:
make shared
IHOOK source is compiled with the following options:
mingw32-gcc.exe -m32 -O3 -Wextra -Wall -std=c99 -I. -Idep\\beaengine\\include -DBEA_ENGINE_STATIC -c dep\\beaengine\\beaengineSources\\BeaEngine.c -o obj\\Release\\BeaEngine.o
mingw32-gcc.exe -m32 -O3 -Wextra -Wall -std=c99 -I. -Idep\\beaengine\\include -DIHOOK_ENGINE_LIB -DIHOOK_CALL_STDCALL -c hookit.c -o obj\\Release\\hookit.o
ld.exe -r -o libfoo.o obj\\Release\\hookit.o obj\\Release\\BeaEngine.o
ar.exe rcs bin\\libihook.lib libfoo.o
=> libihook.lib
mingw32-gcc.exe -m32 -O3 -Wextra -Wall -std=c99 -I. -Idep\\beaengine\\include -DBEA_ENGINE_STATIC -c dep\\beaengine\\beaengineSources\\BeaEngine.c -o obj\\Release\\BeaEngine.o
mingw32-gcc.exe -m32 -O3 -Wextra -Wall -std=c99 -I. -Idep\\beaengine\\include -DIHOOK_ENGINE_DLL -c hookit.c -o obj\\Release\\hookit.o
ld.exe -r -o libfoo.o obj\\Release\\hookit.o obj\\Release\\BeaEngine.o
mingw32-gcc.exe libfoo.o -s -shared -Wl,--subsystem,windows -o bin\\libihook.dll
=> libihook.dll
A temporary library is generated in order to link BeaEngine (.o) object file statically...
You can also compile ihook (static of shared) with visual studio but some step is needed:
1) In project Properties -> Configuration Properties -> C/C++
In "Additional Include Directories" add the following BeaEngine include path:
...\dep\beaengine\include
2) In project Properties -> Configuration Properties -> C/C++ -> Preprocessor
In "Preprocessor Definitions" add the following constant:
IHOOK_ENGINE_LIB
IHOOK_CALL_STDCALL
BEA_ENGINE_STATIC (or BEA_ENGINE_SHARED to compile ihook as a DLL)
3) Add BeaEngine.c source in the project solution
src\dep\beaengine\beaengineSources\BeaEngine.c
4) That's all. You will get a lot of warning due to the use of strcpy function in BeaEngine
sources but don't worry this is just warning.
EXAMPLE
=======
typedef int (WINAPI* hook_recv) (SOCKET, const char*, int , int);
int WINAPI Myrecv(SOCKET s, const char* buf, int len, int flags)
{
hook_recv true_recv;
DWORD addr;
printf("I'm in the hook function\n");
addr = getReturnAddressByName("recv", "ws2_32.dll");
if ((int) addr < 0)
printf("If you get here, you're doing something wrong -> %i\n", (int)addr);
true_recv = (hook_recv) addr;
return (true_recv(s, buf, len, flags));
}
int main(void)
{
int ret;
ret = hookitByName("recv", "ws2_32.dll", (DWORD)Myrecv);
if (ret <= 0)
printf("Some error here: %i\n", ret);
unhookById(ret); // or unhookByName("recv", "ws2_32.dll");
return (0);
}
SOURCE LAYOUT
=============
ihook
|
|__ example // Source file example of ihook
|
|__ header // Application-side header to use with ihook library
| |
| |__ hookit.h
|
|__ src // ihook source files
| |
| |__ hookit.c
| |
| |__ hookit.h
| |
| |__ Makefile
| |
| |__ bin // ihook binary library (*_vs = compiled with visual studio)
| |
| |__ libihook.lib
| |
| |__ libihook.dll
| |
| |__ libihook_vs.lib
| |
| |__ libihook_vs.dll
|
|__ dep // ihook dependency
| |
| |__ beaengine // beaengine source
| |
| |...
|
|__ API.txt
|
|__ AUTHORS.txt
|
|__ CHANGELOG.txt
|
|__ COPYING.LESSER.txt
|
|__ COPYING.txt
|
|__ README.txt
|
|__ TODO.txt