HDK
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
UT_NTHooking.h
Go to the documentation of this file.
1 /*
2  * PROPRIETARY INFORMATION. This software is proprietary to
3  * Side Effects Software Inc., and is not to be reproduced,
4  * transmitted, or disclosed in any way without written permission.
5  *
6  * (based on code from the Microsoft Systems Journal)
7  *
8  * NAME: Utility Library (C++)
9  *
10  * COMMENTS:
11  * Function for hooking DLL functions. This lets you replace
12  * any system (or Houdini) DLL function with something of your
13  * own choosing.
14  *
15  * For instance, you might want to replace ::MessageBox() with
16  * a message box function that displays a Houdini logo along
17  * with the message text.
18  */
19 
20 #ifndef __UT_NTHooking_H__
21 #define __UT_NTHooking_H__
22 
23 #include "UT_API.h"
24 #ifdef WIN32
25 #include <Windows.h>
26 #include "UT_Defines.h"
27 
28 
29 // Export these functions using the C calling convention.
30 #ifdef __cplusplus
31 extern "C" {
32 #endif // _cplusplus
33 
34 
35 
36 typedef struct tag_HOOKFUNCDESCA
37 {
38  LPCSTR szFunc; // The name of the function to hook.
39  PROC pProc; // The procedure to blast in.
40 } HOOKFUNCDESCA , * LPHOOKFUNCDESCA ;
41 
42 typedef struct tag_HOOKFUNCDESCW
43 {
44  LPCWSTR szFunc; // The name of the function to hook.
45  PROC pProc; // The procedure to blast in.
46 } HOOKFUNCDESCW , * LPHOOKFUNCDESCW ;
47 
48 
49 
50 #ifdef UNICODE
51 #define HOOKFUNCDESC HOOKFUNCDESCW
52 #define LPHOOKFUNCDESC LPHOOKFUNCDESCW
53 #else
54 #define HOOKFUNCDESC HOOKFUNCDESCA
55 #define LPHOOKFUNCDESC LPHOOKFUNCDESCA
56 #endif // UNICODE
57 
58 
59 
60 /*----------------------------------------------------------------------
61 
62 RecursiveHookImportedFunctionsByName()
63 
64 Chris' all-powerful hooking function. Descends the symbol tree
65 from a given HMODULE and hooks everything in each loaded module.
66 
67 Unless you really want to only hook one HMODULE, call this
68 instead of the non-recursive version.
69 
70 See the docs lower down in this file for descriptions of
71 the parameters.
72 
73 ----------------------------------------------------------------------*/
74 
75 UT_API extern BOOL
76 RecursiveHookImportedFunctionsByNameA ( HMODULE hModule,
77  LPCSTR szImportMod,
78  UINT uiCount,
79  LPHOOKFUNCDESCA paHookArray,
80  PROC * paOrigFuncs,
81  LPUINT puiHooked );
82 
83 UT_API extern BOOL
84 RecursiveHookImportedFunctionsByNameW ( HMODULE hModule,
85  LPCWSTR szImportMod,
86  UINT uiCount,
87  LPHOOKFUNCDESCA paHookArray,
88  PROC * paOrigFuncs,
89  LPUINT puiHooked ) ;
90 
91 
92 
93 /*----------------------------------------------------------------------
94 
95 HookImportedFunctionsByName()
96 
97 DISCUSSION:
98  Hooks the specified functions imported into hModule by the module
99 indicated by szImportMod. This function can be used to hook from one
100 to 'n' of the functions imported.
101  The techniques used in the function are slightly different than
102 that shown by Matt Pietrek in his book, "Windows 95 System Programming
103 Secrets." He uses the address of the function to hook as returned by
104 GetProcAddress. Unfortunately, while this works in almost all cases, it
105 does not work when the program being hooked is running under a debugger
106 on Windows95 (an presumably, Windows98). The problem is that
107 GetProcAddress under a debugger returns a "debug thunk," not the address
108 that is stored in the Import Address Table (IAT).
109  This function gets around that by using the real thunk list in the
110 PE file, the one not bashed by the loader when the module is loaded and
111 fixed up, to find where the named import is located. Once the named
112 import is found, then the original table is blasted to make the hook.
113 As the name implies, this function will only hook functions imported by
114 name.
115 
116 PARAMETERS:
117  hModule - The module where the imports will be hooked.
118  szImportMod - The name of the module whose functions will be
119  imported.
120  uiCount - The number of functions to hook. This is the size of
121  the paHookArray and paOrigFuncs arrays.
122  paHookArray - The array of function descriptors that list which
123  functions to hook. At this point, the array does not
124  have to be in szFunc name order. Also, if a
125  particular pProc is NULL, then that item will just be
126  skipped. This makes it much easier for debugging.
127  paOrigFuncs - The array of original addresses that were hooked. If
128  a function was not hooked, then that item will be
129  NULL.
130  puiHooked - Returns the number of functions hooked out of
131  paHookArray.
132 
133 RETURNS:
134  FALSE - There was a problem, check GetLastError.
135  TRUE - The function succeeded. See the parameter discussion for
136  the output parameters.
137 
138 ----------------------------------------------------------------------*/
139 
140 UT_API extern BOOL
141 HookImportedFunctionsByNameA ( HMODULE hModule,
142  LPCSTR szImportMod,
143  UINT uiCount,
144  LPHOOKFUNCDESCA paHookArray,
145  PROC * paOrigFuncs,
146  LPUINT puiHooked );
147 
148 UT_API extern BOOL
149 HookImportedFunctionsByNameW ( HMODULE hModule,
150  LPCWSTR szImportMod,
151  UINT uiCount,
152  LPHOOKFUNCDESCA paHookArray,
153  PROC * paOrigFuncs,
154  LPUINT puiHooked ) ;
155 
156 
157 
158 #ifdef UNICODE
159 #define HookImportedFunctionsByName HookImportedFunctionsByNameW
160 #define RecursiveHookImportedFunctionsByName RecursiveHookImportedFunctionsByNameW
161 #else
162 #define HookImportedFunctionsByName HookImportedFunctionsByNameA
163 #define RecursiveHookImportedFunctionsByName RecursiveHookImportedFunctionsByNameA
164 #endif // UNICODE
165 
166 
167 #ifdef __cplusplus
168 }
169 #endif // _cplusplus
170 
171 #endif // WIN32
172 
173 #endif // __UT_NTHooking_H__
#define UT_API
Definition: UT_API.h:12