00001 /* 00002 * PROPRIETARY INFORMATION. This software is proprietary to 00003 * Side Effects Software Inc., and is not to be reproduced, 00004 * transmitted, or disclosed in any way without written permission. 00005 * 00006 * Produced by: 00007 * Chris Thompson 00008 * (based on code from the Microsoft Systems Journal) 00009 * 00010 * NAME: Utility Library (C++) 00011 * 00012 * COMMENTS: 00013 * Function for hooking DLL functions. This lets you replace 00014 * any system (or Houdini) DLL function with something of your 00015 * own choosing. 00016 * 00017 * For instance, you might want to replace ::MessageBox() with 00018 * a message box function that displays a Houdini logo along 00019 * with the message text. 00020 */ 00021 00022 #ifndef __UT_NTHooking_H__ 00023 #define __UT_NTHooking_H__ 00024 00025 #include "UT_API.h" 00026 #ifdef WIN32 00027 #include <Windows.h> 00028 #include "UT_Defines.h" 00029 00030 00031 // Export these functions using the C calling convention. 00032 #ifdef __cplusplus 00033 extern "C" { 00034 #endif // _cplusplus 00035 00036 00037 00038 typedef struct tag_HOOKFUNCDESCA 00039 { 00040 LPCSTR szFunc; // The name of the function to hook. 00041 PROC pProc; // The procedure to blast in. 00042 } HOOKFUNCDESCA , * LPHOOKFUNCDESCA ; 00043 00044 typedef struct tag_HOOKFUNCDESCW 00045 { 00046 LPCWSTR szFunc; // The name of the function to hook. 00047 PROC pProc; // The procedure to blast in. 00048 } HOOKFUNCDESCW , * LPHOOKFUNCDESCW ; 00049 00050 00051 00052 #ifdef UNICODE 00053 #define HOOKFUNCDESC HOOKFUNCDESCW 00054 #define LPHOOKFUNCDESC LPHOOKFUNCDESCW 00055 #else 00056 #define HOOKFUNCDESC HOOKFUNCDESCA 00057 #define LPHOOKFUNCDESC LPHOOKFUNCDESCA 00058 #endif // UNICODE 00059 00060 00061 00062 /*---------------------------------------------------------------------- 00063 00064 RecursiveHookImportedFunctionsByName() 00065 00066 Chris' all-powerful hooking function. Descends the symbol tree 00067 from a given HMODULE and hooks everything in each loaded module. 00068 00069 Unless you really want to only hook one HMODULE, call this 00070 instead of the non-recursive version. 00071 00072 See the docs lower down in this file for descriptions of 00073 the parameters. 00074 00075 ----------------------------------------------------------------------*/ 00076 00077 UT_API extern BOOL 00078 RecursiveHookImportedFunctionsByNameA ( HMODULE hModule, 00079 LPCSTR szImportMod, 00080 UINT uiCount, 00081 LPHOOKFUNCDESCA paHookArray, 00082 PROC * paOrigFuncs, 00083 LPUINT puiHooked ); 00084 00085 UT_API extern BOOL 00086 RecursiveHookImportedFunctionsByNameW ( HMODULE hModule, 00087 LPCWSTR szImportMod, 00088 UINT uiCount, 00089 LPHOOKFUNCDESCA paHookArray, 00090 PROC * paOrigFuncs, 00091 LPUINT puiHooked ) ; 00092 00093 00094 00095 /*---------------------------------------------------------------------- 00096 00097 HookImportedFunctionsByName() 00098 00099 DISCUSSION: 00100 Hooks the specified functions imported into hModule by the module 00101 indicated by szImportMod. This function can be used to hook from one 00102 to 'n' of the functions imported. 00103 The techniques used in the function are slightly different than 00104 that shown by Matt Pietrek in his book, "Windows 95 System Programming 00105 Secrets." He uses the address of the function to hook as returned by 00106 GetProcAddress. Unfortunately, while this works in almost all cases, it 00107 does not work when the program being hooked is running under a debugger 00108 on Windows95 (an presumably, Windows98). The problem is that 00109 GetProcAddress under a debugger returns a "debug thunk," not the address 00110 that is stored in the Import Address Table (IAT). 00111 This function gets around that by using the real thunk list in the 00112 PE file, the one not bashed by the loader when the module is loaded and 00113 fixed up, to find where the named import is located. Once the named 00114 import is found, then the original table is blasted to make the hook. 00115 As the name implies, this function will only hook functions imported by 00116 name. 00117 00118 PARAMETERS: 00119 hModule - The module where the imports will be hooked. 00120 szImportMod - The name of the module whose functions will be 00121 imported. 00122 uiCount - The number of functions to hook. This is the size of 00123 the paHookArray and paOrigFuncs arrays. 00124 paHookArray - The array of function descriptors that list which 00125 functions to hook. At this point, the array does not 00126 have to be in szFunc name order. Also, if a 00127 particular pProc is NULL, then that item will just be 00128 skipped. This makes it much easier for debugging. 00129 paOrigFuncs - The array of original addresses that were hooked. If 00130 a function was not hooked, then that item will be 00131 NULL. 00132 puiHooked - Returns the number of functions hooked out of 00133 paHookArray. 00134 00135 RETURNS: 00136 FALSE - There was a problem, check GetLastError. 00137 TRUE - The function succeeded. See the parameter discussion for 00138 the output parameters. 00139 00140 ----------------------------------------------------------------------*/ 00141 00142 UT_API extern BOOL 00143 HookImportedFunctionsByNameA ( HMODULE hModule, 00144 LPCSTR szImportMod, 00145 UINT uiCount, 00146 LPHOOKFUNCDESCA paHookArray, 00147 PROC * paOrigFuncs, 00148 LPUINT puiHooked ); 00149 00150 UT_API extern BOOL 00151 HookImportedFunctionsByNameW ( HMODULE hModule, 00152 LPCWSTR szImportMod, 00153 UINT uiCount, 00154 LPHOOKFUNCDESCA paHookArray, 00155 PROC * paOrigFuncs, 00156 LPUINT puiHooked ) ; 00157 00158 00159 00160 #ifdef UNICODE 00161 #define HookImportedFunctionsByName HookImportedFunctionsByNameW 00162 #define RecursiveHookImportedFunctionsByName RecursiveHookImportedFunctionsByNameW 00163 #else 00164 #define HookImportedFunctionsByName HookImportedFunctionsByNameA 00165 #define RecursiveHookImportedFunctionsByName RecursiveHookImportedFunctionsByNameA 00166 #endif // UNICODE 00167 00168 00169 #ifdef __cplusplus 00170 } 00171 #endif // _cplusplus 00172 00173 #endif // WIN32 00174 00175 #endif // __UT_NTHooking_H__
1.5.9