Enclosed is MFC source code for a function which can be used to hook any imported
function call which your application makes. Since most of the Win32 API is implemented
using import functions in dlls, this means that you hook Win32 API calls. This is
useful when for example you want to be called for every call to the file system
(CreateFile && CloseHandle) which your app makes. This example of hooking
the file system calls your app makes could form the basis of code to ensure you
do not have any handle leaks in your application. You could also use this code to
spy on COM port activity in remote processes by injecting the DLL into the remote
process.
The code is based on the code developed by John Robbins for his "BugSlayer"articles
in the MSJ magazine. I have removed the dependencies on his other DLL functions,
converted the code to MFC and addition of numerous ASSERT's
Copyright
- You are allowed to include the source code in any product (commercial, shareware,
freeware or otherwise) when your product is released in binary form.
- You are allowed to modify the source code in any way you want except you
cannot modify the copyright details at the top of each module.
- If you want to distribute source code with your application, then you are
only allowed to distribute versions released by the author. This is to maintain
a single distribution point for the source code.
Updates
4 December 2002
- Please note that I have discontinued development of this code and it is
obsolete. Instead I would advise you to use the "CAPIHook" class from
Chapter 22 of the book "Programming Applications for Microsoft Windows"
by Jeffrey Richter. Another alternative you might want to consider is the Detours
Library from MS. It is available at
http://research.microsoft.com/sn/detours/
and can now be licensed for use in production / commercial environments.
V1.02 (20 April 2002)
- Fixed a potential infinite loop in HookImportFunctionByName. Thanks to David
Defoort for spotting this problem.
V1.01 (1 January 2001)
- Now includes copyright message in the source code and documentation.
- Fixed an access violation in where I was getting the name of the import
function but not checking for failure.
- Fixed a compiler error where I was incorrectly casting to a PDWORD instead
of a DWORD
V1.0 (24 December 1999)