API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 23rd, 2017
209
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 2.09 KB | None | 0 0
raw download clone embed print report
  1. #include "user32.h"
  2. #include "apihook.h"
  3. #include "Debug.h"
  4.  
  5. // Generated by ExtractDef by Havenard <havenard@hotmail.com>
  6.  
  7. HINSTANCE hOriginal = NULL;
  8. #define NONHOOKEDPROC(x) FARPROC o_##x;
  9. #include "user32.dsm"
  10. #define NONHOOKEDPROC(x) __declspec(naked) void __stdcall fo_##x(void) { __asm jmp o_##x }
  11. #include "user32.dsm"
  12.  
  13. typedef HMODULE (WINAPI *t_LoadLibraryA)(LPCTSTR dllName);
  14. typedef HMODULE (WINAPI *t_LoadLibraryW)(LPCTSTR dllName);
  15. typedef HMODULE (WINAPI *t_LoadLibrary)(LPCTSTR dllName);
  16.  
  17.  
  18. t_LoadLibraryA OriginalLoadLibraryA = NULL;
  19. t_LoadLibraryW OriginalLoadLibraryW = NULL;
  20. t_LoadLibrary OriginalLoadLibrary = NULL;
  21.  
  22. HMODULE WINAPI MyLoadLibraryA(LPCTSTR dllName) {
  23.     HMODULE hResult = OriginalLoadLibraryA(dllName);
  24.     Echo("pegou");
  25.     return hResult;
  26. }
  27.  
  28. HMODULE WINAPI MyLoadLibraryW(LPCTSTR dllName) {
  29.     HMODULE hResult = OriginalLoadLibraryW(dllName);
  30.     Echo("pegou w");
  31.     return hResult;
  32. }
  33.  
  34. HMODULE WINAPI MyLoadLibrary(LPCTSTR dllName) {
  35.     HMODULE hResult = OriginalLoadLibrary(dllName);
  36.     Echo("pegou wwww");
  37.     return hResult;
  38. }
  39.  
  40. const char kernel32_dll[] = "kernel32.dll";
  41.  
  42. void InstallProcs() {
  43.     char buffer[512];
  44.     if (hOriginal) return;
  45.     GetSystemDirectory(buffer, 512);
  46.     strcat(buffer, "\\USER32.dll");
  47.     hOriginal = LoadLibrary(buffer);
  48.     #define NONHOOKEDPROC(x) o_##x = GetProcAddress(hOriginal, #x);
  49.     #include "user32.dsm"
  50.  
  51.     OriginalLoadLibraryA = (t_LoadLibraryA)InstallApiHook(kernel32_dll, "LoadLibraryA", (PDWORD)MyLoadLibraryA);
  52.     OriginalLoadLibraryW = (t_LoadLibraryW)InstallApiHook(kernel32_dll, "LoadLibraryW", (PDWORD)MyLoadLibraryW);
  53.     OriginalLoadLibrary = (t_LoadLibrary)InstallApiHook(kernel32_dll, "LoadLibrary", (PDWORD)MyLoadLibrary);
  54.     Echo("LoadLibraryA    = 0x%p", OriginalLoadLibraryA);
  55.     Echo("LoadLibraryW    = 0x%p", OriginalLoadLibraryW);
  56.     Echo("LoadLibrary    = 0x%p", OriginalLoadLibrary);
  57. }
  58.  
  59. BOOL APIENTRY DllMain(HINSTANCE hInstance, DWORD fdwReason, PVOID pvReserved) {
  60.     switch (fdwReason) {
  61.     case DLL_PROCESS_ATTACH:
  62.         InstallProcs();
  63.         break;
  64.     case DLL_PROCESS_DETACH:
  65.         FreeLibrary(hOriginal);
  66.         break;
  67.     }
  68.     return TRUE;
  69. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!