#include#include using namespace std; // Function to be hooked DWORD WINAPI OldMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType) { return MessageBoxA(hWnd, "You've been hooked!", lpCaption, uType); } // Hook function DWORD WINAPI NewMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType) { return OldMessageBoxA(hWnd, "Hooked MessageBoxA!", lpCaption, uType); } int main() { // Hook the MessageBoxA function HMODULE hModule = LoadLibrary("user32.dll"); FARPROC pfnMessageBoxA = GetProcAddress(hModule, "MessageBoxA"); DWORD dwOldProtect, dwNewProtect; VirtualProtect(pfnMessageBoxA, sizeof(DWORD), PAGE_EXECUTE_READWRITE, &dwOldProtect); DWORD dwAddress = reinterpret_cast (pfnMessageBoxA); DWORD dwHookAddress = reinterpret_cast (NewMessageBoxA); DWORD dwOffset = dwHookAddress - dwAddress - sizeof(DWORD); DWORD dwPatch = 0xE9; memcpy(pfnMessageBoxA, &dwPatch, sizeof(DWORD)); memcpy(reinterpret_cast (dwAddress + sizeof(DWORD)), &dwOffset, sizeof(DWORD)); VirtualProtect(pfnMessageBoxA, sizeof(DWORD), dwOldProtect, &dwNewProtect); // Call the MessageBoxA function (will be hooked) MessageBoxA(0, "Hello World!", "Original MessageBoxA", 0); // Free the library and unhook the function VirtualProtect(pfnMessageBoxA, sizeof(DWORD), PAGE_EXECUTE_READWRITE, &dwOldProtect); memcpy(reinterpret_cast (dwAddress), &dwPatch, sizeof(DWORD)); memcpy(reinterpret_cast (dwAddress + sizeof(DWORD)), &OldMessageBoxA, sizeof(DWORD)); VirtualProtect(pfnMessageBoxA, sizeof(DWORD), dwOldProtect, &dwNewProtect); FreeLibrary(hModule); return 0; }
#includeThis example demonstrates how to hook a C++ function by using a function pointer and a custom function `HookFunction`. Package library: Windows SDK#include using namespace std; // Function to be hooked typedef int (__stdcall *MESSAGEBOXA_PROC)(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType); MESSAGEBOXA_PROC OldMessageBoxA = NULL; int __stdcall NewMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType) { return OldMessageBoxA(hWnd, "Hooked MessageBoxA!", lpCaption, uType); } // Hook function bool HookFunction(LPVOID lpFunction, LPVOID lpHook, LPVOID lpOldFunction) { DWORD dwOldProtect, dwNewProtect, dwOffset; dwOffset = reinterpret_cast (lpHook) - reinterpret_cast (lpFunction) - sizeof(DWORD); VirtualProtect(lpFunction, sizeof(DWORD), PAGE_EXECUTE_READWRITE, &dwOldProtect); memcpy(lpOldFunction, lpFunction, sizeof(DWORD)); memcpy(lpFunction, &dwOffset, sizeof(DWORD)); VirtualProtect(lpFunction, sizeof(DWORD), dwOldProtect, &dwNewProtect); return true; } int main() { // Hook the MessageBoxA function HMODULE hModule = LoadLibrary("user32.dll"); OldMessageBoxA = reinterpret_cast (GetProcAddress(hModule, "MessageBoxA")); LPVOID lpOldMessageBoxA = NULL; HookFunction(OldMessageBoxA, &NewMessageBoxA, &lpOldMessageBoxA); // Call the MessageBoxA function (will be hooked) MessageBoxA(0, "Hello World!", "Original MessageBoxA", 0); // Free the library and unhook the function HookFunction(OldMessageBoxA, &lpOldMessageBoxA, &OldMessageBoxA); FreeLibrary(hModule); return 0; }