void hook_httpapi() { HookManager *mgr = HookManager::Obtain(); HMODULE h; h = mgr->OpenLibrary(_T("kernel32.dll")); _ASSERT(h != NULL); HOOK_FUNCTION(h, GetOverlappedResult); h = mgr->OpenLibrary(_T("httpapi.dll")); if (h == NULL) { MessageBox(0, _T("Failed to load 'httpapi.dll'."), _T("oSpy"), MB_ICONERROR | MB_OK); return; } HttpReceiveHttpRequestImpl = (HttpReceiveHttpRequestFunc) GetProcAddress(h, "HttpReceiveHttpRequest"); HOOK_FUNCTION(h, HttpCreateHttpHandle); HOOK_FUNCTION(h, HttpReceiveHttpRequest); HOOK_FUNCTION(h, HttpReceiveRequestEntityBody); }
void hook_secur32() { HookManager *mgr = HookManager::Obtain(); // We don't want to log calls from the RPCRT4 API HMODULE h = mgr->OpenLibrary(_T("RPCRT4.dll")); if (h == NULL) { MessageBox(0, _T("Failed to load 'RPCRT4.dll'."), _T("oSpy"), MB_ICONERROR | MB_OK); return; } if (GetModuleInformation(GetCurrentProcess(), h, &rpcrt4_info, sizeof(rpcrt4_info)) == 0) { message_logger_log_message(_T("hook_secur32"), 0, MESSAGE_CTX_WARNING, _T("GetModuleInformation failed with errno %u"), GetLastError()); } // Hook the Secur32 API h = mgr->OpenLibrary(_T("secur32.dll")); if (h == NULL) { MessageBox(0, _T("Failed to load 'secur32.dll'."), _T("oSpy"), MB_ICONERROR | MB_OK); return; } HOOK_FUNCTION(h, DeleteSecurityContext); HOOK_FUNCTION(h, EncryptMessage); HOOK_FUNCTION(h, DecryptMessage); }
void installHooks() { HOOK_FUNCTION(user32, SetWindowsHookExA, setWindowsHookExA); }