Ring3 Circus
December 20th, 2007, 08:00
http://www.ring3circus.com/wp-content/uploads/calc_hook_dialog.thumbnail.png ("http://www.ring3circus.com/wp-content/uploads/calc_hook_dialog.png")
I know I’ve been banging on about injection a lot recently, but I figured a good way to pinch off would be to present some code. After searching and failing, I took it upon myself to write a reusable C++ class to do most of the leg-work for Windows XP/2000/Vista32 DLL injection and hooking. The source is available on the project page ("http://www.ring3circus.com/downloads/dll-injection-framework").
The process of remote function hooking via a DLL is notoriously messy, so I’ve tried to encapsulate as much of the mess as possible into a C++ class. Here’s an example of some client code that injects a DLL into Windows Calculator, then installs two hooks (one by name and another by address):
Testing has been limited so don’t be surprised to find bugs. If you do find any, please report them via email or comment.
http://www.ring3circus.com/gameprogramming/a-framework-to-take-the-tedium-out-of-code-injection-in-c/
I know I’ve been banging on about injection a lot recently, but I figured a good way to pinch off would be to present some code. After searching and failing, I took it upon myself to write a reusable C++ class to do most of the leg-work for Windows XP/2000/Vista32 DLL injection and hooking. The source is available on the project page ("http://www.ring3circus.com/downloads/dll-injection-framework").
The process of remote function hooking via a DLL is notoriously messy, so I’ve tried to encapsulate as much of the mess as possible into a C++ class. Here’s an example of some client code that injects a DLL into Windows Calculator, then installs two hooks (one by name and another by address):
Code:
// Create the injection objectDLLInjection injection("E:/Temp/HookDLL.dll";
// Find Calc.exe by its window
DWORD process_id = injection.GetProcessIDFromWindow( "SciCalc", "Calculator";
// Inject the DLL
HMODULE remote_module = injection.InjectDLL(process_id);
// Hook a DLL function
(User32!SetWindowTextW)HDLLHOOK swtw_hook = injection.InstallDLLHook( "C:/Windows/System32/User32.dll", "SetWindowTextW", "SetWindowTextHookW";
// Hook a function manually
(Calc!0100F3CF)HDLLHOOK manual_hook = injection.InstallCodeHook( reinterpret_cast<void*> (0×0100F3CF), “SomeOtherHook”;
// Remove the hooks
injection.RemoveHook(swtw_hook);
injection.RemoveHook(manual_hook);
http://www.ring3circus.com/gameprogramming/a-framework-to-take-the-tedium-out-of-code-injection-in-c/