A framework to take the tedium out of code-injection in C++ [Archive]

Ring3 Circus

December 20th, 2007, 08:00

http://www.ring3circus.com/wp-content/uploads/calc_hook_dialog.thumbnail.png ("http://www.ring3circus.com/wp-content/uploads/calc_hook_dialog.png")
I know I’ve been banging on about injection a lot recently, but I figured a good way to pinch off would be to present some code. After searching and failing, I took it upon myself to write a reusable C++ class to do most of the leg-work for Windows XP/2000/Vista32 DLL injection and hooking. The source is available on the project page ("http://www.ring3circus.com/downloads/dll-injection-framework").

The process of remote function hooking via a DLL is notoriously messy, so I’ve tried to encapsulate as much of the mess as possible into a C++ class. Here’s an example of some client code that injects a DLL into Windows Calculator, then installs two hooks (one by name and another by address):

Code:

// Create the injection objectDLLInjection injection("E:/Temp/HookDLL.dll";

// Find Calc.exe by its window

DWORD process_id = injection.GetProcessIDFromWindow(    "SciCalc",    "Calculator";

// Inject the DLL

HMODULE remote_module = injection.InjectDLL(process_id);

// Hook a DLL function

(User32!SetWindowTextW)HDLLHOOK swtw_hook = injection.InstallDLLHook(    "C:/Windows/System32/User32.dll",    "SetWindowTextW",    "SetWindowTextHookW";

// Hook a function manually

(Calc!0100F3CF)HDLLHOOK manual_hook = injection.InstallCodeHook(    reinterpret_cast<void*> (0×0100F3CF),    “SomeOtherHook”;

// Remove the hooks

injection.RemoveHook(swtw_hook);

injection.RemoveHook(manual_hook);

Testing has been limited so don’t be surprised to find bugs. If you do find any, please report them via email or comment.

http://www.ring3circus.com/gameprogramming/a-framework-to-take-the-tedium-out-of-code-injection-in-c/