- Tutorial 1: Get the root interface
- Tutorial 2: Low level (raw mode) hook
- Tutorial 3: Advanced hook
- Tutorial 4: Write hook function for raw mode hook
- Tutorial 5: Write hook function for advanced mode hook
Tutorial 1: Get the root interface:
Get the root interface in Delphi
Dynamically link to CHook.dll
uses CodeHookIntf;
var
GCodeHook: ICodeHook;
GCodeHookHelper: ICodeHookHelper;
procedure InitWithDll;
begin
InitCodeHookDLL('the path to the dll\CHook.dll');
GetCodeHook(GCodeHook);
GCodeHook.GetCodeHookHelper(GCodeHookHelper);
end;
Static link to the source code (no DLL required) uses CodeHook; var GCodeHook: ICodeHook; GCodeHookHelper: ICodeHookHelper; procedure InitWithoutDll; begin GCodeHook := GetCodeHookIntf; GCodeHook.GetCodeHookHelper(GCodeHookHelper); end;
Get the root interface in C++
Dynamically link to CHook.dll
#include "codehook.h"
ICodeHook * codehook;
ICodeHookHelper *helper;
CodeHookDynamicLoader::InitLoader("the path to the dll\CHook.dll");
GetCodeHook((void **)&codehook);
codehook->GetCodeHookHelper(&helper);
For Borland C++ users, there is also a CodeHook_bc.lib which can be static linked instead of use CHook.dll. The lib for VC is lacked because I have not found any usable tool to convert the lib from OMF format to COFF.
Tutorial 2: Low level hook:
Step 1: Get interface ICodeHook.
See tutorial 1.Step 2: Use ICodeHook.Hook to install the hook.
Step 3: After done, use ICodeHook.Unhook to uninstall the hook.
Tutorial 3: Advanced hook:
Step 1: Get interface ICodeHook.
See tutorial 1.Step 2: Use ICodeHook.AdvancedHook to install the hook.
Step 3: After done, use ICodeHook.AdvancedUnhook to uninstall the hook.
Beside ICodeHook, ICodeHookHelper makes it more easier to do advanced hook.Tutorial 4: Write hook function for raw mode hook
The only rule to write hook function for raw mode hook is the prototype of the hook function must be exactly same as the target function.Usually you can find the prototype of the target function from the SDK header file, so you can just copy the prototype to your source file and them rename it to the hook name.
For example, if you want to hook the Windows API MessageBox.
According to Windows SDK, its prototype is,
WINUSERAPI
int
WINAPI
MessageBoxA(
IN HWND hWnd,
IN LPCSTR lpText,
IN LPCSTR lpCaption,
IN UINT uType);
We can just simple declare the hook function as,
WINUSERAPI
int
WINAPI
NewMessageBoxA(
IN HWND hWnd,
IN LPCSTR lpText,
IN LPCSTR lpCaption,
IN UINT uType);
We only need to rename MessageBoxA to NewMessageBoxA, and keep others as it is. This is also true for Delphi users, you can find the declaration of MessageBoxA in Windows.pas and just copy and rename it.
The hook function in Delphi will look like,
function NewMessageBoxA(hWnd: HWND; lpText, lpCaption: PAnsiChar; uType: UINT): Integer; stdcall;
Tutorial 5: Write hook function for advanced mode hook
We need to discuss this topic under two slightly different situation.Situation 1, there are no extra parameters be passed.
If you use ICodeHook.AdvancedHook with AExtraParamCount equals to 0, or use ICodeHookHelper.HookWithGlobalMethod or ICodeHookHelper.HookWithObjectMethod to make the hooking, there are no extra parameters be passed to the hook function.Under this situation, the hook function is simple and fixed prototype.
The prototype is,
Delphi syntax:
function HookCallback(AHandle: TCodeHookHandle; AParams: PCodeHookParamAccessor): Cardinal; CallingConvention;C++ syntax:
DWORD CallingConvention HookCallback(TCodeHookHandle AHandle, PDWORD AParams);The CallingConvention is how you declare HookCallback. You can choose any calling convention that supported by Win32 CodeHook, such as stdcall, cdecl, register call, etc.
Situation 2, there are extra parameters be passed.
If you use ICodeHook.AdvancedHook with AExtraParamCount greater than 0, or use ICodeHookHelper.HookWithGlobalMethodExtra or ICodeHookHelper.HookWithObjectMethodExtra to make the hooking, there are extra parameters be passed to the hook function.Under this situation, you only need to add the extra parameters to the prototype.
Delphi syntax:
function HookCallback(AExtraParam1: Cardinal; AExtraParam2: Cardinal .. AExtraParamN: Cardinal; AHandle: TCodeHookHandle; AParams: PCodeHookParamAccessor): Cardinal; CallingConvention;C++ syntax:
DWORD CallingConvention HookCallback(DWORD AExtraParam1, DWORD AExtraParam2 .. DWORD AExtraParamN, TCodeHookHandle AHandle, PDWORD AParams);