![[Tutorial] Hooking API's using C#](https://www.elitepvpers.com/forum/iconimages/coding-tutorials/tutorial-hooking-apis-using-c_ltr.gif){kind=small}
[Tutorial] Hooking API's using C#
[ Requirements & information ]
Visual Studio 20XX
Hooking - Wikipedia, the free encyclopedia
C# Skills
[ Practice ]
We've got 'msgbox.dll' & 'Inj3ct0r.exe'
how it work?
Inj3ct0r injects library into target process,
EasyHook helps hook MessageBox API which contains in (user32.dll, more read in msdn), then injected library wait for messagebox and outputs parametrs into console.
if user wants he can return he's own messagebox instead of original(hooking).
this tutorial is not only for messagebox you can hook also many other API's,
just i choose this for an easy example so everyone could understand me.
as for example i was hooking HGWC, also do not remove option "InjectionOption.DoNotRequireStrongName" because if you do it will be big pain in ass.
Oh and btw the DLL & Inj3ct0r communicates with each other, that's how you can see logs in console.
i hope you guyz like this tutorial, comment & rate
WORKS on BOTH (x64 & x86) platforms.
files are included in attachment below(both, binary & sourcecode)
[ Screens ]
[ DLL Code ]
Code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Runtime.InteropServices;
using EasyHook;
namespace msgbox
{
public class Main : EasyHook.IEntryPoint
{
public LocalHook CreateHook;
public Inj3ct0r.InjectorInterface Interface;
Stack<String> Queue = new Stack<String>();
public Main(RemoteHooking.IContext InContext, String InChannelName)
{
Interface = RemoteHooking.IpcConnectClient<Inj3ct0r.InjectorInterface>(InChannelName);
}
public void Run(RemoteHooking.IContext InContext, String InChannelName)
{
Interface.debug("Injected!!");
try
{
CreateHook = LocalHook.Create(
LocalHook.GetProcAddress("user32.dll", "MessageBoxW"),
new DMessageBox(MessageBoxH),
this);
CreateHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 });
}
catch (Exception ExtInfo)
{
Interface.ReportException(ExtInfo);
return;
}
try
{
while (true)
{
System.Threading.Thread.Sleep(100);
if (Queue.Count > 0)
{
String[] Package = null;
lock (Queue)
{
Package = Queue.ToArray();
Queue.Clear();
}
Interface.debug(Package[0]);
}
}
}
catch { }
}
//MB icons
static int MB_ICONINFORMATION = (int)(0x00000040L);
static int MB_ICONASTERISK = (int)(0x00000040L);
static int MB_ICONQUESTION = (int)(0x00000020L);
//MB buttons
static int MB_OK = (int)(0x00000000L);
static int MB_YESNO = (int)(0x00000004L);
[DllImport("user32.dll", CharSet = CharSet.Auto)]
static extern int MessageBox(IntPtr hWnd, String text, String caption, int options);
[UnmanagedFunctionPointer(CallingConvention.StdCall,
CharSet = CharSet.Unicode,
SetLastError = true)]
delegate int DMessageBox(
IntPtr hWnd,
String text,
String caption,
int options
);
static int MessageBoxH(
IntPtr hWnd,
String text,
String caption,
int options)
{
Main This = (Main)HookRuntimeInfo.Callback;
lock (This.Queue)
{
This.Queue.Push("Original MessageBox:\"\nhWnd:'" + hWnd + "'\nText:'" + text + "'\nCaption:'" + caption + "'\"");
}
if (text.Contains("Detected the application which")) // hook for HGWC if detected msgbox pop's up
{
return MessageBox(hWnd, text + "\nHOOKED by arkade ^^", caption, options);
}
else
{
return MessageBox(
hWnd,
text,
caption,
options);
}
}
}
}
[ Inj3ct0r Code ]
Code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.IO;
using System.Diagnostics;
using System.Runtime.Remoting;
using EasyHook;
namespace Inj3ct0r
{
public class InjectorInterface : MarshalByRefObject
{
public void IsInstalled()
{
Console.WriteLine("Injected ;).\r\n");
}
public void debug(String msg)
{
Console.Out.WriteLine("{0}\r\n", msg);
}
public void ReportException(Exception InInfo)
{
Console.WriteLine("Error:\r\n" + InInfo.ToString());
}
}
class Program
{
static int delay = 500;
static String ChannelName = null;
static String process = "!explorer";
static Process proc;
static void Main(string[] args)
{
Console.Title = "Inj3ct0r";
Console.ForegroundColor = ConsoleColor.Green;
loadcfg();
Console.WriteLine("Waiting for {0}...", process);
while (Process.GetProcessesByName(process).Length == 0)
{
System.Threading.Thread.Sleep(delay);
}
proc = Process.GetProcessesByName(process)[0];
try
{
RemoteHooking.IpcCreateServer<InjectorInterface>(ref ChannelName, WellKnownObjectMode.SingleCall);
RemoteHooking.Inject(
proc.Id,
InjectionOptions.DoNotRequireStrongName,
"msgbox.dll",
"msgbox.dll",
ChannelName);
Console.ReadLine();
}
catch (Exception ExtInfo){
Console.WriteLine("There was an error while connecting to target:\r\n{0}", ExtInfo.ToString());
}
}
private static void loadcfg()
{
if (File.Exists("cfg.ini"))
{
string line = null;
StreamReader cfg = new StreamReader(@"cfg.ini");
while ((line = cfg.ReadLine()) != null)
{
if (line.StartsWith("<proc>"))
{
process = line.Replace("<proc>", "").Replace("</proc>", "").Replace(".exe","");
}
if (line.StartsWith("<delay>"))
{
delay = Convert.ToInt32(line.Replace("<delay>", "").Replace("</delay>", ""));
}
}
}
}
}
}
[ Virustotal ]
Have fun ^^
