Hooking API Calls in Current Process?

5
votes

How do I go about hooking/redirecting a function in a DLL (say, CreateThread from Kernel32.dll) loaded in the current process?

(I don't have control over which pieces of code call CreateThread, so it's not like I can just have the code something else instead.)

The language doesn't matter much; I'm guessing C/C++ would be the best choices for this.

Update:

I forgot to mention: I'm not looking for solutions that require the bundling of extra libraries into my program; I was looking for a manual way of doing the hooking (such as by rewriting the address of the function), not for using an external library to do this.

But thanks to those who mentioned an external library; sorry I didn't say this earlier.

3
c++cwinapihook
also check this article: API hooking revealedAndriy Tylychko

3 Answers

3
votes

there's MS library for this: Detours

3
votes

(This most likely would have been more appropriate as a "comment" under the "Detours" answer, but, as my "reputation" isn't enough yet to add comments I guess, let me post it as an answer)

This post under this thread ("DirectShow question") mentions a replacement/home-grown alternative to Detours (with some rough code example as well) by Alessandro Angeli.

I've actually first found it quoted in another thread ("problem in hooking cocreateinstance") while also searching for COM component creation hooking/tracing (This second thread is more focused on cross-process hooking though).

Let me also add a link for WinAPIOverride32 (by Jacquelin Potier) for convenience here as well. It seems to have "developer designed GUI" :) but, no complaints at all as it is open source (as mentioned above).

2
votes

Check out http://easyhook.codeplex.com/

It's an API Hooking framework. Its open source, very easy to use!