I was thinking how can I hook an API with C# or VB.Net, without using a C++ Library like EasyHook
or similar libs. The purpose why I like to learn this is not for anything malicous, its just to get more experience and find the limits of whats possible with .net. Lets say I like to hook the MessageBoxA API. I first import it by Importing System.Runtime.InterropServices and then add the PInvoke Signiature for The MessageBoxA API Call in user32.dll
<DllImport("user32.dll", EntryPoint:="MessageBoxW",
SetLastError:=True, Charset:=Charset.Unicode)>
Public Function MessageBox(
hwnd As IntPtr,
<MarshalAs(UnmanagedType.LPTSTR)>ByVal lpText As String,
<MarshalAs(UnmanagedType.LPTSTR)>ByVal lpCaption As String,
<MarshalAs(UnmanagedType.U4)>ByVal uType As MessageBoxOptions
) As <MarshalAs(UnmanagedType.U4)>MessageBoxResult
End Function
I basically like now to hook every process, which calls the MessageBoxA API get the normal text, but with the hook I like to append "hooked" at the end of the messageBox text. A friend who is very experienced with .net, but unfortunately to busy to help me with this, told me its definitly possible to do that. The steps would be, first I need the actual hooking function in a dll (library) which I will later inject in a process, then I need to determine if its a native or a managed process. If its a managed then there is no problem, but if it is a native process I need a loader. A native process doesn't have .net loaded so i need to load it manually first and then injectz the dll.
Then I need to get the Pointer to the .net method as a pointer so I know the adress where my hook should be directed to and then I can use GetProcessAdress and LoadLibraryA to get the Pointer to the API. The JMP I like to write at the beginning of the API can be realized by using WriteProcessMemory. Can someone show me how this can be realized on a simple example as mentioned above by hooking hte messagebox api and apending some text to it before it is called.
=)
I'm not sure if this is what you are looking for, but this is how I Hook into the mouse. Maybe it can help you figure out other hooks.
Public Class MouseDetector
Public Event MouseLeftButtonClick(ByVal sender As Object, ByVal e As MouseEventArgs)
Public Event MouseRightButtonClick(ByVal sender As Object, ByVal e As MouseEventArgs)
Private Delegate Function MouseHookCallback(ByVal nCode As Integer, ByVal wParam As Integer, ByVal lParam As IntPtr) As Integer
Private MouseHookCallbackDelegate As MouseHookCallback
Private MouseHookID As Integer
Public Sub New()
If MouseHookID = 0 Then
MouseHookCallbackDelegate = AddressOf MouseHookProc
MouseHookID = SetWindowsHookEx(CInt(14), MouseHookCallbackDelegate, Marshal.GetHINSTANCE(Assembly.GetExecutingAssembly.GetModules()(0)), 0)
If MouseHookID = 0 Then
'error
End If
End If
End Sub
Public Sub Dispose()
If Not MouseHookID = -1 Then
UnhookWindowsHookEx(MouseHookID)
MouseHookCallbackDelegate = Nothing
End If
MouseHookID = -1
End Sub
Private Enum MouseMessages
WM_LeftButtonDown = 513
WM_LeftButtonUp = 514
WM_LeftDblClick = 515
WM_RightButtonDown = 516
WM_RightButtonUp = 517
WM_RightDblClick = 518
End Enum
<StructLayout(LayoutKind.Sequential)> Private Structure Point
Public x As Integer
Public y As Integer
End Structure
<StructLayout(LayoutKind.Sequential)> Private Structure MouseHookStruct
Public pt As Point
Public hwnd As Integer
Public wHitTestCode As Integer
Public dwExtraInfo As Integer
End Structure
<DllImport("user32.dll", CharSet:=CharSet.Auto, CallingConvention:=CallingConvention.StdCall)> _
Private Shared Function CallNextHookEx(ByVal idHook As Integer, ByVal nCode As Integer, ByVal wParam As IntPtr, ByVal lParam As IntPtr) As Integer
End Function
<DllImport("User32.dll", CharSet:=CharSet.Auto, CallingConvention:=CallingConvention.StdCall, SetLastError:=True)> _
Private Shared Function SetWindowsHookEx(ByVal idHook As Integer, ByVal HookProc As MouseHookCallback, ByVal hInstance As IntPtr, ByVal wParam As Integer) As Integer
End Function
<DllImport("user32.dll", CharSet:=CharSet.Auto, CallingConvention:=CallingConvention.StdCall, SetLastError:=True)> _
Private Shared Function UnhookWindowsHookEx(ByVal idHook As Integer) As Integer
End Function
Private Function MouseHookProc(ByVal nCode As Integer, ByVal wParam As Integer, ByVal lParam As IntPtr) As Integer
If nCode < 0 Then
Return CallNextHookEx(MouseHookID, nCode, wParam, lParam)
End If
Dim MouseData As MouseHookStruct = Marshal.PtrToStructure(lParam, GetType(MouseHookStruct))
Select Case wParam
Case MouseMessages.WM_LeftButtonUp
RaiseEvent MouseLeftButtonClick(Nothing, New MouseEventArgs(MouseButtons.Left, 1, MouseData.pt.x, MouseData.pt.y, 0))
Case MouseMessages.WM_RightButtonUp
RaiseEvent MouseRightButtonClick(Nothing, New MouseEventArgs(MouseButtons.Right, 1, MouseData.pt.x, MouseData.pt.y, 0))
End Select
Return CallNextHookEx(MouseHookID, nCode, wParam, lParam)
End Function
End Class
Private Sub MouseDetector_MouseLeftButtonClick(ByVal sender As Object, ByVal e As System.Windows.Forms.MouseEventArgs) Handles MouseDetector.MouseLeftButtonClick
'MessageBox.Show("left")
End Sub
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.