Datatypes. API hooking revealed - The Code Project - System. Introduction Intercepting Win32 API calls has always been a challenging subject among most of the Windows developers and I have to admit, it's been one of my favorite topics. The term Hooking represents a fundamental technique of getting control over a particular piece of code execution. It provides an straightforward mechanism that can easily alter the operating system's behavior as well as 3rd party products, without having their source code available. Many modern systems draw the attention to their ability to utilize existing Windows applications by employing spying techniques.
A key motivation for hooking, is not only to contribute to advanced functionalities, but also to inject user-supplied code for debugging purposes. Unlike some relatively "old" operating systems like DOS and Windows 3.xx, the present Windows OS as NT/2K and 9x provide sophisticated mechanisms to separate address spaces of each process. Spying of applications provides many advantages: Injecting techniques Figure 2. Routine Mappings (CRT) CodeGuru: Three Ways To Inject Your Code Into Another Process. Several password spy tutorials have been posted to CodeGuru, but all of them rely on Windows hooks. Is there any other way to make such a utility? Yes, there is. But first, let me review the problem briefly, just to make sure we're all on the same page. To "read" the contents of any control—either belonging to your application or not—you generally send the WM_GETTEXT message to it. This also applies to edit controls, except in one special case. Executed in the address space of another process.
You will find HookSpy and HookInjEx as well as their sources in the download package at the end of the article. The first problem is actually solved by itself. The second problem is also easy to solve: Simply copy the DLL module name (needed by LoadLibrary) to the remote process via WriteProcessMemory. Also, don't forget to close all the handles once you are finished: To both threads, created in Steps #4 and #8; and the handle to the remote process, retrieved in Step #1. Interprocess Communications. DLL Internals by Yash K.S -- Technical Stuff.