HookImportFunctionByName v1.02 (Obsolete)

Enclosed is MFC source code for a function which can be used to hook any imported function call which your application makes. Since most of the Win32 API is implemented using import functions in dlls, this means that you hook Win32 API calls. This is useful when for example you want to be called for every call to the file system (CreateFile && CloseHandle) which your app makes. This example of hooking the file system calls your app makes could form the basis of code to ensure you do not have any handle leaks in your application. You could also use this code to spy on COM port activity in remote processes by injecting the DLL into the remote process.

The code is based on the code developed by John Robbins for his "BugSlayer"articles in the MSJ magazine. I have removed the dependencies on his other DLL functions, converted the code to MFC and addition of numerous ASSERT's

Copyright

• You are allowed to include the source code in any product (commercial, shareware, freeware or otherwise) when your product is released in binary form.
• You are allowed to modify the source code in any way you want except you cannot modify the copyright details at the top of each module.
• If you want to distribute source code with your application, then you are only allowed to distribute versions released by the author. This is to maintain a single distribution point for the source code.

Updates

V1.0 (24 December 1999)

• Initial Public Release.

V1.01 (1 January 2001)

• Now includes copyright message in the source code and documentation.
• Fixed an access violation in where I was getting the name of the import function but not checking for failure.
• Fixed a compiler error where I was incorrectly casting to a PDWORD instead of a DWORD

V1.02 (20 April 2002)

• Fixed a potential infinite loop in HookImportFunctionByName. Thanks to David Defoort for spotting this problem.

4 December 2002

• Please note that I have discontinued development of this code and it is obsolete. Instead I would advise you to use the "CAPIHook" class from Chapter 22 of the book "Programming Applications for Microsoft Windows" by Jeffrey Richter. Another alternative you might want to consider is the Detours Library from MS. It is available at http://research.microsoft.com/sn/detours/ and can now be licensed for use in production / commercial environments.