Note
This code is outdated. A newer, better and nicer looking version now exists in CommonLib. Check it our HERE
A simple to use Import Address Table hooking utility based on CommonLib.
IAT (Import Address Table) hooking is a technique used to intercept function calls in a Windows application
by modifying the address table that an application uses to call external functions from DLLs.
By replacing the address of a function in the IAT with the address of a custom function (a "hook"),
you can redirect calls intended for the original function to your custom code.
This diagram explains IAT hooking (taken from ired.team)
// Our hook. This function will replace the original MessageBoxW.
int WINAPI hookedMessageBoxW(const HWND hWindow, LPCWSTR lpText, LPCWSTR lpCaption, const UINT uType);
int main()
{
// A CommonLib hook structure.
clib::windows::hook::Hook hook = clib::windows::hook::Hook{
"user32.dll",
"MessageBoxW",
hookedMessageBoxW,
MessageBoxW
};
// Installing IAT hook on MessageBoxW.
patcher::IATPatcher patcher;
patcher.install(hook);
// This call will be hooked.
MessageBoxW(NULL, L"This is some text!", L"This is some text", NULL);
// Uninstalling the hook.
patcher.uninstall(hook);
// This call will execute normally.
MessageBoxW(NULL, L"This is some text!", L"This is some text", NULL);
return 0;
}
This repository is intended for research and educational purposes only. The use of this code is entirely at your own risk.
Responsibility: The author takes no responsibility or liability for how you choose to use the code provided here. By using, copying, or distributing any part of this repository, you acknowledge that the author takes no responsibility for any consequences resulting from your actions.
Risk Acknowledgement: By using, copying, or distributing any part of this repository, you acknowledge that you are doing so at your own risk. You accept full responsibility for your actions.
No Endorsement: This repository does not endorse or promote any hacking-related activity.