Project Banner

IAT Hooking

C++ Windows x86 x64

? Project Overview :

This project have been created to show how IAT hooking works.

You can easily hook any functions in the IAT, you can also change the module you want to target.

This project can be compiled for x86 and x64 architecture.

? Getting Started

Visual Studio :

  1. Open the solution file (.sln).
  2. Build the project in Release (x86 or x64)

Build for x86 / x64 (Debug and Realese).

? Example

MessageBoxA Hook

New MessageBoxA function

using MessageBoxPtr = int(WINAPI*)(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType);
MessageBoxPtr MessageBoxTest;

//MessageBoxA function hook.
int WINAPI MessageBoxHook(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
{
  printf("MessageBoxA have been called !\n");

  //Call the orginal MessageBoxA function
  return MessageBoxTest(nullptr, "This function have been hooked !", "test", 0);
}

Hook MessageBoxA

//Hook the MessageBoxA function
const LPVOID lpOrgFunction = IATHook("MessageBoxA", &MessageBoxHook);
if (lpOrgFunction == nullptr)
	return -1;

MessageBoxTest = (MessageBoxPtr)lpOrgFunction;

MessageBoxA(nullptr, "This will never be displayed !", "test", 0);

//Unhook the MessageBoxA function
IATHook("MessageBoxA", lpOrgFunction);

MessageBoxA(nullptr, "This function have been unhooked !", "test", 0);

GitHub

View Github