How to use the [Windows Hook]MinHook Library

GitHub address of MinHook: https://github.com/TsudaKageyu/minhook

Official document description: MinHook - The Minimalistic x86/x64 API Hooking Library

MinHook is realized through Inline Hook. Hook can be realized by generating library files and including header files and corresponding library files in our project.

Learn a library, learn how to use it first, and then read the source code to learn the principle.

1.Hook

Simple introduction:

Hook means "hook" and "hook". When the program is executed, it is called hook technology to monitor and intercept the program running process at an appropriate position.

Here you can see my previous article: "A brief introduction to Windows Hook - I planted this tree and opened this road"

2.MinHook

Minimalist x86 / x64 API hook library

MinHook is implemented through Inline Hook. By generating library files and including header files and corresponding library files in our project, we can implement Hook.

2.1 document structure

[the external chain image transfer fails. The source station may have an anti-theft chain mechanism. It is recommended to save the image and upload it directly (img-2xz9gubz-1634380852832) (C: \ users \ 11073 \ appdata \ roaming \ typora \ user images \ image-20211014224154089. PNG)]

build directory: contains various versions of solutions. You can select the corresponding version to generate

[the external chain image transfer fails. The source station may have an anti-theft chain mechanism. It is recommended to save the image and upload it directly (img-z9mhd1xu-1634380852836) (C: \ users \ 11073 \ appdata \ roaming \ typora \ user images \ image-20211014230031614. PNG)]

include directory: it needs to be included in the header file directory of our project

[the external chain image transfer fails. The source station may have an anti-theft chain mechanism. It is recommended to save the image and upload it directly (img-qwquwgwv-1634380852839) (C: \ users \ 11073 \ appdata \ roaming \ typora user images \ image-20211014230128642. PNG)]

Introduction to solution directory of each corresponding version:
lib Directory: generate the corresponding static library directory, including x64 and x86
bin directory: generate the corresponding dynamic library directory, including x64 and x86

2.2 solution structure

[the external chain image transfer fails. The source station may have an anti-theft chain mechanism. It is recommended to save the image and upload it directly (img-focbxub4-1634380852841) (C: \ users \ 11073 \ appdata \ roaming \ typora \ user images \ image-202110142302131639. PNG)]

You can directly generate libMinHook for the first project, generate library files, and include the required header file MinHook.h into your own project. Note that you need to select the corresponding generated library file version according to whether the Hook process is 64 bit or 32-bit, otherwise Hook will not take effect
The second project can directly generate the dll corresponding to the static library, which can be used for dynamic Loadlibrary. However, it is recommended to directly generate the static library and directly generate it into our own project, because our own project needs to generate a dll injected into the target process.

Using minhook

To learn the use of minhook, just give an example. According to the most common example of hook pop-up window.

0x00 example 1 Hook Windows popup MessageboxA

Experimental process

A normal hook process should look like this.

1. A normal pop-up exe, that is, the target process

2. Implement a hook dll

3. Try to inject dll into the target process

However, the purpose of this article is to learn the use of MinHook library, so we simplify the steps and omit the process of injecting and loading dll:

1. There is a pop-up window in the process of achieving a goal; Call the lib of MinHook to realize the hook function, and call the hook function to realize the hook of MessageBoxA.

Experimental code

1. Call MessageBoxA code normally:

  MessageBoxA(NULL, "Orgin MessageBox", "tip", NULL);	//Call before injection

2. Call MinHook.lib

#include "../include/MinHook.h"
#if defined _M_X64
#pragma comment(lib, "libMinHook.x64.lib")
#elif defined _M_IX86
#pragma comment(lib, "libMinHook.x86.lib")
#endif

3. Implement a fake messageboxa function

typedef int (WINAPI *OldMessageBox)(HWND, LPCSTR, LPCSTR, UINT);

OldMessageBox fpMessageBoxA = NULL;

int WINAPI MyMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
{
    int ret = fpMessageBoxA(hWnd, "Hook Inject", lpCaption, uType);
    return ret;
}

4. Installation and uninstallation of minhook

MinHook has encapsulated the hook function well. We only need the following functions to implement hook

4.1MH_Initialize()

4.2 creating hook functions

 MH_STATUS WINAPI MH_CreateHook(LPVOID pTarget, LPVOID pDetour, LPVOID *ppOriginal);

4.3 start Hook function

 MH_STATUS WINAPI MH_EnableHook(LPVOID pTarget);

At this point, the hook function can take effect. The following is to uninstall the hook function

4.4 unloading Hook function

 MH_Uninitialize();

Complete code

// MinHook_user.cpp: defines the entry point for the console application.
//

#include "stdafx.h"
#include <Windows.h>
#include <iostream>
#include "include\MinHook.h"

#if defined _M_X64
#pragma comment(lib, "libMinHook.x64.lib")
#elif defined _M_IX86
#pragma comment(lib, "libMinHook.x86.lib")
#endif


typedef int (WINAPI *OldMessageBox)(HWND, LPCSTR, LPCSTR, UINT);

OldMessageBox fpMessageBoxA = NULL;

int WINAPI MyMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
{
    int ret = fpMessageBoxA(hWnd, "Hook Inject", lpCaption, uType);
    return ret;
}

void SetHook()
{
    if (MH_Initialize() == MB_OK)
    {
        MH_CreateHook(&MessageBoxA, &MyMessageBoxA, reinterpret_cast<void**>(&fpMessageBoxA));
        MH_EnableHook(&MessageBoxA);
    }
}

void UnHook()
{
    if (MH_DisableHook(&MessageBoxA) == MB_OK)
    {
        MH_Uninitialize();
    }
}


int main()
{
    int key = 0;
    std::cout << "input key to starthook" << std::endl;
    std::cin >>key ;
    //Install Hook function
    SetHook();
    //Call the normal MessageBoxA function
    MessageBoxA(NULL, "Orgin MessageBox", "tip", NULL);
    std::cout << "input key to UnHook" << std::endl;
    std::cin >> key;
    //Unload Hook function
    UnHook();
    getchar();
    return 0;
}