开源的Nektra HookLib

HookLib Overview

HookLib is a code interception engine for Microsoft Windows? This library is the core of our Deviare technology, it has the functionality offered by Microsoft Detours?but we have released it under a GNU LGPL license, this way we offer it as a free download and we allow the use of it for any purpose, including commercial purposes. The library is coded in C++ and provides all the facilities required to hook any code during runtime. If you need to intercept any Windows API function this tool makes it easier than ever. This is a fragment of assembler code which shows a code interception in a Win32 API function. The image shows that every call to the FindNextFile function is handled by the HookLib library, and allows you to execute your custom code. To check it's functionality you can read the HookLib article in our Blog and use the C++ Example included in the package. You can download HookLib for free clicking here.

http://nektra.com/products/deviare/hooklib/

Nektra’s hook engine for Windows.

Today we are releasing

HookLib,

our hook engine, under LPGL license. It has been a part of Deviare since its early beginning. And we think it reached a maturity level that any developer can appreciate.

There are several libraries that provide some of the functionality we give here. But most of them are theoretical examples, or very custom, that do not adjust well to every situation. In contrast, we designed it to suit to most situations and solve most common mistakes, as the ones seen on multithreading environments.

Inside the library, you’ll find a small yet powerful example. Let’s take a look at it:

The example’s goal is to deny access to a complete folder tree ( My Documents) and hide any executable file from the dialog. Two kernel’s functions will be intercepted:

For our first task, we hook FindFirstFileW. From here we block any access attempt to our folder or any child in it.

This hook is handled before the actual call is made. So, when we set the last error to

access denied

and ask our hook to skip the call, the kernel function is never reached, and the caller is prevented from enumerating it. Also, we are returning an invalid handle, as defined by the documentation.

To hide executable extensions from the user, we will hook FindNextFileW. A program call this function to navigate files in a folder. What we do here is intercept calls just before they return to the caller. There we see if the file found is of any interest to us.

As shown, if we need to skip this call, we simply call the function again. This way, the result goes unknown from the caller. To cleanly return the next item, we make sure that the return value and last error get to the caller.

Please remember that this an open source project. Feel free to add any changes you see fit. We’ll keep on using it on our products, so don’t hesitate in sending us any bug report of feature request. We’ll try our best to add them.

附件是HookLib的安装文件,也可以去网站上下载.