├── HookLib.cs
├── HookLib.csproj
├── NativeAPI.cs
├── Properties
    └── AssemblyInfo.cs
├── README.md
└── obj
    └── Release
        ├── DesignTimeResolveAssemblyReferencesInput.cache
        ├── HookLib.csproj.AssemblyReference.cache
        ├── HookLib.csproj.CoreCompileInputs.cache
        ├── HookLib.csproj.FileListAbsolute.txt
        ├── HookLib.dll
        └── HookLib.pdb


/HookLib.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | 
 3 | namespace HookLib
 4 | {
 5 |     public class HookLib
 6 |     {
 7 |         private string LibToHook { get; set; }
 8 |         private string FunctionToHook { get; set; }
 9 |         public byte[] NewBytes { get; set; }
10 |         private uint SizeOfNewBytes { get; set; }
11 |         public bool IsHooked { get; set; }
12 |         public byte[] OldBytes { get; set; }
13 |         private IntPtr ProcessToHook { get; set; }
14 | 
15 |         public HookLib(IntPtr ProcessToPatch, string LibName, string FunctionName, byte[] BytesToHook)
16 |         {
17 |             OldBytes = new byte[BytesToHook.Length]; //first we need a buffer to restore old function bytes to unhook it
18 |             ProcessToHook = ProcessToPatch;
19 |             LibToHook = LibName;//the lib ex kernel32 or ntdll
20 |             FunctionToHook = FunctionName;//name of the function you want to hook 
21 |             NewBytes = BytesToHook;//bytes you want to use as replacement of our function address
22 |             SizeOfNewBytes = (uint)BytesToHook.Length;//the size of hooked bytes
23 |         }
24 | 
25 |         public bool HookedFunction() 
26 |         {
27 |             IntPtr AddressOfLib = NativeAPI.GetModuleHandle(LibToHook);//getting lib address in our program
28 |             IntPtr FunctionAddress = NativeAPI.GetProcAddress(AddressOfLib, FunctionToHook);//getting function address in our program
29 |             NativeAPI.ReadProcessMemory(ProcessToHook, FunctionAddress, OldBytes, SizeOfNewBytes, 0);//read the original bytes from our function address and store them if you want to restore
30 |             return IsHooked = NativeAPI.WriteProcessMemory(ProcessToHook, FunctionAddress, NewBytes, SizeOfNewBytes, 0);// here we hooked the function : the address of our function is replace by our code (asm or opcode !)
31 |         }
32 |      
33 |         public bool UnHookedFunction() 
34 |         {
35 |             IntPtr AddressOfLib = NativeAPI.GetModuleHandle(LibToHook);//getting lib address in our program
36 |             IntPtr FunctionAddress = NativeAPI.GetProcAddress(AddressOfLib, FunctionToHook);//getting function address in our program
37 |             if (NativeAPI.WriteProcessMemory(ProcessToHook, FunctionAddress, OldBytes, SizeOfNewBytes, 0))//here we unhook the function by setting the original bytes from our buffer
38 |                 IsHooked = false;
39 |             else
40 |                 IsHooked = true;
41 |             return IsHooked;
42 |         }
43 |     }
44 | }
45 | 


--------------------------------------------------------------------------------
/HookLib.csproj:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
 4 |   <PropertyGroup>
 5 |     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
 6 |     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
 7 |     <ProjectGuid>{89130CAD-DC21-46A6-930F-8898E61F3E0E}</ProjectGuid>
 8 |     <OutputType>Library</OutputType>
 9 |     <AppDesignerFolder>Properties</AppDesignerFolder>
10 |     <RootNamespace>HookLib</RootNamespace>
11 |     <AssemblyName>HookLib</AssemblyName>
12 |     <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
13 |     <FileAlignment>512</FileAlignment>
14 |     <Deterministic>true</Deterministic>
15 |   </PropertyGroup>
16 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
17 |     <DebugSymbols>true</DebugSymbols>
18 |     <DebugType>full</DebugType>
19 |     <Optimize>false</Optimize>
20 |     <OutputPath>bin\Debug\</OutputPath>
21 |     <DefineConstants>DEBUG;TRACE</DefineConstants>
22 |     <ErrorReport>prompt</ErrorReport>
23 |     <WarningLevel>4</WarningLevel>
24 |   </PropertyGroup>
25 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
26 |     <DebugType>pdbonly</DebugType>
27 |     <Optimize>true</Optimize>
28 |     <OutputPath>bin\Release\</OutputPath>
29 |     <DefineConstants>TRACE</DefineConstants>
30 |     <ErrorReport>prompt</ErrorReport>
31 |     <WarningLevel>4</WarningLevel>
32 |     <UseVSHostingProcess>true</UseVSHostingProcess>
33 |   </PropertyGroup>
34 |   <ItemGroup>
35 |     <Reference Include="System" />
36 |     <Reference Include="System.Core" />
37 |     <Reference Include="System.Xml.Linq" />
38 |     <Reference Include="System.Data.DataSetExtensions" />
39 |     <Reference Include="Microsoft.CSharp" />
40 |     <Reference Include="System.Data" />
41 |     <Reference Include="System.Net.Http" />
42 |     <Reference Include="System.Xml" />
43 |   </ItemGroup>
44 |   <ItemGroup>
45 |     <Compile Include="HookLib.cs" />
46 |     <Compile Include="NativeAPI.cs" />
47 |     <Compile Include="Properties\AssemblyInfo.cs" />
48 |   </ItemGroup>
49 |   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
50 | </Project>


--------------------------------------------------------------------------------
/NativeAPI.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | using System.Runtime.InteropServices;
 3 | 
 4 | namespace HookLib
 5 | {
 6 |     internal class NativeAPI
 7 |     {
 8 |         private const String KERNEL32 = "kernel32.dll";
 9 | 
10 |         [DllImport(KERNEL32, SetLastError = true)]
11 |         internal static extern IntPtr GetModuleHandle(string lib);
12 | 
13 |         [DllImport(KERNEL32, SetLastError = true)]
14 |         internal static extern IntPtr GetProcAddress(IntPtr Module, string Function);
15 | 
16 |         [DllImport(KERNEL32, SetLastError = true)]
17 |         internal static extern bool WriteProcessMemory(IntPtr ProcessHandle, IntPtr Address, byte[] CodeToInject, uint Size, int NumberOfBytes);
18 | 
19 |         [DllImport(KERNEL32, SetLastError = true)]
20 |         internal static extern bool ReadProcessMemory(IntPtr ProcHandle, IntPtr BaseAddress, byte[] Buffer, uint size, int NumOfBytes);
21 |     }
22 | }
23 | 


--------------------------------------------------------------------------------
/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
 1 | using System.Reflection;
 2 | using System.Runtime.CompilerServices;
 3 | using System.Runtime.InteropServices;
 4 | 
 5 | // Les informations générales relatives à un assembly dépendent de
 6 | // l'ensemble d'attributs suivant. Changez les valeurs de ces attributs pour modifier les informations
 7 | // associées à un assembly.
 8 | [assembly: AssemblyTitle("HookLib")]
 9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("HookLib")]
13 | [assembly: AssemblyCopyright("Copyright ©  2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 | 
17 | // L'affectation de la valeur false à ComVisible rend les types invisibles dans cet assembly
18 | // aux composants COM. Si vous devez accéder à un type dans cet assembly à partir de
19 | // COM, affectez la valeur true à l'attribut ComVisible sur ce type.
20 | [assembly: ComVisible(false)]
21 | 
22 | // Le GUID suivant est pour l'ID de la typelib si ce projet est exposé à COM
23 | [assembly: Guid("89130cad-dc21-46a6-930f-8898e61f3e0e")]
24 | 
25 | // Les informations de version pour un assembly se composent des quatre valeurs suivantes :
26 | //
27 | //      Version principale
28 | //      Version secondaire
29 | //      Numéro de build
30 | //      Révision
31 | //
32 | // Vous pouvez spécifier toutes les valeurs ou indiquer les numéros de build et de révision par défaut
33 | // en utilisant '*', comme indiqué ci-dessous :
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # HookLib
 2 | A library to hook functions locally !
 3 | 
 4 | How to use it ?
 5 | 
 6 | ```
 7 | byte[] ret_opcode = { 0xC3 }; //ret asm opcode
 8 | HookLib.HookLib your_hook;
 9 | your_hook = new HookLib.HookLib(Process.GetCurrentProcess().Handle, "alibrarynamelikekernel32", "functionnameliketerminateprocess", ret_opcode);
10 | your_hook.HookedFunction();
11 | your_hook.UnHookedFunction();
12 | ```
13 | 


--------------------------------------------------------------------------------
/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/HookLib/47adb11759acca9db5d31f33c5979042cfdc8bf9/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache


--------------------------------------------------------------------------------
/obj/Release/HookLib.csproj.AssemblyReference.cache:
--------------------------------------------------------------------------------
1 | 



--------------------------------------------------------------------------------
/obj/Release/HookLib.csproj.CoreCompileInputs.cache:
--------------------------------------------------------------------------------
1 | 976ca941126dfbcd99394a0fc6031ee54a4edf42
2 | 


--------------------------------------------------------------------------------
/obj/Release/HookLib.csproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
1 | F:\Personal\HookFunction\HookLib\bin\Release\HookLib.dll
2 | F:\Personal\HookFunction\HookLib\bin\Release\HookLib.pdb
3 | F:\Personal\HookFunction\HookLib\obj\Release\HookLib.csproj.AssemblyReference.cache
4 | F:\Personal\HookFunction\HookLib\obj\Release\HookLib.csproj.CoreCompileInputs.cache
5 | F:\Personal\HookFunction\HookLib\obj\Release\HookLib.dll
6 | F:\Personal\HookFunction\HookLib\obj\Release\HookLib.pdb
7 | 


--------------------------------------------------------------------------------
/obj/Release/HookLib.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/HookLib/47adb11759acca9db5d31f33c5979042cfdc8bf9/obj/Release/HookLib.dll


--------------------------------------------------------------------------------
/obj/Release/HookLib.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/HookLib/47adb11759acca9db5d31f33c5979042cfdc8bf9/obj/Release/HookLib.pdb


--------------------------------------------------------------------------------