gominhook

package module
v0.0.0-...-9e6cf28 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 4, 2019 License: Unlicense Imports: 4 Imported by: 0

README

gominhook

gominhook is a Golang wrapper of minhook.

This stuff heavily relies on cgo.

Installation

  1. Install gominhook.

    go get -v github.com/nanitefactory/gominhook

  2. Get Minhook library.

    For x64 users:

    Have MinHook.x64.dll with your project.

    You can get it from either of these sites:

    For x86 users:

    You need MinHook.gcc.x86.dll.

  3. That's it!

    import "github.com/nanitefactory/gominhook"

Exports

Here is a list of all supported functions & data by gominhook,

func gominhook.Initialize() error
func gominhook.Uninitialize() error

func gominhook.CreateHook(pTarget, pDetour, ppOriginal uintptr) error
func gominhook.CreateHookAPI(strModule, strProcName string, pDetour, ppOriginal uintptr) error
func gominhook.CreateHookAPIEx(strModule, strProcName string, pDetour, ppOriginal, ppTarget uintptr) error

func gominhook.RemoveHook(pTarget uintptr) error
func gominhook.EnableHook(pTarget uintptr) error
func gominhook.DisableHook(pTarget uintptr) error

func gominhook.QueueEnableHook(pTarget uintptr) error
func gominhook.QueueDisableHook(pTarget uintptr) error
func gominhook.ApplyQueued() error

const gominhook.AllHooks = NULL
const gominhook.NULL = 0

which is straightforward & effective enough. xD

Samples

This example below tries to hook user32.MessageBoxW.

package main

import (
	"fmt"
	"log"
	"syscall"
	"unsafe"

	"github.com/nanitefactory/gominhook"
)

/*
#include <Windows.h>

// Put C prototypes here

// Delegate type for calling original MessageBoxW.
typedef int (WINAPI *MESSAGEBOXW)(HWND, LPCWSTR, LPCWSTR, UINT);

// (!) This way you can connect/convert a go function to a c function.
int MessageBoxWOverrideHellYeah(HWND hWnd, LPCWSTR lpText, LPCWSTR lpCaption, UINT uType);
*/
import "C"

// Pointer for calling original MessageBoxW.
var fpMessageBoxW C.MESSAGEBOXW

// (!) This way you can connect/convert a go function to a c function.
//export MessageBoxWOverrideHellYeah
func MessageBoxWOverrideHellYeah(hWnd C.HWND, lpText C.LPCWSTR, lpCaption C.LPCWSTR, uType C.UINT) C.int {
	fmt.Println(" - MessageBoxW Override")
	foo()
	ret, _, _ := syscall.Syscall6(
		uintptr(unsafe.Pointer(fpMessageBoxW)),
		4,
		uintptr(unsafe.Pointer(hWnd)),
		uintptr(unsafe.Pointer(lpText)),
		uintptr(unsafe.Pointer(lpCaption)),
		uintptr(uint(uType)),
		0, 0,
	)
	return C.int(ret)
}

func foo() {
	fmt.Println(" - I'm so hooked now.")
}

func main() {
	// Initialize minhook
	err := gominhook.Initialize()
	if err != nil {
		log.Fatalln(err)
	}
	defer gominhook.Uninitialize()

	// Get procedure user32.MessageBoxW
	procedure := syscall.NewLazyDLL("user32.dll").NewProc("MessageBoxW")
	fmt.Println("-- not hooked yet")
	procedure.Call(
		0,
		uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr("Hello1"))),
		uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr("World1"))),
		1,
	)
	fmt.Println(fmt.Sprintf("0x%X", procedure.Addr()), fmt.Sprintf("0x%X", &fpMessageBoxW), fmt.Sprintf("0x%X", fpMessageBoxW))
	fmt.Println()

	// Create a hook for MessageBoxW.
	err = gominhook.CreateHook(procedure.Addr(), uintptr(C.MessageBoxWOverrideHellYeah), uintptr(unsafe.Pointer(&fpMessageBoxW)))
	if err != nil {
		log.Fatalln(err)
	}

	// Enable the hook for MessageBoxW.
	err = gominhook.EnableHook(gominhook.AllHooks)
	if err != nil {
		log.Fatalln(err)
	}

	// Calling our hooked procedure user32.MessageBoxW.
	fmt.Println("-- after hook")
	procedure.Call(
		0,
		uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr("Hello2"))),
		uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr("World2"))),
		1,
	)
	fmt.Println(fmt.Sprintf("0x%X", procedure.Addr()), fmt.Sprintf("0x%X", &fpMessageBoxW), fmt.Sprintf("0x%X", fpMessageBoxW))
	fmt.Println()

	// Disable the hook for MessageBoxW.
	err = gominhook.DisableHook(gominhook.AllHooks)
	if err != nil {
		log.Fatalln(err)
	}

	// Calling our unhooked procedure user32.MessageBoxW.
	fmt.Println("-- after unhook")
	procedure.Call(
		0,
		uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr("Hello3"))),
		uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr("World3"))),
		1,
	)
	fmt.Println(fmt.Sprintf("0x%X", procedure.Addr()), fmt.Sprintf("0x%X", &fpMessageBoxW), fmt.Sprintf("0x%X", fpMessageBoxW))
	fmt.Println()
}

/* This outputs...

-- not hooked yet
0x7FFE6CA4EE10 0x578180 0x0

-- after hook
 - MessageBoxW Override
 - I'm so hooked now.
0x7FFE6CA4EE10 0x578180 0x&

-- after unhook
0x7FFE6CA4EE10 0x578180 0x&

*/
More information

See minhook ref for C/C++ users.

Documentation

Index

Constants

View Source 
const AllHooks = NULL

AllHooks for #define MH_ALL_HOOKS NULL Can be passed as a parameter to MH_EnableHook, MH_DisableHook, MH_QueueEnableHook or MH_QueueDisableHook.

View Source 
const NULL = 0

NULL = 0x00000000

Variables

This section is empty.

Functions

func ApplyQueued 

func ApplyQueued() (err error)

ApplyQueued () for MH_STATUS WINAPI MH_ApplyQueued(VOID); Applies all queued changes in one go.

func CreateHook 

func CreateHook(pTarget, pDetour, ppOriginal uintptr) (err error)

CreateHook () for MH_STATUS WINAPI MH_CreateHook(LPVOID pTarget, LPVOID pDetour, LPVOID *ppOriginal); Creates a Hook for the specified target function, in disabled state. Parameters: 

pTarget    [in]  A pointer to the target function, which will be
                 overridden by the detour function.
pDetour    [in]  A pointer to the detour function, which will override
                 the target function.
ppOriginal [out] A pointer to the trampoline function, which will be
                 used to call the original target function.
                 This parameter can be NULL.

func CreateHookAPI 

func CreateHookAPI(strModule, strProcName string, pDetour, ppOriginal uintptr) (err error)

CreateHookAPI () for MH_STATUS WINAPI MH_CreateHookApi(LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, LPVOID *ppOriginal); Creates a Hook for the specified API function, in disabled state. Parameters: 

pszModule  [in]  A pointer to the loaded module name which contains the
                 target function.
pszTarget  [in]  A pointer to the target function name, which will be
                 overridden by the detour function.
pDetour    [in]  A pointer to the detour function, which will override
                 the target function.
ppOriginal [out] A pointer to the trampoline function, which will be
                 used to call the original target function.
                 This parameter can be NULL.

------------------------------------------------------------------------ strModule: Module name in Go's string. Replace of pszModule. strProcName: Procedure (target function) name in Go's string. Replace of pszTarget.

func CreateHookAPIEx 

func CreateHookAPIEx(strModule, strProcName string, pDetour, ppOriginal, ppTarget uintptr) (err error)

CreateHookAPIEx () for MH_STATUS WINAPI MH_CreateHookApiEx(LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, LPVOID *ppOriginal, LPVOID *ppTarget); Creates a Hook for the specified API function, in disabled state. Parameters: 

pszModule  [in]  A pointer to the loaded module name which contains the
                 target function.
pszTarget  [in]  A pointer to the target function name, which will be
                 overridden by the detour function.
pDetour    [in]  A pointer to the detour function, which will override
                 the target function.
ppOriginal [out] A pointer to the trampoline function, which will be
                 used to call the original target function.
                 This parameter can be NULL.
ppTarget   [out] A pointer to the target function, which will be used
                 with other functions.
                 This parameter can be NULL.

------------------------------------------------------------------------ strModule: Module name in Go's string. Replace of pszModule. strProcName: Procedure (target function) name in Go's string. Replace of pszTarget.

func DisableHook 

func DisableHook(pTarget uintptr) (err error)

DisableHook () for MH_STATUS WINAPI MH_DisableHook(LPVOID pTarget); Disables an already created hook. Parameters: 

pTarget [in] A pointer to the target function.
             If this parameter is MH_ALL_HOOKS, all created hooks are
             disabled in one go.

------------------------------------------------------------------------ gominhook.AllHooks is equivalent to MH_ALL_HOOKS. gominhook.AllHooks can be used as an argument to this function to disable all created hooks.

func EnableHook 

func EnableHook(pTarget uintptr) (err error)

EnableHook () for MH_STATUS WINAPI MH_EnableHook(LPVOID pTarget); Enables an already created hook. Parameters: 

pTarget [in] A pointer to the target function.
             If this parameter is MH_ALL_HOOKS, all created hooks are
             enabled in one go.

------------------------------------------------------------------------ gominhook.AllHooks is equivalent to MH_ALL_HOOKS. gominhook.AllHooks can be used as an argument to this function to enable all created hooks.

func Initialize 

func Initialize() (err error)

Initialize () for MH_STATUS WINAPI MH_Initialize(VOID) Initialize the MinHook library. You must call this function EXACTLY ONCE at the beginning of your program.

func QueueDisableHook 

func QueueDisableHook(pTarget uintptr) (err error)

QueueDisableHook () for MH_STATUS WINAPI MH_QueueDisableHook(LPVOID pTarget); Queues to disable an already created hook. Parameters: 

pTarget [in] A pointer to the target function.
             If this parameter is MH_ALL_HOOKS, all created hooks are
             queued to be disabled.

------------------------------------------------------------------------ gominhook.AllHooks is equivalent to MH_ALL_HOOKS. gominhook.AllHooks can be used as an argument to this function to queue all created hooks to be disabled.

func QueueEnableHook 

func QueueEnableHook(pTarget uintptr) (err error)

QueueEnableHook () for MH_STATUS WINAPI MH_QueueEnableHook(LPVOID pTarget); Queues to enable an already created hook. Parameters: 

pTarget [in] A pointer to the target function.
             If this parameter is MH_ALL_HOOKS, all created hooks are
             queued to be enabled.

------------------------------------------------------------------------ gominhook.AllHooks is equivalent to MH_ALL_HOOKS. gominhook.AllHooks can be used as an argument to this function to queue all created hooks to be enabled.

func RemoveHook 

func RemoveHook(pTarget uintptr) (err error)

RemoveHook () for MH_STATUS WINAPI MH_RemoveHook(LPVOID pTarget); Removes an already created hook. Parameters: 

pTarget [in] A pointer to the target function.

func Uninitialize 

func Uninitialize() (err error)

Uninitialize () for MH_STATUS WINAPI MH_Uninitialize(VOID) Uninitialize the MinHook library. You must call this function EXACTLY ONCE at the end of your program.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.