HookShellAboutW.html

#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
LPDWORD RetourneAddressFunctionAHook(char* FonctionAHook);
void PoseHookIAT(char* FonctionAHook , LPDWORD NouvelleAddrFunct);
INT WINAPI pwnd(HWND hWnd, LPCTSTR lpCaption, LPCTSTR lpText, HICON hIcon);

BOOL APIENTRY DllMain (HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved) // Point d'entré dll -> http://msdn2.microsoft.com/en-us/library/ms682583.aspx.
{
    if(dwReason == DLL_PROCESS_ATTACH)
    {
        PoseHookIAT("ShellAboutW" ,(LPDWORD)&pwnd);
    }
}

INT WINAPI pwnd(HWND hWnd, LPCTSTR lpCaption, LPCTSTR lpText, HICON hIcon)
{
    ShellAbout(hWnd, TEXT("http://0vercl0k.blogspot.com/"), TEXT("\nBonne visite -> http://0vercl0k.blogspot.com/"), hIcon);
    return 0;
}

void PoseHookIAT(char* FonctionAHook , LPDWORD NouvelleAddrFunct)
{
    LPDWORD addrFunctAHook = RetourneAddressFunctionAHook(FonctionAHook);
    DWORD accessProtectionValue , accessProtec;

    int vProtect = VirtualProtect(addrFunctAHook,sizeof(LPDWORD),PAGE_EXECUTE_READWRITE,&accessProtectionValue);
    *addrFunctAHook = (DWORD)NouvelleAddrFunct;
    vProtect = VirtualProtect(addrFunctAHook,sizeof(LPDWORD),accessProtectionValue,&accessProtec);
}

LPDWORD RetourneAddressFunctionAHook(char* FonctionAHook)
{
    HANDLE hdlExecutable = GetModuleHandle(NULL);
    if(hdlExecutable == NULL)return 0;

    PIMAGE_DOS_HEADER structPe = (PIMAGE_DOS_HEADER)hdlExecutable;
    if(structPe->e_magic != IMAGE_DOS_SIGNATURE)return 0;

    PIMAGE_NT_HEADERS structHeaderPe = (PIMAGE_NT_HEADERS)(structPe->e_lfanew + (DWORD)structPe);
    PVOID ptrImgDirecto = (PVOID)structHeaderPe->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
    PIMAGE_IMPORT_DESCRIPTOR ptrImportDesc =  (PIMAGE_IMPORT_DESCRIPTOR)((DWORD)ptrImgDirecto + (DWORD)structPe);
    while(*(PDWORD)ptrImportDesc != 0)
    {
        PIMAGE_THUNK_DATA32 imgThunk = (PIMAGE_THUNK_DATA32)(ptrImportDesc->OriginalFirstThunk + (DWORD)structPe);
        PIMAGE_THUNK_DATA32 structAddrFu = (PIMAGE_THUNK_DATA32)(ptrImportDesc->FirstThunk + (DWORD)structPe);
        while(*(PDWORD)imgThunk != 0)
        {
            PIMAGE_IMPORT_BY_NAME nameImg = (PIMAGE_IMPORT_BY_NAME)(imgThunk->u1.AddressOfData + (DWORD)structPe);

            if(!strcmp(nameImg->Name,FonctionAHook))
            {
                return &(structAddrFu->u1.Function);
            }
            imgThunk ++;
            structAddrFu++;
        }
        ptrImportDesc++;
    }
    return 0;
}