Jackbail4/IATHooking.cpp

## IATHooking.cpp
#include <iostream>
#include <Windows.h>

typedef BOOL(_stdcall* tBeep)(DWORD dwFreq, DWORD dwDuration);
tBeep oBeep;

BOOL hkBeep(DWORD dwFreq, DWORD dwDuration) {
	printf("Beep was called\ndwFreq: %i dwDuration: %i\n", dwFreq, dwDuration);
	return oBeep(dwFreq, dwDuration);
}

bool HookIATFunction(const char* Import, uintptr_t ImageBase, uintptr_t Hook) {
	IMAGE_DOS_HEADER* DosHeader = (IMAGE_DOS_HEADER*)ImageBase;
	IMAGE_NT_HEADERS* NtHeaders = (IMAGE_NT_HEADERS*)(ImageBase + DosHeader->e_lfanew);

	IMAGE_DATA_DIRECTORY DataDirectory = NtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT];

	IMAGE_IMPORT_DESCRIPTOR* ImportDescriptor = (IMAGE_IMPORT_DESCRIPTOR*)(ImageBase + DataDirectory.VirtualAddress);

	while (ImportDescriptor->Name != 0) {
		IMAGE_THUNK_DATA* OrigFirstThunk = (IMAGE_THUNK_DATA*)(ImageBase + ImportDescriptor->OriginalFirstThunk);
		IMAGE_THUNK_DATA* FirstThunk = (IMAGE_THUNK_DATA*)(ImageBase + ImportDescriptor->FirstThunk);

		while (OrigFirstThunk->u1.AddressOfData != 0) {
			IMAGE_IMPORT_BY_NAME* ImportName = (IMAGE_IMPORT_BY_NAME*)(ImageBase + OrigFirstThunk->u1.AddressOfData);

			if (!strcmp(Import, ImportName->Name)) {
				DWORD old;
				VirtualProtect((void*)&OrigFirstThunk->u1.Function, 0x1000, PAGE_EXECUTE_READWRITE, &old);
				FirstThunk->u1.Function = (uintptr_t)Hook;
				VirtualProtect((void*)&OrigFirstThunk->u1.Function, 0x1000, old, &old);
				return true;
			}

			OrigFirstThunk++;
			FirstThunk++;
		}
		ImportDescriptor++;
	}
	return false;
}

int main(){
	oBeep = (tBeep)((uintptr_t)Beep + 5);
	Beep(100, 100);

	if (!HookIATFunction("Beep", (uintptr_t)GetModuleHandleA(0), (uintptr_t)hkBeep))
		printf("IAT Import not found...");

	Beep(100, 1000);
	return 0;
}
	#include <iostream>
	#include <Windows.h>

	typedef BOOL(_stdcall* tBeep)(DWORD dwFreq, DWORD dwDuration);
	tBeep oBeep;

	BOOL hkBeep(DWORD dwFreq, DWORD dwDuration) {
	printf("Beep was called\ndwFreq: %i dwDuration: %i\n", dwFreq, dwDuration);
	return oBeep(dwFreq, dwDuration);
	}

	bool HookIATFunction(const char* Import, uintptr_t ImageBase, uintptr_t Hook) {
	IMAGE_DOS_HEADER* DosHeader = (IMAGE_DOS_HEADER*)ImageBase;
	IMAGE_NT_HEADERS* NtHeaders = (IMAGE_NT_HEADERS*)(ImageBase + DosHeader->e_lfanew);

	IMAGE_DATA_DIRECTORY DataDirectory = NtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT];

	IMAGE_IMPORT_DESCRIPTOR* ImportDescriptor = (IMAGE_IMPORT_DESCRIPTOR*)(ImageBase + DataDirectory.VirtualAddress);

	while (ImportDescriptor->Name != 0) {
	IMAGE_THUNK_DATA* OrigFirstThunk = (IMAGE_THUNK_DATA*)(ImageBase + ImportDescriptor->OriginalFirstThunk);
	IMAGE_THUNK_DATA* FirstThunk = (IMAGE_THUNK_DATA*)(ImageBase + ImportDescriptor->FirstThunk);

	while (OrigFirstThunk->u1.AddressOfData != 0) {
	IMAGE_IMPORT_BY_NAME* ImportName = (IMAGE_IMPORT_BY_NAME*)(ImageBase + OrigFirstThunk->u1.AddressOfData);

	if (!strcmp(Import, ImportName->Name)) {
	DWORD old;
	VirtualProtect((void*)&OrigFirstThunk->u1.Function, 0x1000, PAGE_EXECUTE_READWRITE, &old);
	FirstThunk->u1.Function = (uintptr_t)Hook;
	VirtualProtect((void*)&OrigFirstThunk->u1.Function, 0x1000, old, &old);
	return true;
	}

	OrigFirstThunk++;
	FirstThunk++;
	}
	ImportDescriptor++;
	}
	return false;
	}

	int main(){
	oBeep = (tBeep)((uintptr_t)Beep + 5);
	Beep(100, 100);

	if (!HookIATFunction("Beep", (uintptr_t)GetModuleHandleA(0), (uintptr_t)hkBeep))
	printf("IAT Import not found...");

	Beep(100, 1000);
	return 0;
	}