First

* added kernel32 routines

Author: arsium

HookLib.cs

@@ -0,0 +1,44 @@
+using System;
+
+namespace HookLib
+{
+    public class HookLib
+    {
+        private string LibToHook { get; set; }
+        private string FunctionToHook { get; set; }
+        public byte[] NewBytes { get; set; }
+        private uint SizeOfNewBytes { get; set; }
+        public bool IsHooked { get; set; }
+        public byte[] OldBytes { get; set; }
+        private IntPtr ProcessToHook { get; set; }
+
+        public HookLib(IntPtr ProcessToPatch, string LibName, string FunctionName, byte[] BytesToHook, uint SizeOfBytesToHook)
+        {
+            OldBytes = new byte[SizeOfBytesToHook]; //first we need a buffer to restore old function bytes to unhook it
+            ProcessToHook = ProcessToPatch;
+            LibToHook = LibName;//the lib ex kernel32 or ntdll
+            FunctionToHook = FunctionName;//name of the function you want to hook 
+            NewBytes = BytesToHook;//bytes you want to use as replacement of our function address
+            SizeOfNewBytes = SizeOfBytesToHook;//the size of hooked bytes
+        }
+
+        public bool HookedFunction() 
+        {
+            IntPtr AddressOfLib = NativeAPI.GetModuleHandle(LibToHook);//getting lib address in our program
+            IntPtr FunctionAddress = NativeAPI.GetProcAddress(AddressOfLib, FunctionToHook);//getting function address in our program
+            NativeAPI.ReadProcessMemory(ProcessToHook, FunctionAddress, OldBytes, SizeOfNewBytes, 0);//read the original bytes from our function address and store them if you want to restore
+            return IsHooked = NativeAPI.WriteProcessMemory(ProcessToHook, FunctionAddress, NewBytes, SizeOfNewBytes, 0);// here we hooked the function : the address of our function is replace by our code (asm or opcode !)
+        }
+     
+        public bool UnHookedFunction() 
+        {
+            IntPtr AddressOfLib = NativeAPI.GetModuleHandle(LibToHook);//getting lib address in our program
+            IntPtr FunctionAddress = NativeAPI.GetProcAddress(AddressOfLib, FunctionToHook);//getting function address in our program
+            if (NativeAPI.WriteProcessMemory(ProcessToHook, FunctionAddress, OldBytes, SizeOfNewBytes, 0))//here we unhook the function by setting the original bytes from our buffer
+                IsHooked = false;
+            else
+                IsHooked = true;
+            return IsHooked;
+        }
+    }
+}

HookLib.csproj

@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{89130CAD-DC21-46A6-930F-8898E61F3E0E}</ProjectGuid>
+    <OutputType>Library</OutputType>
+    <AppDesignerFolder>Properties</AppDesignerFolder>
+    <RootNamespace>HookLib</RootNamespace>
+    <AssemblyName>HookLib</AssemblyName>
+    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+    <Deterministic>true</Deterministic>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <UseVSHostingProcess>true</UseVSHostingProcess>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="System" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.Xml.Linq" />
+    <Reference Include="System.Data.DataSetExtensions" />
+    <Reference Include="Microsoft.CSharp" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.Net.Http" />
+    <Reference Include="System.Xml" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="HookLib.cs" />
+    <Compile Include="NativeAPI.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+</Project>

NativeAPI.cs

@@ -0,0 +1,22 @@
+using System;
+using System.Runtime.InteropServices;
+
+namespace HookLib
+{
+    internal class NativeAPI
+    {
+        private const String KERNEL32 = "kernel32.dll";
+
+        [DllImport(KERNEL32, SetLastError = true)]
+        internal static extern IntPtr GetModuleHandle(string lib);
+
+        [DllImport(KERNEL32, SetLastError = true)]
+        internal static extern IntPtr GetProcAddress(IntPtr Module, string Function);
+
+        [DllImport(KERNEL32, SetLastError = true)]
+        internal static extern bool WriteProcessMemory(IntPtr ProcessHandle, IntPtr Address, byte[] CodeToInject, uint Size, int NumberOfBytes);
+
+        [DllImport(KERNEL32, SetLastError = true)]
+        internal static extern bool ReadProcessMemory(IntPtr ProcHandle, IntPtr BaseAddress, byte[] Buffer, uint size, int NumOfBytes);
+    }
+}

Properties/AssemblyInfo.cs

@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// Les informations générales relatives à un assembly dépendent de
+// l'ensemble d'attributs suivant. Changez les valeurs de ces attributs pour modifier les informations
+// associées à un assembly.
+[assembly: AssemblyTitle("HookLib")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("HookLib")]
+[assembly: AssemblyCopyright("Copyright ©  2021")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// L'affectation de la valeur false à ComVisible rend les types invisibles dans cet assembly
+// aux composants COM. Si vous devez accéder à un type dans cet assembly à partir de
+// COM, affectez la valeur true à l'attribut ComVisible sur ce type.
+[assembly: ComVisible(false)]
+
+// Le GUID suivant est pour l'ID de la typelib si ce projet est exposé à COM
+[assembly: Guid("89130cad-dc21-46a6-930f-8898e61f3e0e")]
+
+// Les informations de version pour un assembly se composent des quatre valeurs suivantes :
+//
+//      Version principale
+//      Version secondaire
+//      Numéro de build
+//      Révision
+//
+// Vous pouvez spécifier toutes les valeurs ou indiquer les numéros de build et de révision par défaut
+// en utilisant '*', comme indiqué ci-dessous :
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]

obj/Release/DesignTimeResolveAssemblyReferencesInput.cache

@@ -0,0 +1 @@
+976ca941126dfbcd99394a0fc6031ee54a4edf42

obj/Release/HookLib.csproj.AssemblyReference.cache

@@ -0,0 +1,6 @@
+F:\Personal\HookFunction\HookLib\bin\Release\HookLib.dll
+F:\Personal\HookFunction\HookLib\bin\Release\HookLib.pdb
+F:\Personal\HookFunction\HookLib\obj\Release\HookLib.csproj.AssemblyReference.cache
+F:\Personal\HookFunction\HookLib\obj\Release\HookLib.csproj.CoreCompileInputs.cache
+F:\Personal\HookFunction\HookLib\obj\Release\HookLib.dll
+F:\Personal\HookFunction\HookLib\obj\Release\HookLib.pdb