• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 746
  • Last Modified:

detect API hooking.

hello, how can i detect if someone is hooking my App's API calls ?
0
wsock32_
Asked:
wsock32_
  • 3
  • 2
1 Solution
 
MadshiCommented:
What do you mean with your "App's API calls"? You can check whether someone hooked any APIs in the context of your process. Is that what you want?

In that case you will have to check the import table, the export table and the code itself of all relevant modules (exe + dlls) in your process. That's possible, but quite difficult. The best way is to load the original module files from the hard disk and compare the important parts (import table, export table and code) with the loaded module images.

However, please note that a debugger hooks APIs, so such a hooking detection would fire inside of Delphi's IDE. Also some system dlls might use API hooking themselves or overwrite their own code. In that case the hooking detection would fire, too.

Regards, Madshi.
0
 
wsock32_Author Commented:
yes, lets say im calling GetCurrentDir() API command and someone is hooking that to return something else,

any examples of what ur talking about Madshi? ( the import/export,code comparing)
0
 
MadshiCommented:
There are serveral API hooking techniques available. If you want a perfect detection you need to check all what I said.

Sorry, I've no code or examples, also no time to write something for you. This is really difficult stuff and would need quite a bit of time. And after all I'm working on making API hooking possible, not on preventing/detecting it...   :-)
0
 
wsock32_Author Commented:
damn.. i need something to get me started here, :(
0
 
MadshiCommented:
Well, if you want something to get started you can look here:

http://www.codeproject.com/system/hooksys.asp

This shows how to hook APIs with import table patching. This is only one of many hooking methods, but it's the most often used. If you understand how it works inside you can make your own code about how to detect it.
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now