HOOK IAT

template <class T>
__forceinline
T* VA2RVA(PVOID Base, ULONG_PTR Va)
{
return (T*)((PCHAR)Base + Va);
}

PIMAGE_IMPORT_DESCRIPTOR GetImageImportDescriptor(HMODULE hModule)
{
IMAGE_DOS_HEADER *lpDosHeader = (IMAGE_DOS_HEADER*)hModule;
IMAGE_NT_HEADERS *lpNtHeader = VA2RVA<IMAGE_NT_HEADERS>(hModule, lpDosHeader->e_lfanew);

if (DWORD v = lpNtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress)
{
return VA2RVA<IMAGE_IMPORT_DESCRIPTOR>(hModule, v);
}
return NULL;
}

BOOL IsVaildImage(HMODULE hModule)
{
IMAGE_DOS_HEADER *lpDosHeader = (IMAGE_DOS_HEADER*)hModule;

if (lpDosHeader && lpDosHeader->e_magic == IMAGE_DOS_SIGNATURE)
{
IMAGE_NT_HEADERS *lpNtHeader = VA2RVA<IMAGE_NT_HEADERS>(hModule, lpDosHeader->e_lfanew);

if (lpNtHeader->Signature == IMAGE_NT_SIGNATURE)
{
return TRUE;
}
}
return FALSE;
}

PVOID HookIAT(HMODULE hModule, LPCSTR lpModuleName, LPCSTR lpApiName, PVOID lpNewApiAddress)
{
PVOID lpPrevAddress = NULL;

if (IsVaildImage(hModule))
{
if (PIMAGE_IMPORT_DESCRIPTOR lpImportDescriptor = GetImageImportDescriptor(hModule))
{
while (lpImportDescriptor->Characteristics)
{
LPCSTR lpLibName = VA2RVA<CONST CHAR>(hModule, lpImportDescriptor->Name);

if (lstrcmpiA(lpModuleName, lpLibName) == 0)
{
PIMAGE_THUNK_DATA lpThunk = VA2RVA<IMAGE_THUNK_DATA>(hModule, lpImportDescriptor->OriginalFirstThunk);

for (UINT i = 0; lpThunk[i].u1.Ordinal; i++)
{
if (!(lpThunk[i].u1.Ordinal & IMAGE_ORDINAL_FLAG))
{
PIMAGE_IMPORT_BY_NAME lpImportByName = VA2RVA<IMAGE_IMPORT_BY_NAME>(hModule, lpThunk[i].u1.AddressOfData);

if (lstrcmpA((CHAR*)lpImportByName->Name, lpApiName) == 0)
{
PVOID *lppProcTable = VA2RVA<PVOID>(hModule, lpImportDescriptor->FirstThunk);
DWORD dwProtect;

VirtualProtect(&lppProcTable[i], sizeof(PVOID), PAGE_EXECUTE_READWRITE, &dwProtect);
lpPrevAddress = InterlockedExchangePointer(&lppProcTable[i], lpNewApiAddress);
}
}
}
}
lpImportDescriptor++;
}
}
}
return lpPrevAddress;
}