Skip to content

cnthigu/iat-hook-cpp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
assets
assets
 
 
dll
dll
 
 
iat-hooking
iat-hooking
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
iat-hooking.sln
iat-hooking.sln
 
 

Repository files navigation

Windows IAT Hooking

Intercept Win32 API calls by patching the Import Address Table

How does it work?

This project demonstrates IAT (Import Address Table) hooking by intercepting calls to MessageBoxW from USER32.dll. The DLL replaces the function pointer in the target executable's IAT with a custom handler, redirecting all calls to our code. The project also includes manual reimplementations of GetModuleHandle (via PEB walking) and GetProcAddress (via Export Directory parsing), built from scratch using only the Windows SDK no Detours, no MinHook.

Demo

IAT Hooking demo

For more detailed technical analysis and study notes on PE format and IAT hooking, check out my personal study blog: Understanding the PE structure — Part 1

Note: This is my personal study blog with technical notes. If it helps with your learning, feel free to use!

About

manual IAT hooking in C++. PE parsing, PEB walking, Win32 API interception no Detours, no MinHook, just Windows SDK.

Topics

windows cpp reverse-engineering win32 anti-cheat pe-format hooking iat-hooking windows-internals anti-cheat-research dll-injection-educational

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages