Delphi: API Hooking

API Hooking
For Delphi.


Introduction
In order to begin this tutorial you will need basic knowledge of a few things. First off, is Delphi! If you do not know how Delphi works, you need to learn the basics first before even attempting this tutorial. Second, is what API hooking is. If you don't know either of these, look them up, know your stuff, then try this tutorial out.

Dependencies
You will need the Magic API Hooking package (or you could code this yourself, but there really is no reason in reinventing the wheel.. ) from Shabgard.org (the website's in Arabian it looks like, but you can download it directly here).

How it Works
Function hooking is used by many programs, which can intercept the function call and interpret arguments while still keeping the code intact. It works by overwriting the first 5 bytes of the original function with a JMP command to go to your function. From there, you can read the arguments, and call the original or completely replace the code.

Getting Started
After you have the package installed, you can peak at the examples, and we'll get started. I'm going to be using an online flash game that is embedded into my program, and hooking the WinSock library (more specifically, the send function). If you should choose to, you could also create a DLL and use generally the same method with DLL injection.

The Code
I start off by declaring the functions needed. (After placing MagicApiHook in the uses clause, of course.) I declare the prototype for the original send function in the program's var field. This is all in one line, but the site word-wraps it.

Code:

oSend: Function(s:TSocket; buf:AnsiString; len:Integer; flags:Integer) : Integer; stdcall;

Next up, I declare the function I'm going to be using for the hook.

Code:

function hSend(s:TSocket; buf:PChar; len:Integer; flags:Integer) : Integer; stdcall;
begin
  MessageBox(0, buf, "Packet Sent", MB_OK);
  Result := oSend(s, buf, len, flags);
end;

What that code does, is open a message box that will alert me of the packet sent. Then, it will actually send the packet, using the original send function.

The Hook
Now that I've actually written the hook function and have the prototype for the original function, I can actually hook the function. I hook the function in my TForm1.FormCreate procedure.

Code:

procedure TForm1.FormCreate(Sender: TObject);
begin
  ApiHook('ws2_32.dll','send',nil,@hSend,@oSend);
end;

That easy! You could easily have a list box and append the packets to the list box and have a working packet logger. You can also force your own packets to be sent, by calling hSend yourself. This could be fun. Just use your imagination. :O


CREDZ:
Magic_h2001 - MagicApiHook

Delphi makes you go crazy o_o


Very understandable, btw.

Tate wrote:

Delphi makes you go crazy o_o


Very understandable, btw.

Delphi's easy shit, bro. Gonna try some simple chams with it if I can find a DirectX game without cheat detection.

Delphi is so simple. I would suggest this to new comers into coding. Nice tutorial bro.

Famous wrote:

Delphi is so simple. I would suggest this to new comers into coding. Nice tutorial bro.

It's completely incomprehensible to me. Lol. C++ And vb are the only two languages i've ever attempted to learn.

I really learned most of my languages by looking at codes and shit, then I started with tutorials and stuff.

I coded some basic chams for UrbanTerror using Delphi (OpenGL), I'll post a tutorial on it soon.

Edit: Accidentally closed tab after spent hours on tutorial so would be super easy to understand. Just gonna post source. :/