Intercepting Functions

As you already know, BoxedApp is based on intercepting system functions. The interception mechanism used by BoxedApp is also available to developers. It includes the following functions:

• BoxedAppSDK_HookFunction, which creates a hook and, optionally, activates it.
• BoxedAppSDK_EnableHook, which activates the hook.
• BoxedAppSDK_GetOriginalFunction, which returns the pointer, which can be used for calling the original function.
• BoxedAppSDK_UnhookFunction, which clears the hook.

Here is how hooks work. The address of the function, calls from which are to be intercepted, is passed to BoxedAppSDK_HookFunction. For example, for the function kernel32.dll!CreateFileW:

C++

PVOID pCreateFileW = (PVOID)GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "CreateFileW");

HANDLE g_hCreateFileWHook = BoxedAppSDK_HookFunction(
    pCreateFileW,
    &My_CreateFileW,
    TRUE);

The interceptor function gets the control when someone calls the function. In this example, that�s the function kernel32.dll!CreateFileW, which is called when creating or opening files. You can always call the original function, the address of which you can get using BoxedAppSDK_GetOriginalFunction:

C++

HANDLE WINAPI My_CreateFileW(
    LPCWSTR lpFileName,
    DWORD dwDesiredAccess,
    DWORD dwShareMode,
    LPSECURITY_ATTRIBUTES lpSecurityAttributes,
    DWORD dwCreationDisposition,
    DWORD dwFlagsAndAttributes,
    HANDLE hTemplateFile)
{
    // ...
    // You can call original function if you need
    typedef HANDLE (WINAPI *P_CreateFileW)(
        LPCWSTR lpFileName,
        DWORD dwDesiredAccess,
        DWORD dwShareMode,
        LPSECURITY_ATTRIBUTES lpSecurityAttributes,
        DWORD dwCreationDisposition,
        DWORD dwFlagsAndAttributes,
        HANDLE hTemplateFile);

    P_CreateFileW pCreateFileW = (P_CreateFileW)BoxedAppSDK_GetOriginalFunction(g_hCreateFileWHook);

    return pCreateFileW(
        lpFileName,
        dwDesiredAccess,
        dwShareMode,
        lpSecurityAttributes,
        dwCreationDisposition,
        dwFlagsAndAttributes,
        hTemplateFile);
}

Here is a similar example in Delphi:

Delphi

type TCreateFileW = function(
    lpFileName: PWideChar;
    dwDesiredAccess, dwShareMode: Integer;
    lpSecurityAttributes: PSecurityAttributes;
    dwCreationDisposition, dwFlagsAndAttributes: DWORD;
    hTemplateFile: THandle): THandle; stdcall;

var
    OriginalCreateFileW: TCreateFileW;

function My_CreateFileW(
    lpFileName: PWideChar;
    dwDesiredAccess, dwShareMode: Integer;
    lpSecurityAttributes: PSecurityAttributes;
    dwCreationDisposition, dwFlagsAndAttributes: DWORD;
    hTemplateFile: THandle): THandle; stdcall;
begin
    ...
    Result := OriginalCreateFileW(
        lpFileName,
        dwDesiredAccess,
        dwShareMode,
        lpSecurityAttributes,
        dwCreationDisposition,
        dwFlagsAndAttributes,
        hTemplateFile);
end;

var
    pCreateFileW: Pointer;
    hHook__CreateFileW: THandle;
begin
    BoxedAppSDK_Init;
    pCreateFileW := GetProcAddress(GetModuleHandle(�kernel32.dll�), �CreateFileW�);
    hHook__CreateFileW := BoxedAppSDK_HookFunction(pCreateFileW, @My_CreateFileW, FALSE);
    OriginalCreateFileW := BoxedAppSDK_GetOriginalFunction(hHook__CreateFileW);
    BoxedAppSDK_EnableHook(hHook__CreateFileW, TRUE);
end.