Api-Hooking with windows-rs crate for stability.

Whitecat18 · web-flow · commit cf9663b56801 · 2025-05-21T08:53:14.000+05:30
Made some Fixes + Changing winapi to official windows-rs api for stability.
diff --git a/Api_Hooking/Cargo.toml b/Api_Hooking/Cargo.toml
@@ -5,13 +5,9 @@ edition = "2024"
 
 [dependencies]
 widestring = "1.2.0"
-winapi = { version = "0.3", features = [
-    "libloaderapi",
-    "memoryapi",
-    "processthreadsapi",
-    "errhandlingapi",
-    "minwindef",
-    "winuser",
-    "ntdef",
-    "windef"
-] }
+windows = { version = "0.61.1", features = [
+    "Win32_Foundation",
+    "Win32_System_LibraryLoader",
+    "Win32_System_Memory",
+    "Win32_UI_WindowsAndMessaging",
+] }
diff --git a/Api_Hooking/README.md b/Api_Hooking/README.md
@@ -1,13 +1,10 @@
-
-# System API Interceptor
-
-## Name of the Code
-System API Interceptor (`api_interceptor.rs`)
+# API Hooking using Trampoline
 
 ![Demo](./demp.gif)
+
 ## Explanation
 The System API Interceptor is a Rust-based utility for intercepting and monitoring Windows API calls, specifically targeting the `MessageBoxA` function in `user32.dll`. It employs inline function hooking via a trampoline to redirect calls to a custom handler, log parameters, and invoke `MessageBoxW` with modified text.
-
+d
 ### How It Works [Step-By-Step]
 1. **Interceptor Structure (`ApiInterceptor`)**:
    - Stores the target function address (`MessageBoxA`), replacement function address, original code bytes, and original memory protection state.
diff --git a/Api_Hooking/src/main.rs b/Api_Hooking/src/main.rs
@@ -1,37 +1,30 @@
 /*
-    Windows API Hooking using Trampoline
+    API Hooking Via Trampoline
     @5mukx
 */
 
-use std::{
-    ffi::{CStr, CString},
-    ptr::null_mut,
+use std::ptr::{null_mut, copy_nonoverlapping};
+use windows::{
+    core::{s, PCSTR, PCWSTR},
+    Win32::{
+        Foundation::HWND,
+        System::{
+            LibraryLoader::{GetModuleHandleA, GetProcAddress},
+            Memory::{VirtualProtect, PAGE_EXECUTE_READWRITE, PAGE_PROTECTION_FLAGS},
+        }, UI::WindowsAndMessaging::{MessageBoxA, MessageBoxW, MB_ICONINFORMATION, MB_OK},
+    }
 };
 
 use widestring::WideCString;
-use winapi::{
-    shared::{
-        minwindef::{DWORD, LPVOID, UINT},
-        ntdef::{LPCSTR, LPWSTR},
-        windef::HWND,
-    },
-    um::{
-        errhandlingapi::GetLastError,
-        libloaderapi::{GetModuleHandleA, GetProcAddress},
-        memoryapi::VirtualProtect,
-        winnt::PAGE_EXECUTE_READWRITE,
-        winuser::{MB_ICONINFORMATION, MB_OK, MessageBoxA, MessageBoxW},
-    },
-};
 
 const INTERCEPTOR_SIZE: usize = 14;
 
 #[repr(C)]
 struct ApiInterceptor {
-    target_function: LPVOID,
-    replacement_function: LPVOID,
+    target_function: *mut std::ffi::c_void,
+    replacement_function: *mut std::ffi::c_void,
     original_code: [u8; INTERCEPTOR_SIZE],
-    original_protection: DWORD,
+    original_protection: PAGE_PROTECTION_FLAGS,
 }
 
 impl ApiInterceptor {
@@ -40,51 +33,60 @@ impl ApiInterceptor {
             target_function: null_mut(),
             replacement_function: null_mut(),
             original_code: [0; INTERCEPTOR_SIZE],
-            original_protection: 0,
+            original_protection: PAGE_PROTECTION_FLAGS(0),
         }
     }
 }
 
-fn main() {
+fn main(){
+
     unsafe {
-        let user32 = GetModuleHandleA("user32.dll\0".as_ptr() as *const i8);
-        let dialog_func = GetProcAddress(user32, "MessageBoxA\0".as_ptr() as *const i8);
+        let user32 = GetModuleHandleA(s!("user32.dll")).expect("Failed to get user32.dll handle");
+        
+        let dialog_func = GetProcAddress(user32, s!("MessageBoxA")).expect("Failed to get MessageBox Address");
 
         let mut interceptor = ApiInterceptor::new();
+        
         if !setup_interceptor(
-            dialog_func as LPVOID,
-            custom_dialog as LPVOID,
+            dialog_func as *mut std::ffi::c_void,
+            custom_dialog as *mut std::ffi::c_void,
             &mut interceptor,
         ) {
             println!("[ERROR] Interceptor setup failed");
             return;
         }
 
-        let text1 = CString::new("Testing Smukx System").unwrap();
-        let caption1 = CString::new("System Info").unwrap();
+        let text1 = s!("Testing 5mukx System");
+        let caption1 = s!("System Info");
 
         MessageBoxA(
-            null_mut(),
-            text1.as_ptr(),
-            caption1.as_ptr(),
+            None,
+            text1,
+            caption1,
             MB_OK | MB_ICONINFORMATION,
         );
 
-        println!("[INFO] Activating API interceptor...");
+        println!("[INFO] Activating API Interceptor...");
 
         if !activate_interceptor(&mut interceptor) {
             println!("[ERROR] Interceptor activation failed");
             return;
         }
         println!("[INFO] Interceptor activated");
 
-        let text2 = CString::new("Smukx Is Great").unwrap();
-        let caption2 = CString::new("System Info").unwrap();
+         if !activate_interceptor(&mut interceptor) {
+            println!("[ERROR] Interceptor activation failed");
+            return;
+        }
+        println!("[INFO] Interceptor activated");
+
+        let text2 = s!("Smukx Is Bad Guy...");
+        let caption2 = s!("System Info");
 
         MessageBoxA(
-            null_mut(),
-            text2.as_ptr(),
-            caption2.as_ptr(),
+            None,
+            text2,
+            caption2,
             MB_OK | MB_ICONINFORMATION,
         );
 
@@ -95,50 +97,52 @@ fn main() {
         }
         println!("[INFO] Interceptor deactivated");
 
-        let text3 = CString::new("Smukx System Restored").unwrap();
-        let caption3 = CString::new("System Info").unwrap();
+        let text3 = s!("Smukx System Restored");
+        let caption3 = s!("System Info");
+
         MessageBoxA(
-            null_mut(),
-            text3.as_ptr(),
-            caption3.as_ptr(),
+            None,
+            text3,
+            caption3,
             MB_OK | MB_ICONINFORMATION,
         );
-    }
-
-    println!("[INFO] PoC Demonstrated Successfully");
+        
+        println!("[INFO] PoC Demonstrated Successfully");
+    }    
 
 }
 
 fn setup_interceptor(
-    target_function: LPVOID,
-    replacement_function: LPVOID,
+    target_function: *mut std::ffi::c_void,
+    replacement_function: *mut std::ffi::c_void,
     interceptor: &mut ApiInterceptor,
-) -> bool {
-    if target_function.is_null() || replacement_function.is_null() {
+) -> bool{
+    if target_function.is_null() || replacement_function.is_null(){
         return false;
     }
 
     interceptor.target_function = target_function;
     interceptor.replacement_function = replacement_function;
 
     unsafe {
-        std::ptr::copy_nonoverlapping(
+        copy_nonoverlapping(
             target_function as *const u8,
             interceptor.original_code.as_mut_ptr(),
             INTERCEPTOR_SIZE,
         );
 
-        let mut old_protection: DWORD = 0;
-        if VirtualProtect(
+        let mut old_protection = PAGE_PROTECTION_FLAGS(0);
+        if let Err(e) = VirtualProtect(
             target_function,
             INTERCEPTOR_SIZE,
             PAGE_EXECUTE_READWRITE,
             &mut old_protection,
-        ) == 0
-        {
-            println!("[!] Memory protection change failed: {}", GetLastError());
+            
+        ) {
+            println!("[!] Memory Protection change failed: {:?}", e);
             return false;
         }
+
         interceptor.original_protection = old_protection;
     }
     true
@@ -150,24 +154,30 @@ fn activate_interceptor(interceptor: &mut ApiInterceptor) -> bool {
     }
 
     unsafe {
-        {
-            let interceptor_code: [u8; INTERCEPTOR_SIZE] = [
-                0xFF, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-            ];
-            let patch = interceptor.replacement_function as u64;
-            std::ptr::copy_nonoverlapping(
-                &patch as *const _ as *const u8,
-                (interceptor.target_function as *mut u8).offset(6),
-                std::mem::size_of::<u64>(),
-            );
-
-            std::ptr::copy_nonoverlapping(
-                interceptor_code.as_ptr(),
-                interceptor.target_function as *mut u8,
-                6,
-            );
-        }
+        // far jump instruction (JMP)
+        // 6 bytes for the JMP instruction (0xFF 0x25 0x00 0x00 0x00 0x00).
+        // 8 bytes for the 64-bit address of the target function.
+
+        let interceptor_code: [u8; INTERCEPTOR_SIZE] = [
+            // JMP [RIP + 0]
+            0xFF, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        ];
+
+        let patch = interceptor.replacement_function as u64;
+
+        copy_nonoverlapping(
+            &patch as *const _ as *const u8,
+            (interceptor.target_function as *mut u8).offset(6),
+            std::mem::size_of::<u64>(),
+        );
+
+        copy_nonoverlapping(
+            interceptor_code.as_ptr(),
+            interceptor.target_function as *mut u8,
+            6,
+        );
     }
+
     true
 }
 
@@ -177,59 +187,55 @@ fn deactivate_interceptor(interceptor: &mut ApiInterceptor) -> bool {
     }
 
     unsafe {
-        std::ptr::copy_nonoverlapping(
+        copy_nonoverlapping(
             interceptor.original_code.as_ptr(),
             interceptor.target_function as *mut u8,
             INTERCEPTOR_SIZE,
         );
 
         std::ptr::write_bytes(interceptor.original_code.as_mut_ptr(), 0, INTERCEPTOR_SIZE);
 
-        let mut old_protection: DWORD = 0;
-        if VirtualProtect(
+        let mut old_protection = PAGE_PROTECTION_FLAGS(0);
+        if let Err(e) = VirtualProtect(
             interceptor.target_function,
             INTERCEPTOR_SIZE,
             interceptor.original_protection,
             &mut old_protection,
-        ) == 0
-        {
-            println!(
-                "[!] Memory protection restoration failed: {}",
-                GetLastError()
-            );
+        ) {
+            println!("[!] Memory protection restoration failed: {:?}", e);
             return false;
         }
 
         interceptor.target_function = null_mut();
         interceptor.replacement_function = null_mut();
-        interceptor.original_protection = 0;
+        interceptor.original_protection = PAGE_PROTECTION_FLAGS(0);
     }
 
     true
 }
 
 unsafe extern "system" fn custom_dialog(
     hwnd: HWND,
-    lp_text: LPCSTR,
-    lp_caption: LPCSTR,
-    u_type: UINT,
+    lp_text: PCSTR,
+    lp_caption: PCSTR,
+    u_type: u32,
 ) -> i32 {
-    let text = unsafe { CStr::from_ptr(lp_text) }.to_string_lossy();
-    let caption = unsafe { CStr::from_ptr(lp_caption) }.to_string_lossy();
+    let text = unsafe { lp_text.to_string().unwrap_or_default() };
+    let caption = unsafe { lp_caption.to_string().unwrap_or_default() } ;
 
     println!("[INFO] Dialog Parameters:");
     println!("\tText: {}", text);
     println!("\tCaption: {}", caption);
 
-    let new_text = WideCString::from_str("Smukx Is Good").unwrap();
+    let new_text = WideCString::from_str("5mukx Is a Good Guy").unwrap();
     let new_caption = WideCString::from_str("System Dialog").unwrap();
 
     unsafe {
         MessageBoxW(
-            hwnd,
-            new_text.as_ptr() as LPWSTR,
-            new_caption.as_ptr() as LPWSTR,
-            u_type,
-        )
+            Some(hwnd),
+            PCWSTR::from_raw(new_text.as_ptr()),
+            PCWSTR::from_raw(new_caption.as_ptr()),
+            windows::Win32::UI::WindowsAndMessaging::MESSAGEBOX_STYLE(u_type),
+        ).0
     }
-}
+}
