(C++) Hook Injection by Unprotect

Created the Tuesday 06 December 2022. Updated 1 month, 3 weeks ago.

Description:

In this code, the HookFunction is injected as a hook using the SetWindowsHookEx function. This function will be called whenever a low-level mouse event occurs, allowing the malware to monitor and manipulate user actions. The CallNextHookEx function is used to call the next hook in the chain, allowing the normal flow of execution to continue.

Code

            #include <windows.h>

// The function to be injected as a hook
LRESULT CALLBACK HookFunction(int code, WPARAM wParam, LPARAM lParam) {
  // Perform malicious actions here
  
  // Return the result of the next hook in the chain
  return CallNextHookEx(NULL, code, wParam, lParam);
}

int main() {
  // Install the hook
  HHOOK hHook = SetWindowsHookEx(WH_MOUSE_LL, HookFunction, NULL, 0);
  
  // Run the message loop to receive events
  MSG msg;
  while (GetMessage(&msg, NULL, 0, 0)) {
    TranslateMessage(&msg);
    DispatchMessage(&msg);
  }
  
  // Uninstall the hook
  UnhookWindowsHookEx(hHook);
  
  return 0;
}