1 00:00:00,830 --> 00:00:08,840 Welcome in this new session, we are going to do some practical walkthrough on API cooking using detours, 2 00:00:09,440 --> 00:00:16,450 going down this project just by hooking, using to us unzip it and put it in the folder. 3 00:00:17,690 --> 00:00:19,980 Inside you find a few files. 4 00:00:20,000 --> 00:00:22,570 Initially, you won't have this file. 5 00:00:23,700 --> 00:00:25,380 Will be building this car. 6 00:00:27,280 --> 00:00:31,810 And also, you wouldn't have these who could Al will be building this -- the. 7 00:00:35,440 --> 00:00:38,530 So this is our --, and he is our target. 8 00:00:39,600 --> 00:00:42,300 So the target looks like this less open, not bad. 9 00:00:42,340 --> 00:00:44,100 Plus plus and study the good. 10 00:00:46,110 --> 00:00:47,580 It is a simple program. 11 00:00:48,090 --> 00:00:51,300 It is just going to show three message boxes. 12 00:00:52,570 --> 00:00:56,350 First message box, second message box and message box. 13 00:00:57,520 --> 00:00:58,000 That's all. 14 00:00:58,600 --> 00:01:06,760 So what we are going to do is to intercept this message box function calls and do something using it 15 00:01:06,760 --> 00:01:09,580 to us and to do that. 16 00:01:09,940 --> 00:01:12,100 We need to rein in this program called Hook. 17 00:01:12,370 --> 00:01:15,810 Don't keep this open, this heath. 18 00:01:16,000 --> 00:01:16,940 Not that fast. 19 00:01:16,960 --> 00:01:17,320 Plus. 20 00:01:18,040 --> 00:01:18,880 So who could? 21 00:01:19,330 --> 00:01:25,630 The recipe is actually a guy how you are going to be many attaches to the target process. 22 00:01:25,630 --> 00:01:32,110 In this case, our target process is target for when he attaches to target fall guy. 23 00:01:32,410 --> 00:01:33,940 You call the hook function. 24 00:01:34,510 --> 00:01:35,590 Who targets function. 25 00:01:36,760 --> 00:01:43,270 And when it detaches from the target for whoever you will call the unhook target function. 26 00:01:44,360 --> 00:01:49,770 So let's take a look at the whole target function in order to use in order to build this year. 27 00:01:50,150 --> 00:01:55,870 We need to include the G2's library and we can do that by including the editors dickish. 28 00:01:57,110 --> 00:01:58,070 So what's he included? 29 00:01:58,070 --> 00:01:59,810 He took it or his you access. 30 00:02:00,170 --> 00:02:07,880 You would have access to the the location data as far as soon as the entire iTunes library, which is 31 00:02:07,880 --> 00:02:10,180 in this folder now too. 32 00:02:10,190 --> 00:02:18,310 You can actually download all of this from Microsoft, GitHub and the link is provided in this file 33 00:02:18,320 --> 00:02:18,500 here. 34 00:02:18,510 --> 00:02:19,820 You can download this file here. 35 00:02:20,490 --> 00:02:28,280 This file continue to all the tools Microsoft GitHub page where you can download the latest library, 36 00:02:29,180 --> 00:02:30,380 but I've already downloaded. 37 00:02:30,410 --> 00:02:31,400 So you didn't have to do it. 38 00:02:31,430 --> 00:02:32,570 He is make use of this. 39 00:02:34,620 --> 00:02:40,320 And you can also read about the Microsoft Detours description of the project here as well. 40 00:02:40,680 --> 00:02:47,340 And this is where you can download articles written by the editors creator, which we discussed in your 41 00:02:47,340 --> 00:02:47,990 previous lesson. 42 00:02:50,700 --> 00:02:53,880 So this is how you include to a library. 43 00:02:55,270 --> 00:02:57,130 Now, take a look at the WHO target here. 44 00:02:58,420 --> 00:03:04,750 The WHO target is the function we should be call granny attached to the target for hookah. 45 00:03:05,620 --> 00:03:12,160 So the whole target who perform the you said you're hooked on the message box function. 46 00:03:13,190 --> 00:03:21,860 So in this case, you are targeting message box, that's why we are using the message box here in this 47 00:03:21,860 --> 00:03:22,310 program. 48 00:03:24,030 --> 00:03:27,600 So he uses transactions over here. 49 00:03:27,930 --> 00:03:34,830 We declare who visa to get hold of the media and who was successful. 50 00:03:35,510 --> 00:03:39,200 And here is where you need to call the few functions that will perform. 51 00:03:39,230 --> 00:03:39,960 You who can. 52 00:03:40,860 --> 00:03:48,690 First function used to initialize it by calling a detour transaction, begin function and then you get 53 00:03:48,710 --> 00:03:49,480 new contract. 54 00:03:50,400 --> 00:03:52,800 Yeah, by calling, they need to update track. 55 00:03:53,790 --> 00:03:58,860 The current set would be to try and get the -- attached to, in this case, staggered from the. 56 00:04:00,180 --> 00:04:06,720 Then he will perform the attach to the idea, will do the interception of the function call. 57 00:04:07,290 --> 00:04:10,440 So he's very specify what function are you going to set? 58 00:04:11,280 --> 00:04:14,640 In this case, you are going to send the message box function. 59 00:04:15,090 --> 00:04:23,370 So you need to specify as a first parameter and then second parameter is where you specify the modified 60 00:04:23,370 --> 00:04:28,890 version of the API that you have there you are going to use to replace the original API. 61 00:04:29,760 --> 00:04:35,460 And this pointer, this is a function pointer, is declared up here. 62 00:04:36,860 --> 00:04:42,800 And this is a pointer to the original message box formation, and you should follow exactly the. 63 00:04:43,990 --> 00:04:45,190 The what prototype? 64 00:04:46,220 --> 00:04:53,510 And that you would get from the media so you can go to media and take a look at I function prototype. 65 00:04:56,010 --> 00:05:01,800 So the message in box API is we will learn from this Microsoft website. 66 00:05:04,660 --> 00:05:09,340 And this is what it looks like he has got these four parameters. 67 00:05:10,860 --> 00:05:17,660 And here you can read all of the details of the parametres, which you need to pass when you declare 68 00:05:17,670 --> 00:05:21,300 a message box function your you. 69 00:05:22,440 --> 00:05:23,940 So take a look at this. 70 00:05:24,420 --> 00:05:28,200 The first parameter is your handle to the window and parent. 71 00:05:28,830 --> 00:05:31,320 If you do not have a parent, you can leave it blank. 72 00:05:32,100 --> 00:05:32,400 Right? 73 00:05:32,610 --> 00:05:39,720 So in this case here you want to declare this function front function pointer. 74 00:05:40,140 --> 00:05:44,640 So only to do is just copy the entire function for a time. 75 00:05:44,880 --> 00:05:45,450 From here? 76 00:05:46,170 --> 00:05:48,780 Copy and paste it here. 77 00:05:50,100 --> 00:05:51,460 Ladies, April. 78 00:05:52,750 --> 00:05:59,860 And they over here converted into a function pointer by putting the bracket in front in the back and 79 00:05:59,860 --> 00:06:07,390 in casting as a focal point of my doing this and then just giving you variable name for the name of 80 00:06:07,390 --> 00:06:09,200 the function point to his colleague. 81 00:06:09,220 --> 00:06:14,050 In this case, you call it the original message box and then you see where you can use it. 82 00:06:15,190 --> 00:06:19,960 And here you are saying the message box API to the function point. 83 00:06:20,950 --> 00:06:28,370 So all of this comes from message box comes from user 32 library and it is described here. 84 00:06:28,390 --> 00:06:32,740 So you go to the same as the engine screw all the way down. 85 00:06:33,720 --> 00:06:40,150 You'll be able to see the source of the message box, which is actually used to library. 86 00:06:43,230 --> 00:06:51,480 So that's why we need to include this site here to compile to link it together with the when the link 87 00:06:51,690 --> 00:06:53,670 comes, when Link does his job. 88 00:06:54,890 --> 00:06:55,970 So this is where you use it. 89 00:06:56,180 --> 00:06:56,870 You included. 90 00:06:59,090 --> 00:07:05,570 So when you when the terrorist attacks, you can't target, so who target who then do all these things 91 00:07:05,570 --> 00:07:06,530 and then attack? 92 00:07:07,040 --> 00:07:13,950 And then after you commit communist way, he performs the actual execution. 93 00:07:13,970 --> 00:07:16,430 All we have, he has to specify up here. 94 00:07:17,060 --> 00:07:21,590 So when he committed, you will return, resigning his story in this veritable cooking visa. 95 00:07:22,430 --> 00:07:29,400 And then we just bring a message to let the user know in a common, common and terminal message. 96 00:07:29,400 --> 00:07:35,030 Same message box who and who can result in such and such and unusual networking result? 97 00:07:35,180 --> 00:07:36,020 And we tend to. 98 00:07:37,460 --> 00:07:47,510 And then when the when the network is detaching from the target, he will then call the unhook target 99 00:07:47,930 --> 00:07:48,500 function. 100 00:07:49,340 --> 00:07:51,140 The target function is over here. 101 00:07:51,890 --> 00:07:57,080 What he does is undo the hooks and revert changes to origin and code. 102 00:07:58,520 --> 00:08:04,820 And as usual, we use the variable and hooking result up here, the user who can answer here we declare 103 00:08:04,820 --> 00:08:09,680 an organizer and you perform the same transaction function calls. 104 00:08:10,250 --> 00:08:19,310 By this time you unhooking, you call detour detection instead of two attach. 105 00:08:20,270 --> 00:08:27,380 And then once the committee, you return the result here and you bring a message to the user to let 106 00:08:27,380 --> 00:08:33,440 the user know who's at the who has been removed from the message box with the uncanny result such and 107 00:08:33,440 --> 00:08:33,740 such. 108 00:08:33,740 --> 00:08:36,860 And you print the unhooking result and you return true. 109 00:08:37,850 --> 00:08:40,700 So here is how the hook works. 110 00:08:41,210 --> 00:08:52,010 And so that's all for this explanation in the next video, we're going to do the practical on on this. 111 00:08:52,280 --> 00:08:53,570 So thank you for watching. 112 00:08:53,610 --> 00:08:55,370 I'll see you next on.