1
00:00:00,660 --> 00:00:07,500
So in the previous video, we have seen how to put the function manually in the local process.

2
00:00:07,530 --> 00:00:15,150
Now we'll be seeing a library called Easy Hook to make this process much more easier.

3
00:00:17,890 --> 00:00:22,420
So to install this easy hook, you need to install this nugget package.

4
00:00:22,450 --> 00:00:27,460
Go to tools and go to another package manager and click on this manage.

5
00:00:28,540 --> 00:00:32,510
Now in the browser tab you search for easy hook.

6
00:00:34,110 --> 00:00:41,610
So this easy hook is the sharp implementation and this need to packages or you can use this easy hook

7
00:00:41,640 --> 00:00:43,140
via c C++.

8
00:00:43,710 --> 00:00:45,710
So I have already enjoyed this one.

9
00:00:45,720 --> 00:00:51,510
You check this mark and click on install I have already installed so that's why it is telling to install.

10
00:00:52,680 --> 00:00:56,040
So we are going to hook this message box w function.

11
00:00:56,040 --> 00:00:58,440
So I have declared the signature.

12
00:00:58,470 --> 00:01:04,200
Let's go and try to execute this one if it's working properly or not.

13
00:01:15,550 --> 00:01:16,120
So.

14
00:01:16,450 --> 00:01:17,770
So let's run this.

15
00:01:21,350 --> 00:01:23,720
And we can see that message box has been.

16
00:01:25,830 --> 00:01:27,240
Executed successfully.

17
00:01:28,050 --> 00:01:35,820
Now, as well as in the previous videos, we need to declare a delegate with the exact function signature

18
00:01:35,820 --> 00:01:38,010
of this message box W So.

19
00:01:38,930 --> 00:01:41,030
So public delegate.

20
00:01:42,290 --> 00:01:42,770
In.

21
00:01:44,750 --> 00:01:46,100
Message did you get?

22
00:01:54,790 --> 00:01:56,920
So we can copy this one.

23
00:02:01,240 --> 00:02:02,550
So interesting.

24
00:02:02,560 --> 00:02:12,250
If we are using the Unicode version, what you need to do is we need to master this parameter as unmanaged

25
00:02:12,250 --> 00:02:14,860
type dot wrong pointer.

26
00:02:14,860 --> 00:02:16,300
Why it catch string?

27
00:02:16,690 --> 00:02:18,100
So copy this one.

28
00:02:19,120 --> 00:02:19,990
And here.

29
00:02:20,770 --> 00:02:22,640
And we are good to go.

30
00:02:22,660 --> 00:02:26,710
So the delegate has been successfully declared.

31
00:02:26,740 --> 00:02:30,310
Now we need to write our custom who could function.

32
00:02:30,340 --> 00:02:37,750
So public static and int who could function?

33
00:02:39,010 --> 00:02:41,860
Or you can copy the same parameters as this.

34
00:02:55,680 --> 00:03:04,140
Now what we want to do is we now need to save those function address bytes starting five bytes as we

35
00:03:04,140 --> 00:03:05,990
have done in the previous videos.

36
00:03:06,000 --> 00:03:10,000
If we are not, if we are not watching my previous video, go ahead and watch that.

37
00:03:10,020 --> 00:03:12,510
It will be very useful.

38
00:03:12,540 --> 00:03:18,870
So in the previous video we have copied the 4 to 5 bytes at that function address and overwritten with

39
00:03:18,870 --> 00:03:20,520
the jump to our function.

40
00:03:20,520 --> 00:03:25,470
So we don't need to do that because the easy hook will automatically do this for you.

41
00:03:26,840 --> 00:03:31,610
So all you need to do is you need to say message box W of.

42
00:03:33,890 --> 00:03:35,210
And you can simply.

43
00:03:37,070 --> 00:03:38,540
But these functions.

44
00:03:43,050 --> 00:03:47,310
So we are just normally executing that search box as it is for now.

45
00:03:48,610 --> 00:03:57,340
Now what we going to do is we need to create a hook variable, easy hook, dot create.

46
00:03:59,360 --> 00:04:02,120
And these steaks are so easy.

47
00:04:03,660 --> 00:04:06,450
Broker who did not create.

48
00:04:11,310 --> 00:04:15,520
And this takes the first parameter as the function address.

49
00:04:15,570 --> 00:04:17,730
And the second one is the delegate.

50
00:04:18,630 --> 00:04:23,550
Delegate function we need to hook.

51
00:04:24,060 --> 00:04:28,800
So the first parameter is we can say easy hook dot.

52
00:04:30,950 --> 00:04:36,070
Roker who don't get proper dress and we need to pass in the dealer name.

53
00:04:36,080 --> 00:04:37,860
User 32 DL.

54
00:04:39,960 --> 00:04:44,490
And the next one is the message box.

55
00:04:45,330 --> 00:04:47,580
So we are getting the.

56
00:04:48,860 --> 00:04:51,290
Function address how this message box w.

57
00:04:51,980 --> 00:04:55,370
And the second one is second parameter of.

58
00:04:57,520 --> 00:04:57,950
Okay.

59
00:04:58,170 --> 00:05:04,600
Uh, the second parameter is that so we can say a new message that you get off.

60
00:05:04,720 --> 00:05:08,200
So pass this function so it will create a.

61
00:05:10,520 --> 00:05:13,820
A new delegate of type who could function.

62
00:05:14,570 --> 00:05:16,580
Now we can pass this as null.

63
00:05:18,840 --> 00:05:22,500
So we have created a hook or several hook.

64
00:05:24,560 --> 00:05:25,730
Now we need to.

65
00:05:27,430 --> 00:05:28,390
Initiate this one.

66
00:05:28,390 --> 00:05:29,440
So we can do that.

67
00:05:29,440 --> 00:05:31,230
We can say hook dot.

68
00:05:33,710 --> 00:05:34,540
Thread is here.

69
00:05:34,540 --> 00:05:37,840
Dot set, inclusive is here.

70
00:05:37,840 --> 00:05:40,900
So this will take an array of threat IDs.

71
00:05:41,110 --> 00:05:43,060
So the current threat ID is zero.

72
00:05:43,060 --> 00:05:51,250
If you want to hook the current threat to this function, you can say new int we can.

73
00:05:51,250 --> 00:05:53,030
We are going to declare a.

74
00:05:56,490 --> 00:05:59,460
An array which contains the thread IDs.

75
00:06:00,330 --> 00:06:01,740
So now the.

76
00:06:03,760 --> 00:06:06,670
The trade has been hooked to this function.

77
00:06:06,670 --> 00:06:18,390
So first, let's call this one message box or two message boxes and let's run this and high and high.

78
00:06:18,400 --> 00:06:23,140
So we are going to change modify a little bit if.

79
00:06:25,530 --> 00:06:28,650
We can say text is equal to.

80
00:06:30,170 --> 00:06:31,730
Uh, so let's say upon.

81
00:06:35,660 --> 00:06:36,480
So let's run this.

82
00:06:36,500 --> 00:06:38,810
We are just changing the second parameter.

83
00:06:38,810 --> 00:06:39,890
That is the text.

84
00:06:40,310 --> 00:06:46,400
Now, if I go and run this one now high and we can see the one, so.

85
00:06:47,150 --> 00:06:50,930
The function or who could function has successfully executed.

86
00:06:54,320 --> 00:06:58,760
Now to remove this hook, you can set thread a single dot set.

87
00:06:58,940 --> 00:07:00,440
Excuse you is here.

88
00:07:02,370 --> 00:07:03,720
And copy this one.

89
00:07:07,570 --> 00:07:09,670
Now go ahead and copy this.

90
00:07:09,670 --> 00:07:10,870
So this will.

91
00:07:15,420 --> 00:07:17,100
So this easy hook will do.

92
00:07:17,100 --> 00:07:21,900
Are these saving those bytes and pasting?

93
00:07:22,110 --> 00:07:24,240
After the function has been executed.

94
00:07:24,240 --> 00:07:27,090
So all of these operations for us.

95
00:07:27,810 --> 00:07:30,000
So the first should execute high.

96
00:07:30,030 --> 00:07:32,510
Second, one point and third one high.

97
00:07:32,520 --> 00:07:36,000
So let's go run this high band and high.

98
00:07:36,030 --> 00:07:44,730
So this is how you use the hook to rock or hook a function in the rocker process.