Intercepting Functions

Overview

BoxedApp SDK is built upon intercepting system functions to implement its virtualization features.
The same powerful interception mechanism is also exposed to developers, allowing them to hook any system or user function.

Related API

You can control hooks using the following SDK functions:

BoxedAppSDK_HookFunction — creates a hook and optionally enables it immediately
BoxedAppSDK_EnableHook — enables or disables a hook
BoxedAppSDK_GetOriginalFunction — returns a pointer to the original function so it can still be called
BoxedAppSDK_UnhookFunction — removes the hook completely

How It Works

When you call BoxedAppSDK_HookFunction, you pass the address of the target function and your replacement (hook) function.
Whenever the original function is called, your hook function receives control first.
Inside it, you can inspect or modify parameters, perform logging, or forward the call to the original function.

Example

#include "BoxedAppSDK.h"
 
HANDLE g_hCreateFileWHook = NULL;
 
HANDLE WINAPI My_CreateFileW(
  LPCWSTR lpFileName,
  DWORD dwDesiredAccess,
  DWORD dwShareMode,
  LPSECURITY_ATTRIBUTES lpSecurityAttributes,
  DWORD dwCreationDisposition,
  DWORD dwFlagsAndAttributes,
  HANDLE hTemplateFile)
{
  // Example: simple logging
  OutputDebugStringW(L"My_CreateFileW called");
 
  // Call the original function if needed
  typedef HANDLE (WINAPI *P_CreateFileW)(
      LPCWSTR, DWORD, DWORD,
      LPSECURITY_ATTRIBUTES,
      DWORD, DWORD, HANDLE);
 
  P_CreateFileW pCreateFileW = (P_CreateFileW)
      BoxedAppSDK_GetOriginalFunction(g_hCreateFileWHook);
 
  return pCreateFileW(lpFileName, dwDesiredAccess, dwShareMode,
                      lpSecurityAttributes, dwCreationDisposition,
                      dwFlagsAndAttributes, hTemplateFile);
}
 
void SetupHook()
{
  BoxedAppSDK_Init();
 
  PVOID pCreateFileW = (PVOID)GetProcAddress(
      GetModuleHandleW(L"kernel32.dll"),
      "CreateFileW");
 
  g_hCreateFileWHook = BoxedAppSDK_HookFunction(pCreateFileW, &My_CreateFileW, FALSE);
 
  // Enable the hook
  BoxedAppSDK_EnableHook(g_hCreateFileWHook, TRUE);
}

uses
Windows, BoxedAppSDK;
 
type
TCreateFileW = function(
  lpFileName: PWideChar;
  dwDesiredAccess, dwShareMode: Integer;
  lpSecurityAttributes: PSecurityAttributes;
  dwCreationDisposition, dwFlagsAndAttributes: DWORD;
  hTemplateFile: THandle): THandle; stdcall;
 
var
OriginalCreateFileW: TCreateFileW;
hHook_CreateFileW: THandle;
 
function My_CreateFileW(
lpFileName: PWideChar;
dwDesiredAccess, dwShareMode: Integer;
lpSecurityAttributes: PSecurityAttributes;
dwCreationDisposition, dwFlagsAndAttributes: DWORD;
hTemplateFile: THandle): THandle; stdcall;
begin
OutputDebugString('My_CreateFileW called');
Result := OriginalCreateFileW(
  lpFileName, dwDesiredAccess, dwShareMode,
  lpSecurityAttributes, dwCreationDisposition,
  dwFlagsAndAttributes, hTemplateFile);
end;
 
procedure SetupHook;
var
pCreateFileW: Pointer;
begin
BoxedAppSDK_Init;
pCreateFileW := GetProcAddress(GetModuleHandle('kernel32.dll'), 'CreateFileW');
hHook_CreateFileW := BoxedAppSDK_HookFunction(pCreateFileW, @My_CreateFileW, FALSE);
OriginalCreateFileW := BoxedAppSDK_GetOriginalFunction(hHook_CreateFileW);
BoxedAppSDK_EnableHook(hHook_CreateFileW, TRUE);
end;

Use Cases

Monitoring API usage (file access, registry, networking, etc.)
Security or logging of sensitive operations
Custom sandboxing or redirection of system calls
Advanced debugging and profiling