API Hooking Example with BoxedApp SDK
BoxedApp SDK provides an API hooking layer that intercepts system functions at runtime—the same technique used internally by BoxedApp Packer—and offers a practical alternative to Microsoft Detours, which requires a commercial license.
In this example, we demonstrate how to hook the Windows API function CreateFileW in order to block access to a specific file (1.txt). Whenever the process attempts to create or open this file, the hook intercepts the call and forces it to fail, while all other file operations proceed normally.
The principle is straightforward:
- Define a function with the same signature as the original API (e.g.,
CreateFileW). - Implement custom logic inside the hook (for example, check whether the path equals
1.txt). - Call the original API for all other cases, preserving normal behavior.
This mechanism is extremely powerful for scenarios where you need to control or restrict file system access, enforce sandboxing policies, or implement process-level isolation without writing kernel drivers.
The BoxedApp SDK API hooking layer operates entirely in user mode. Hooks are lightweight, safe to install and remove at runtime. This allows developers to enforce custom I/O rules, without impacting the underlying operating system or requiring administrative privileges.
Samples
C++ Sample
typedef HANDLE (WINAPI *P_CreateFileW)(
LPCWSTR lpFileName,
DWORD dwDesiredAccess,
DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile);
P_CreateFileW g_pCreateFileW;
HANDLE WINAPI My_CreateFileW(
LPCWSTR lpFileName,
DWORD dwDesiredAccess,
DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile)
{
if (0 == lstrcmpiW(lpFileName, L"1.txt"))
{
SetLastError(ERROR_FILE_EXISTS);
return INVALID_HANDLE_VALUE;
}
else
return g_pCreateFileW(
lpFileName,
dwDesiredAccess,
dwShareMode,
lpSecurityAttributes,
dwCreationDisposition,
dwFlagsAndAttributes,
hTemplateFile);
}
...
BoxedAppSDK_Init();
PVOID pCreateFileW = GetProcAddress(GetModuleHandle(_T("kernel32.dll")), "CreateFileW");
HANDLE hHook__CreateFileW = BoxedAppSDK_HookFunction(pCreateFileW, &My_CreateFileW, TRUE);
g_pCreateFileW = (P_CreateFileW)BoxedAppSDK_GetOriginalFunction(hHook__CreateFileW);
FILE* f = fopen("1.txt", "r");
// f is NULL
...
BoxedAppSDK_UnhookFunction(hHook__CreateFileW);Delphi Sample
type
TCreateFileW =
function(lpFileName: PWideChar;
dwDesiredAccess, dwShareMode: Integer;
lpSecurityAttributes: PSecurityAttributes;
dwCreationDisposition, dwFlagsAndAttributes: DWORD;
hTemplateFile: THandle): THandle; stdcall;
var
OriginalCreateFileW: TCreateFileW;
function My_CreateFileW(
lpFileName: PWideChar;
dwDesiredAccess, dwShareMode: Integer;
lpSecurityAttributes: PSecurityAttributes;
dwCreationDisposition, dwFlagsAndAttributes: DWORD;
hTemplateFile: THandle): THandle; stdcall;
begin
if 0 = lstrcmpiW(lpFileName, '1.txt') then
begin
Result := INVALID_HANDLE_VALUE;
SetLastError(ERROR_ALREADY_EXISTS);
end
else
Result :=
OriginalCreateFileW(
lpFileName,
dwDesiredAccess,
dwShareMode,
lpSecurityAttributes,
dwCreationDisposition,
dwFlagsAndAttributes,
hTemplateFile);
end;
var
pCreateFileW: Pointer;
hHook__CreateFileW: THandle;
begin
Application.Initialize;
BoxedAppSDK_Init;
pCreateFileW := GetProcAddress(GetModuleHandle('kernel32.dll'), 'CreateFileW');
hHook__CreateFileW := BoxedAppSDK_HookFunction(pCreateFileW, @My_CreateFileW, TRUE);
OriginalCreateFileW := BoxedAppSDK_GetOriginalFunction(hHook__CreateFileW);
// This line produces an exception because we prevent creating / opening '1.txt'
TFileStream.Create('1.txt', fmCreate or fmOpenRead);
BoxedAppSDK_UnhookFunction(hHook__CreateFileW);
end.