IAT Hooker is a tool that I recently developed to hook any function within the Import Address Table (IAT). It serves as a universal hooker designed for hooking x64 PE files with a custom DLL injector. IAT Hooking (T0874) is categorized as a Privilege Escalation and Execution tactic, as listed in the MITRE Enterprise framework.
Steps for injecting your own functionality:
- Create a file named task.dll.
- Replace the MessageBoxW function with your own code. Keep rest of the code as it is.
- Make sure that 'task.dll', 'hookIAT.exe' and 'r_Src.dll' files are in the same directory.
![Screenshot 2023-09-01 at 8 24 06 AM](https://private-user-images.githubusercontent.com/59355395/264907296-1c06ca76-e24d-4c21-84d5-c12704570f40.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjEyMDMxMzQsIm5iZiI6MTcyMTIwMjgzNCwicGF0aCI6Ii81OTM1NTM5NS8yNjQ5MDcyOTYtMWMwNmNhNzYtZTI0ZC00YzIxLTg0ZDUtYzEyNzA0NTcwZjQwLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MTclMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzE3VDA3NTM1NFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTJiZDkyYjBhYjAxYmIzMGNhYjMzNDgwZTI5OGY4MjNlMzcxNWJlNWM1ZjM4OGE5ZTkxYzY2ZGVjZjRkZDQ3YjUmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.SoY2-BFQleC5ZV0o78TbMz-oFCeHbD57mk8aVUfnGAo)