Added hooking detection in auth.cpp for the req ( Request ) function

seeby2 · seeby2 · commit 8fda365c3fa5 · 2025-11-24T17:49:53.000+01:00
diff --git a/Security.hpp b/Security.hpp
@@ -5,6 +5,25 @@
 #include <aclapi.h>
 #include <bcrypt.h>
 
+
+auto is_hooked = [](void* fn) -> bool {
+    if (!fn) return true;
+
+
+    BYTE bytes[5];
+    memcpy(bytes, fn, 5);
+
+
+    if (bytes[0] == 0xE9 || bytes[0] == 0xE8)
+        return true;
+
+    if (bytes[0] == 0xFF && bytes[1] == 0x25)
+        return true;
+
+    return false;
+    };
+
+
 // code submitted in pull request from https://github.com/sbtoonz, authored by KeePassXC https://github.com/keepassxreboot/keepassxc/blob/dab7047113c4ad4ffead944d5c4ebfb648c1d0b0/src/core/Bootstrap.cpp#L121
 inline bool LockMemAccess()
 {
diff --git a/auth.cpp b/auth.cpp
@@ -1694,6 +1694,27 @@ std::string KeyAuth::api::req(const std::string& data, const std::string& url) {
     signature.clear();
     signatureTimestamp.clear();
 
+
+    if (is_hooked((void*)&curl_easy_perform))
+    {
+        error("Hook detected in curl_easy_perform");
+    }
+
+    if (is_hooked((void*)&curl_easy_init))
+    {
+        error("Hook detected in curl_easy_init");
+    }
+
+    if (is_hooked((void*)&curl_easy_setopt))
+    {
+        error("Hook detected in curl_easy_setopt");
+    }
+
+    if (is_hooked((void*)&curl_easy_cleanup))
+    {
+        error("Hook detected in curl_easy_cleanup");
+    }
+
     CURL* curl = curl_easy_init();
     if (!curl) {
         error(XorStr("CURL Initialization Failed!"));
