What is best way to hook win32 api (most interest sockets linke gethostbyname) in usermode? I need to hook both call with IAT and GetProcAddress run time determine and call.

[content deleted]

bcdsys:

If you don't know Portable Executable format you cannot write a program to set a hook on tcp socket api function in usermode.

A PE executable contains a table fullfilled with addresses of api functions imported when the program is loaded in memory by Windows.

Some programs import dynamically api functions directly using LoadLibrary/GetProcaddress api functions

When imports table do exist, you can add a routine in the targeted program to patch the table with a new address at runtime for the desired api function to set a hook.
Or you can write another program to do the job.
(in this case, some problems will probably occur with the hardware protection used in not too old microprocessors: memory section have or have not a "execute" attrbute. Trying to run a program, for example in the stack, will
lead to an error message box !)

check this: http://www.apihooks.com/