function TrueFunctionAddress(func: Pointer): Pointer;
var
Code: PlmportCode;
Begin
Result:= func;
if func = nil then exit;
try
Code := func;
if (Code.jumplnstruction = $25FF) then begin
Result := Code.AddressOfPointerToFunction^;
end;
except
Result :=nil;
end;
end;
//这样,只要用自己的函数的地址代替它就可以了。替换函数:
Procedure PermuteFunction(OldFunc:Ppointer; NewFunc:Pointer);
var
written: DWORD;
begin
WriteProcessMemory(GetCurrentProcess,OldFunc,@NewFunc,4,written);
end;
function MyBoxA (hwn: hwnd; Iptext: pchar; Ipcapion:pchar; utype: cardinal): integer;stdcall;
begin
PermuteFunction(FuncMessageboxA.AddressOfPointerToFunction,@OldMessageboxA);
result :=OldMessageBoxA(hwn,'Succes Hook A!', Ipcapion,utype);
PermuteFunction(FuncMessageboxA.AddressOfPointerToFunction,@MyBoxA);
end;
function MyBoxW (hwn: hwnd; Iptext: pchar; Ipcapion:pchar; utype: cardinal): integer;stdcall;
begin
PermuteFunction(FuncMessageboxW.AddressOfPointerToFunction,@OldMessageboxW);
result :=OldMessageBoxW(hwn,'成功挂上W!',Ipcapion,utype);
PermuteFunction(FuncMessageboxW.AddressOfPointerToFunction,@MyBoxW);
end;
procedure API_Hookup;
begin
if @OldMessageBoxA = nil then
@OldMessageBoxA := TrueFunctionAddress(@messageboxA);
if @OldMessageBoxW = nil then
@OldMessageBoxW := TrueFunctionAddress(@messageboxW);
PermuteFunction(FuncMessageboxA.AddressOfPointerToFunction,@MyBoxA);
PermuteFunction(FuncMessageboxW.AddressOfPointerToFunction,@MyBoxW);
end;
procedure Un_API_Hook;
begin
if @OldMessageBoxA <> nil then begin
PermuteFunction(FuncMessageboxA.AddressOfPointerToFunction,@OldMessageboxA);
PermuteFunction(FuncMessageboxW.AddressOfPointerToFunction,@OldMessageboxW);
end;
end;
function gethookinfo(code:integer;wp:WPARAM;lp:LPARAM):LResult;stdcall;
begin
result:= CallNextHookEx(mymousehook.hook,code,wp,lp);
end;
procedure installmousehook();stdcall;
begin
if not mymousehook.isrun then
begin
mymousehook.hook:=setwindowshookex(WH_MOUSE,@gethookinfo,HInstance,0);
mymousehook.isrun:=not mymousehook.isrun;
end;
end;
procedure uninstallmousehook(); stdcall;
begin
if mymousehook.isrun then
begin
UnHookWindowsHookEx(mymousehook.hook);
mymousehook.isrun:=not mymousehook.isrun;
end;
end;
Procedure DLLEntryPoint(dwReason:DWord);
begin
Case dwReason of
DLL_PROCESS_ATTACH:begin
mymousehook.isrun:=false;
FuncMessageboxA := @MessageboxA;
FuncMessageBoxw := @MessageboxW;
API_Hookup;
end;
DLL_PROCESS_DETACH:
begin
Un_API_Hook;
end;
DLL_THREAD_ATTACH:;
DLL_THREAD_DETACH:;
End;
end;
exports
installmousehook,
uninstallmousehook;
begin
DLLProc := @DLLEntryPoint;
DLLEntryPoint(DLL_PROCESS_ATTACH);
end.
procedure TForm1.Button1Click(Sender: TObject);
begin
installmousehook();
end;
procedure TForm1.Button2Click(Sender: TObject);
begin
uninstallmousehook();
end;
procedure TForm1.Button3Click(Sender: TObject);
begin
MessageBoxA(Form1.Handle,'NO HOOK UP A','MessageBoxA',MB_OK);
MessageBoxW(Form1.Handle,'NO HOOK UP W','MessageBoxW',MB_OK);
MessageBox (Form1.Handle,'NO HOOK UP BOX','MessageBox',MB_OK);
end;