64位系统InlineHook
APIHook64Class.h
1 #ifndef APIHOOK64CLASS_H_ 2 #define APIHOOK64CLASS_H_ 3 #include <Windows.h> 4 5 class APIHook64 6 { 7 private: 8 unsigned char code[12]; 9 unsigned char oldcode[12]; 10 FARPROC addr; 11 12 public: 13 APIHook64(); 14 BOOL Hook(char *dllName,char *apiName,long long callfunc,BOOL bHook=TRUE); 15 }; 16 17 #endif
APIHook64Class.cpp
1 #include "APIHook64Class.h" 2 3 APIHook64::APIHook64() 4 { 5 /* 6 mov eax,0x12345678 7 push eax 8 ret 9 */ 10 unsigned char c[12] = { 0x48, 0xB8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0xC3 }; 11 RtlMoveMemory(APIHook64::code, c, 12); 12 memset(APIHook64::oldcode, 0, 12); 13 addr = NULL; 14 } 15 16 BOOL APIHook64::Hook(char *dllName, char *apiName, long long callfunc, BOOL bHook) 17 { 18 BOOL bOk = FALSE; 19 DWORD dwOldProtect = 0; 20 long long api = callfunc; 21 HANDLE hPro = GetCurrentProcess(); 22 23 if (!APIHook64::oldcode[0]) 24 { 25 addr = GetProcAddress(LoadLibrary(dllName), apiName); 26 RtlMoveMemory(APIHook64::code+2, &api, 8); 27 if (VirtualProtectEx(hPro, addr, 12, PAGE_EXECUTE_READWRITE, &dwOldProtect)) 28 { 29 RtlMoveMemory(APIHook64::oldcode, addr, 12); 30 } 31 } 32 if (bHook) 33 { 34 bOk = WriteProcessMemory(hPro, addr, APIHook64::code, 12, NULL); 35 } 36 else { 37 bOk = WriteProcessMemory(hPro, addr, APIHook64::oldcode, 12, NULL); 38 } 39 VirtualProtectEx(hPro, addr, 12, dwOldProtect, &dwOldProtect); 40 CloseHandle(hPro); 41 return bOk; 42 }