写了个简单的内联API钩子类

class CApiHook{public:CApiHook():m_lpOldProcAddr(0), m_lpNewProcAddr(0){RtlZeroMemory(m_szJmpCode, sizeof(m_szJmpCode));RtlZeroMemory(m_szOldCode, sizeof(m_szOldCode));}BOOL Initial(LPVOID lpOldProcAddr, LPVOID lpNewProcAddr){if(!lpOldProcAddr || !lpNewProcAddr){m_lpOldProcAddr = NULL;m_lpNewProcAddr = NULL;RtlZeroMemory(m_szJmpCode, sizeof(m_szJmpCode));RtlZeroMemory(m_szOldCode, sizeof(m_szOldCode));return FALSE;}m_lpOldProcAddr = lpOldProcAddr;m_lpNewProcAddr = lpNewProcAddr;#ifdef _WIN64m_szJmpCode[0] = 0x48;m_szJmpCode[1] = 0xB8;m_szJmpCode[2] = (UCHAR)(((ULONG_PTR)lpNewProcAddr) & 0xff);m_szJmpCode[3] = (UCHAR)(((ULONG_PTR)lpNewProcAddr >> 8) & 0xff);m_szJmpCode[4] = (UCHAR)(((ULONG_PTR)lpNewProcAddr >> 16) & 0xff);m_szJmpCode[5] = (UCHAR)(((ULONG_PTR)lpNewProcAddr >> 24) & 0xff);m_szJmpCode[6] = (UCHAR)(((ULONG_PTR)lpNewProcAddr >> 32) & 0xff);m_szJmpCode[7] = (UCHAR)(((ULONG_PTR)lpNewProcAddr >> 40) & 0xff);m_szJmpCode[8] = (UCHAR)(((ULONG_PTR)lpNewProcAddr >> 48) & 0xff);m_szJmpCode[9] = (UCHAR)(((ULONG_PTR)lpNewProcAddr >> 56) & 0xff);m_szJmpCode[10] = 0xFF;m_szJmpCode[11] = 0xE0;#elsem_szJmpCode[0] = 0x68;m_szJmpCode[1] = (UCHAR)(((ULONG_PTR)lpNewProcAddr) & 0xff);m_szJmpCode[2] = (UCHAR)(((ULONG_PTR)lpNewProcAddr >> 8) & 0xff);m_szJmpCode[3] = (UCHAR)(((ULONG_PTR)lpNewProcAddr >> 16) & 0xff);m_szJmpCode[4] = (UCHAR)(((ULONG_PTR)lpNewProcAddr >> 24) & 0xff);m_szJmpCode[5] = 0xC3;#endifmemcpy(m_szOldCode, m_lpOldProcAddr, sizeof(m_szOldCode));return TRUE;}BOOL Hook(){DWORDdwOldProtect = 0;DWORD_PTRdwWrite = 0;if(!m_lpOldProcAddr || !m_lpNewProcAddr)return FALSE;if(!m_szJmpCode[0] || !m_szOldCode[0])return FALSE;if(!VirtualProtect(m_lpOldProcAddr, sizeof(m_szJmpCode), PAGE_EXECUTE_WRITECOPY, &dwOldProtect))return FALSE;if(!WriteProcessMemory(GetCurrentProcess(), m_lpOldProcAddr, m_szJmpCode, sizeof(m_szJmpCode), &dwWrite))return FALSE;if(!VirtualProtect(m_lpOldProcAddr, sizeof(m_szJmpCode), dwOldProtect, &dwOldProtect))return FALSE;return TRUE;}BOOL UnHook(){DWORDdwOldProtect = 0;DWORD_PTRdwWrite = 0;if(!m_lpOldProcAddr || !m_lpNewProcAddr)return FALSE;if(!m_szJmpCode[0] || !m_szOldCode[0])return FALSE;if(!VirtualProtect(m_lpOldProcAddr, sizeof(m_szOldCode), PAGE_EXECUTE_WRITECOPY, &dwOldProtect))return FALSE;if(!WriteProcessMemory(GetCurrentProcess(), m_lpOldProcAddr, m_szOldCode, sizeof(m_szOldCode), &dwWrite))return FALSE;if(!VirtualProtect(m_lpOldProcAddr, sizeof(m_szOldCode), dwOldProtect,  &dwOldProtect))return FALSE;return TRUE;}LPVOID GetOldFuncAddr(){return m_lpOldProcAddr;}LPVOID GetNewFuncAddr(){return m_lpNewProcAddr;}private:#ifdef _WIN64UCHARm_szJmpCode[12];UCHARm_szOldCode[12];#elseUCHARm_szJmpCode[6];UCHARm_szOldCode[6];#endifLPVOIDm_lpOldProcAddr;LPVOIDm_lpNewProcAddr;};