#include "stdafx.h" #include <windows.h> typedef int (_stdcall *MessageBox_Type)( HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption, UINT uType); MessageBox_Type OldMessage; _declspec (naked) void __stdcall My_MessageBox( HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption, UINT uType) { _asm { push ebp mov ebp,esp } printf("取得的数据: %x,%s,%s,%x",hWnd,lpText,lpCaption,uType); _asm { mov eax,OldMessage add eax,5 jmp eax } } #pragma pack(1) //对齐标志 以1字节 默然是4字节 typedef struct _JMPCODE { BYTE Jmp; DWORD Addr; }JMPCODE,*PJMPCODE; void InLineHook() { JMPCODE jmpCode; HMODULE h = LoadLibrary("user32.dll"); OldMessage = (MessageBox_Type)(GetProcAddress(h,"MessageBoxA")); jmpCode.Jmp = 0xe9; //当前地址 - 目的地址 - 5 jmpCode.Addr = (DWORD)(&My_MessageBox) - (DWORD)(&MessageBoxA) - 5; WriteProcessMemory( GetCurrentProcess(), &MessageBoxA, &jmpCode,sizeof(JMPCODE), 0); CloseHandle(h); } int main() { InLineHook(); MessageBoxA(0,"文本","标题!!!/n",MB_OK); return 0; }