hook.h #ifndef _HOOK_H #define _HOOK_H #include <windows.h> int __declspec(dllexport) __stdcall InstallHook(DWORD pid); int __declspec(dllexport) __stdcall UninstallHook(); #endif hook.cpp #include "Hook.h" #include <windows.h> #include "detours.h" #include <stdio.h> #pragma comment(lib,"detours.lib") HHOOK g_hHook = NULL; HMODULE g_hInst = NULL; bool g_bIntercepted = false; #pragma data_seg(".myshare") DWORD g_pid = NULL; bool IsRun = false; #pragma data_seg() #pragma comment(linker,"/SECTION:.myshare,RWS") BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved ); LRESULT CALLBACK ShellProc( int nCode, WPARAM wParam, LPARAM lParam ); void Intercept(); void UnIntercept(); HANDLE WINAPI NewOpenProcess(DWORD fdwAccess, BOOL fInherit, DWORD IDProcess); //-------------------------------------------------------------------------- DETOUR_TRAMPOLINE(HANDLE WINAPI OldOpenProcess(DWORD fdwAccess, BOOL fInherit, DWORD IDProcess), OpenProcess); //---------------------------------------------------------------------- BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved ) { g_hInst = hinstDLL; switch (fdwReason) { case DLL_PROCESS_ATTACH: break; case DLL_THREAD_ATTACH: break; case DLL_THREAD_DETACH: break; case DLL_PROCESS_DETACH: UnIntercept(); break; } return TRUE; } //---------------------------------------------------------------------- LRESULT CALLBACK ShellProc( int nCode, WPARAM wParam, LPARAM lParam ) { if(!g_bIntercepted) Intercept(); return CallNextHookEx(g_hHook, nCode, wParam, lParam); } //---------------------------------------------------------------------- _declspec(dllexport) int __stdcall InstallHook(DWORD pid) { if(g_hHook == NULL) { g_pid = pid; IsRun = true; g_hHook = ::SetWindowsHookEx( WH_SHELL , ShellProc ,(HINSTANCE)g_hInst, 0); return 1; } return 0; } //---------------------------------------------------------------------- _declspec(dllexport) int __stdcall UninstallHook() { if(::UnhookWindowsHookEx( g_hHook )) { g_hHook = NULL; IsRun = false; return 1; } return 0; } //---------------------------------------------------------------------- bool IsProRunning() { return IsRun; } //---------------------------------------------------------------------- HANDLE WINAPI NewOpenProcess(DWORD fdwAccess, BOOL fInherit, DWORD IDProcess) { HANDLE temp; __try { if (IDProcess == g_pid) { temp = NULL; } else { temp = OldOpenProcess(fdwAccess,fInherit,IDProcess); } } __finally { return temp; }; } //---------------------------------------------------------------------- void Intercept() { DetourFunctionWithTrampoline((PBYTE)OldOpenProcess, (PBYTE)NewOpenProcess); } //---------------------------------------------------------------------- void UnIntercept() { DetourRemove((PBYTE)OldOpenProcess, (PBYTE)NewOpenProcess); } hook.def ; Hook.def : Declares the module parameters for the DLL. LIBRARY "Hook" DESCRIPTION 'Hook Windows Dynamic Link Library' EXPORTS ; Explicit exports can go here InstallHook @1 UninstallHook @2