procedure TForm1.btnTestClick(Sender: TObject); var TmpWndHandle:THandle; Add:Pointer; wR:Boolean; oldprotect:DWORD; StrTmp:string; begin ProcessHandle := GetCurrentProcess; OldMsg :=@TForm1.MsgBeforeHook; Add := @TForm1.MsgBeforeHook; ReadProcessMemory(ProcessHandle,Pointer(OldMsg), BufferOld, 8, dw); VirtualProtectEx(ProcessHandle,Pointer(OldMsg),8,PAGE_EXECUTE_READWRITE,@oldprotect); JmpCode.JmpCode := $B8; JmpCode.MovEAX[0] := $FF; JmpCode.MovEAX[1] := $E0; JmpCode.MovEAX[2] := 0; JmpCode.Address := Pointer(@TForm1.MsgAfterHook); WriteProcessMemory(ProcessHandle,Pointer(OldMsg),@JmpCode, 8, dw); end; procedure TForm1.MsgAfterHook; var tmp:TMessageProc; begin ShowMessage('Yes Hook'); //调用真正的 WriteProcessMemory(ProcessHandle, Pointer(OldMsg), BufferOld, 8, dw); @tmp := OldMsg; tmp; WriteProcessMemory(ProcessHandle, Pointer(OldMsg), @JmpCode, 8, dw); end; 几个注意地方: 1。 要HOOK函数的基址 2.新HOOK函数的基址。