主要思想是改虚函数表,代码不长, 很容易看懂.嘿嘿.学了不少东西 #include <iostream.h> #include <windows.h> class mytest { public: mytest() { ZeroMemory(&mbi,sizeof(mbi)); dwOldProtect = 0; } ~mytest() { }; virtual fun1() { cout<<"fun1 called!"<<endl; } virtual fun2() { cout<<"fun2 called!"<<endl; } virtual fun3() { cout<<"fun3 called!"<<endl; } void Hook(DWORD dwAddFun) { pplVrtable= (DWORD**)(this); hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, ::GetCurrentProcessId()); if (VirtualQueryEx(hProcess, (LPVOID)(*pplVrtable), &mbi, sizeof(mbi)) != sizeof(mbi)) return; if(!::VirtualProtectEx(hProcess, mbi.BaseAddress, 4, PAGE_EXECUTE_READWRITE, &dwOldProtect)) return; ReadProcessMemory(hProcess,&(*pplVrtable)[0],&Old,sizeof(DWORD),&read); (*pplVrtable)[0] = dwAddFun; } void UnHook() { DWORD dwTemp = 0; (*pplVrtable)[0] = Old; ::VirtualProtectEx(hProcess, mbi.BaseAddress, 4, dwOldProtect, &dwTemp); CloseHandle(hProcess); } private: HANDLE hProcess; DWORD dwOldProtect; DWORD** pplVrtable; DWORD Old; DWORD read; MEMORY_BASIC_INFORMATION mbi; }; void MyFun() { cout<<"This is my function"<<endl; } void main() { mytest* pA = new mytest; DWORD add = (DWORD)MyFun; pA->Hook(add); cout<<"Begin to call founction f1."<<endl; pA->fun1(); pA->UnHook(); pA->fun1(); delete pA; }