UApiHook

1. // UApiHook.h:
2. //---------------------------------------------------------------------------
3. #ifndef UApiHookH
4. #define UApiHookH
5. //---------------------------------------------------------------------------
6. #include <windows.h>
7. //---------------------------------------------------------------------------
8. #pragma pack (push, 1)
9. typedef struct _far_jmp{
10.     BYTE  PushOp;
11.     PVOID PushArg;
12.     BYTE  RetOp;
13. } far_jmp, *pfar_jmp;
14. typedef struct _OldCode{
15.     USHORT One;
16.     ULONG  TWO;
17. } OldCode, *POldCode;
18. #pragma pack (pop)
19. //---------------------------------------------------------------------------
20. OldCode HookAPI(PVOID API, PVOID NewFunc);
21. void UnhookAPI(OldCode OldProc, PVOID API);
22. //---------------------------------------------------------------------------
23. #endif
24.  
25.  
26.  
27. // UApiHook.cpp:
28. //---------------------------------------------------------------------------
29. #pragma hdrstop
30. //---------------------------------------------------------------------------
31. #include "UApiHook.h"
32. //---------------------------------------------------------------------------
33. OldCode HookAPI(PVOID API, PVOID NewFunc)
34. {
35.     try
36.     {
37.         if(!(API && NewFunc))
38.         {
39.             OldCode __NULLCODE;
40.             memset(&__NULLCODE, NULL, sizeof(OldCode));
41.             return __NULLCODE;
42.         }
43.         far_jmp Fnjp;
44.         OldCode Old;
45.  
46.         DWORD dwOldProtect = 0;
47.         SIZE_T lpNumberOfBytesWritten = 0;
48.         VirtualProtect(API, sizeof(far_jmp), PAGE_EXECUTE_READWRITE, &dwOldProtect);
49.         ReadProcessMemory(INVALID_HANDLE_VALUE, API, &Old, sizeof(OldCode), NULL);
50.  
51.         Fnjp.PushOp  = 0x68;
52.         Fnjp.PushArg = NewFunc;
53.         Fnjp.RetOp   = 0xC3;
54.  
55.         if(API != NULL && NewFunc != NULL) WriteProcessMemory(INVALID_HANDLE_VALUE, API, &Fnjp, sizeof(far_jmp), &lpNumberOfBytesWritten);
56.         return Old;
57.     }
58.     catch(...){}
59. }
60. //---------------------------------------------------------------------------
61. void UnhookAPI(OldCode OldProc, PVOID API)
62. {
63.     try
64.     {
65.         if(API == NULL) return;
66.         DWORD dwOldProtect = 0;
67.         VirtualProtect(API, sizeof(OldCode), PAGE_EXECUTE_READWRITE, &dwOldProtect);
68.         WriteProcessMemory(INVALID_HANDLE_VALUE, API, &OldProc, sizeof(OldCode), NULL);
69.     }
70.     catch(...){}
71. }
72. //---------------------------------------------------------------------------
73. #pragma package(smart_init)