Want to intercept the API function in your program? That's going!

Do a function func in your program (...)

Call func1 = apispy (null, "gdi32.dll", "textouta", (proc) FUNC)

So when your program doesn't call Textout, it will call FUNC to do not destroy the original function.

Please call FUNC1 in FUNC. If you want to intercept the API of the entire system, you need to be a global HOOK

This function is called when initialization in the Hook's DLL. The main code is as follows:

Proc WinAPI

ApiSpy (PSTR pDllUse, PSTR pDllName, PSTR pApiName, PROC pNewPorc) {PIMAGE_DOS_HEADER pDosHeader; PIMAGE_NT_HEADERS pNTHeader; PIMAGE_IMPORT_DESCRIPTOR pImportDesc; PIMAGE_THUNK_DATA pThunk; PROC pOldProc; DWORD oldpr; static int Layer = 0; if (pDllUse == NULL) Layer = 0; pOldProc = GetProcAddress (GetModuleHandle (pDllName), pApiName); if (pOldProc == NULL) return NULL; pDosHeader = (PIMAGE_DOS_HEADER) GetModuleHandle (pDllUse); if (IsBadReadPtr (pDosHeader, sizeof (IMAGE_DOS_HEADER))) return NULL; if (pDosHeader ! -> e_magic = IMAGE_DOS_SIGNATURE) return NULL; pNTHeader = MakePtr (PIMAGE_NT_HEADERS, pDosHeader, pDosHeader-> e_lfanew); if (IsBadReadPtr (pNTHeader, sizeof (IMAGE_NT_HEADERS))) return NULL; if (pNTHeader-> Signature = IMAGE_NT_SIGNATURE) return! Null; pimportdesc = makeptr (pimage_import_descriptor, pdosheader, pntheader-> optionalheader. DataDirectory [IMAGE_DIRECTORY_ENTRY_IMPORT] VirtualAddress);. If (pImportDesc == (PIMAGE_IMPORT_DESCRIPTOR) pNTHeader) return NULL; __try {while (pImportDesc-> Name) {PSTR pszModName = MakePtr (PSTR, pDosHeader, pImportDesc-> Name); REM ( "[ % s] ", pszModName); if (stricmp (pszModName, pDllName) == 0) {pThunk = MakePtr (PIMAGE_THUNK_DATA, pDosHeader, pImportDesc-> FirstThunk); while (pThunk-> u1.Function) {REM (" [% S:% s]?% s% 8x ==>% 8X ", PDLLNAME, PAPINAME, PSZMODNAME, PAPINAME, PSZMODNAME, / / ​​(DWORD) POLDPROC, (DWORD) Pthunk-> U1.Function);