C++ API HOOK (OpenProcess)

#include < windows . h >
#include "APIHook.h"
extern CAPIHook g_OpenProcess ;
// 自定义OpenProcess函数
#pragma data_seg ( "YCIShared" )
HHOOK g_hHook = NULL ;
DWORD dwCurrentProcessId = 0 ;
#pragma data_seg ()
HANDLE WINAPI Hook_OpenProcess ( DWORD dwDesiredAccess , BOOL bInheritHandle , DWORD dwProcessId )
{
typedef HANDLE ( WINAPI * PFNTERMINATEPROCESS )( DWORD , BOOL , DWORD );

if ( dwProcessId != dwCurrentProcessId )
{
return (( PFNTERMINATEPROCESS )( PROC ) g_OpenProcess )( dwDesiredAccess , bInheritHandle , dwProcessId );
}
return 0 ;
}

// 挂钩OpenProcess函数
CAPIHook g_OpenProcess ( "kernel32.dll" , "OpenProcess" ,
( PROC ) Hook_OpenProcess );

///////////////////////////////////////////////////////////////////////////

static HMODULE ModuleFromAddress ( PVOID pv )
{
MEMORY_BASIC_INFORMATION mbi ;
if (:: VirtualQuery ( pv , & mbi , sizeof ( mbi )) != 0 )
{
return ( HMODULE ) mbi . AllocationBase ;
}
else
{
return NULL ;
}
}
static LRESULT WINAPI GetMsgProc ( int code , WPARAM wParam , LPARAM lParam )
{
return :: CallNextHookEx ( g_hHook , code , wParam , lParam );
}
BOOL WINAPI SetSysHook ( BOOL bInstall , DWORD dwThreadId )
{
BOOL bOk ;
dwCurrentProcessId = dwThreadId ;
if ( bInstall )
{
g_hHook = :: SetWindowsHookEx ( WH_GETMESSAGE , GetMsgProc ,
ModuleFromAddress ( GetMsgProc ), 0 );
bOk = ( g_hHook != NULL );
}
else
{
bOk = :: UnhookWindowsHookEx ( g_hHook );
g_hHook = NULL ;
}
return bOk ;
}