unit HookAPI;//Download by http://www.codefans.netinterfaceuses   Windows, Classes;function LocateFunctionAddress(Code: Pointer): Pointer;function RepointFunction(OldFunc, NewFunc: Pointer): Integer;type //定义一个入口结构   PImage_Import_Entry = ^Image_Import_Entry;   Image_Import_Entry = record      Characteristics: DWORD;      TimeDateStamp: DWORD;      MajorVersion: Word;      MinorVersion: Word;      Name: DWORD;      LookupTable: DWORD;   end;type //定义一个跳转的结构   TImportCode = packed record      JumpInstruction: Word; //定义跳转指令jmp      AddressOfPointerToFunction: ^Pointer; //定义要跳转到的函数   end;   PImportCode = ^TImportCode;implementationfunction LocateFunctionAddress(Code: Pointer): Pointer;var   func: PImportCode;begin   Result := Code;   if Code = nil then exit;   try      func := code;      if (func.JumpInstruction = $25FF) then      begin         Result := func.AddressOfPointerToFunction^;      end;   except      Result := nil;   end;end;function RepointFunction(OldFunc, NewFunc: Pointer): Integer;var   IsDone: TList;   function RepointAddrInModule(hModule: THandle; OldFunc, NewFunc: Pointer): Integer;   var      Dos: PImageDosHeader;      NT: PImageNTHeaders;      ImportDesc: PImage_Import_Entry;      RVA: DWORD;      Func: ^Pointer;      DLL: string;      f: Pointer;      written: DWORD;   begin      Result := 0;      Dos := Pointer(hModule);      if IsDone.IndexOf(Dos) >= 0 then exit;      IsDone.Add(Dos);      OldFunc := LocateFunctionAddress(OldFunc);      if IsBadReadPtr(Dos, SizeOf(TImageDosHeader)) then exit;      if Dos.e_magic <> IMAGE_DOS_SIGNATURE then exit;      NT := Pointer(Integer(Dos) + dos._lfanew);      RVA := NT^.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT]         .VirtualAddress;      if RVA = 0 then exit;      ImportDesc := pointer(integer(Dos) + RVA);      while (ImportDesc^.Name <> 0) do      begin         DLL := PChar(Integer(Dos) + ImportDesc^.Name);         RepointAddrInModule(GetModuleHandle(PChar(DLL)), OldFunc, NewFunc);         Func := Pointer(Integer(DOS) + ImportDesc.LookupTable);         while Func^ <> nil do         begin          f := LocateFunctionAddress(Func^);          if f = OldFunc then          begin          WriteProcessMemory(GetCurrentProcess, Func, @NewFunc, 4, written);          if Written > 0 then Inc(Result);          end;          Inc(Func);         end;         Inc(ImportDesc);      end;   end;begin   IsDone := TList.Create;   try      Result := RepointAddrInModule(GetModuleHandle(nil), OldFunc, NewFunc);   finally      IsDone.Free;   end;end;