Detours of win api hook

I believe that many new hook learners are still worried about Hook code writing, and some may not even calculate the hook address.
Detours solved all the problems.
Detours is a library generated by M $.
: Http://research.microsoft.com/en-us/projects/detours/
The latest version is 3.0. After downloading, install and compile it on your own.

Configuration:
1. Copy SRC from the detours installation directory to the vs installation directory/Microsoft Visual Studio 9.0/VC/bin
2. Open the CMD console.
3. Drag/Microsoft Visual Studio 9.0/VC/bin/vcvars32.bat to the console for running.
4. log on to the/Microsoft Visual Studio 9.0/VC/bin directory on the console and enter "Run nmake ".


Detours functions:

1. intercept any Win32 API functions on the x86 machine.
2. insert any data segment to the PE file and modify the DDL File Import table.
The detours library can intercept arbitrary API calls, And the interception code is loaded during dynamic operation. Detours replaces the first several commands of the target API so that it can jump unconditionally to the interception function provided by the user. The first several commands of the replaced API function are saved to the trampoline function (a Data Structure in the memory. trampoline stores the first several commands of the replaced target API and an unconditional transfer, which is transferred to the remaining commands of the target API.
When the target API is executed, it directly jumps to the interception function provided by the user for execution. Then, the interception function can execute its own code. Of course, the interception function can return directly or call the trampoline function. the trampoline function will call the intercepted target API and return it to the Interception Function after the target API is called. It is the logical process of detours API Interception:

Sample Code:

# Include "stdafx. H"

# Include "detours. H"

# Pragma comment (Lib, "detours. lib ")

# Pragma warning (Disable: 4098)

Static int (winapi * messageboxa) (hwnd,

Lpctstr lptext,

Maid,

Uint utype) = messageboxa;

Int winapi dealmsgproc (hwnd, lpctstr lptext, lpctstr lpcaption, uint utype)

{

Bool Bret;

Strcpy (pchar) lptext, "Hello Kitty! ");

Bret = messageboxa (hwnd, lptext, lpcaption, utype );

Return Bret;

}

Void hook ()

{

Detourtransactionbegin ();

Detourupdatethread (getcurrentthread ());

Detourattach (& (pvoid &) messageboxa, dealmsgproc );

Detourtransactioncommit ();

}

Void unhook ()

{

Detourtransactionbegin ();

Detourupdatethread (getcurrentthread ());

Detourattach (& (pvoid &) messageboxa, dealmsgproc );

Detourtransactioncommit ();

}

Bool apientry dllmain (handle hmodule,

DWORD ul_reason_for_call,

Lpvoid lpreserved

)

{

If (ul_reason_for_call = dll_process_attach)

{

Hook ();

}

Else if (ul_reason_for_call = dll_process_detach)

{

Unhook ();

}

Return true;

}

:

Module and header file