ahasdll.txt

window编程,非常的好

Using ApiHooks.dll
------------------
ApiHooks.dll exports functions EstablishApiHooks.
They are standard (stdcall, winapi) procedures with two parameters:

DWORD EstablishApiHooksA (lpszDll, ProcessID)
DWORD EstablishApiHooksW (lpszDll, ProcessID)

lpszDll     is pointer to zero terminated ansi/wide char string describing hook 
            library  (with/without path) or pointer to dynamic ApiHookChain
            (see Dynamic hooks below).
ProcessID   is wanted process identifier. It can be current process ID.

Return value can be one of the following:
 ErrorSuccess        = 0  ;all went OK, it doesn't mean that all hooks have
                          ;been set
 ErrorException      = 1  ;exception occured in EstablishApiHooksA
 ErrorOpenProcess    = 2  ;process can't be opened (kernel process, security,.)
 ErrorRemoteAlloc    = 3  ;can't allocate/reserve memory in target process
 ErrorRemoteExec     = 4  ;hook library is already present it target process
                          ;or can't be loaded or doesn't export ApiHookChain
                          ;or exception ocurred during execution in target
                          ;process
 ErrorRemoteFree     = 5  ;can't free memory in target process

These values are returned by ApiHooks.exe too. Use GetExitCodeProcess to obtain
return value.

ApiHooks.lib is standard MS @ library for use with standard development tools.
iApiHooks.lib is library for use with EliASM.

Dynamic hooks
-------------
When some new module is loaded to process (LoadLibrary) with hooks, it is not
hooked automatically (see CapConsole.txt). Then you can call EstablishApiHooks
functions to help you with hooking this new module. The 1st parameter - lpszDll
must point to ApiHookChain with ModuleExport of the 1st API_HOOK equal to -1.
Pointers in API_HOOK structures must be valid in the process which ID is passed
as the 2nd to EstablishApiHooks functions. So Dynamic hooks make sense in the
current process only. But if you have "your places" with code and data in target
process you can use Dynamic hooks as well for noncurrent process. Don't use
ALL_MODULES in Dynamic hooks (possible double hooking).
See Dynamic in Examples subdirectory.