首先感谢两位的采参与。这是其中TextOutW实现的过程和需要的函数,请提宝贵意见,谢谢!<br>//初识化APIHOOK<br>HookNT[fTextOutW]:= TuhAPIHook32.Create(Trap, @TextOutW,NewTextOutW);<br>//对截获API函数的初始化<br>{HOOK的入口,其中IsTrap表示是否采用陷阱式}<br>constructor TuhAPIHook32.Create(IsTrap: Boolean; OldFun, NewFun: Pointer);<br>begin<br> {求被截函数、自定义函数的实际地址}<br> OldFunction := FinalFunctionAddress(OldFun);<br> NewFunction := FinalFunctionAddress(NewFun);<br> Trap := IsTrap;<br> if Trap then{如果是陷阱式}<br> begin<br> {以特权的方式来打开当前进程}<br> hProcess := OpenProcess(PROCESS_ALL_ACCESS,FALSE, GetCurrentProcessID);<br> {生成jmp xxxx的代码,共5字节}<br> Newcode.JmpCode := ShortInt($E9); {jmp指令的十六进制代码是E9}<br> NewCode.FuncAddr := DWORD(NewFunction) - DWORD(OldFunction) - 5;<br> {保存被截函数的前5个字节}<br> move(OldFunction^,OldCode,5); <br> {设置为还没有开始HOOK}<br> AlreadyHook:=false;<br> end<br> else<br> AllowChange := True; //如果是改引入表式,将允许HOOK<br> Change; {开始HOOK} <br> {如果是改引入表式,将暂时不允许HOOK}<br> if not Trap then AllowChange := False;<br>end;<br>//TextOutW 函数<br>function NewTextOutW(theDC: HDC; nXStart, nYStart: integer; str: pWidechar; count: integer): bool; stdcall;<br>begin<br> HookNT[fTextOutW].Restore();{暂停截取API,恢复被截的函数}<br> //修改字体和字符集,有时能用,<br> //if (pShMem^.bCanSpyNT) then CreateRangFont(theDC) else RestoreRangFont;<br><br> FilterTextW(theDC, nXStart, nYStart, Str, Count);<br>{$ifdef debug}<br> SetTextColor(thedc,clTextOutW);<br>{$endif}<br> Result := TTextOutW(HookNT[fTextOutW].OldFunction)(theDC, nXStart, nYStart, str, Count);<br><br> HookNT[fTextOutW].Change();{重新截取API}<br>end;<br><br>//FilterTextW 函数<br>procedure FilterTextW(theDC: HDC; nXStart, nYStart: Integer; Str: PWideChar; Count: Integer);<br>var<br> r: TRect;<br> ws: WideString;<br>begin<br> if not pShMem^.bCanSpyNT then Exit;<br> r := GetTextRectW(theDC, nXStart, nYStart, Str, Count);<br> if PtInRect(r, pShMem^.OldPt) then<br> begin<br> ws := GetRealStrW(theDC, Str, Count, pShMem^.pMouse, r.Left);<br> //向上层发送消息<br> SaveToBuffer(ws);<br> end;<br>end;
