菜鸟求教一个钩子的问题，帮帮忙啊~~~ ( 积分: 100 )

想要截获word的save动作该如何实现啊？请详细些，最好有相近例子的源码，谢谢阿~~~~

hook savefile api
我给你个hook createfile api的例子吧

unit mess;

interface

uses
Windows,Messages,SysUtils,Classes,HookAPI;

procedure API_Hookup;
procedure Un_API_Hook;

implementation

type
TCreateFile = function(lpFileName: PChar; dwDesiredAccess, dwShareMode: DWORD;
lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD;
hTemplateFile: THandle): THandle; stdcall;
TCreateFileA = function(lpFileName: PAnsiChar; dwDesiredAccess, dwShareMode: DWORD;
lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD;
hTemplateFile: THandle): THandle; stdcall;
TCreateFileW = function(lpFileName: PWideChar; dwDesiredAccess, dwShareMode: DWORD;
lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD;
hTemplateFile: THandle): THandle; stdcall;

var
OldCreateFile: TCreateFile;
OldCreateFileA: TCreateFileA;
OldCreateFileW: TCreateFileW;


function MyCreateFile(lpFileName: PChar; dwDesiredAccess, dwShareMode: DWORD;
lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD;
hTemplateFile: THandle): THandle; stdcall;
var
F:TextFile;
begin
//在这里做处理
end;

function MyCreateFileA(lpFileName: PAnsiChar; dwDesiredAccess, dwShareMode: DWORD;
lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD;
hTemplateFile: THandle): THandle; stdcall;
var
F:TextFile;
begin
//在这里做处理
end;

function MyCreateFileW(lpFileName: PWideChar; dwDesiredAccess, dwShareMode: DWORD;
lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD;
hTemplateFile: THandle): THandle; stdcall;
begin
//在这里做处理
end;


procedure API_Hookup;
begin


if @OldCreateFile = nil then
@OldCreateFile := TrueFunctionAddress(@CreateFile);
if @OldCreateFileA = nil then
@OldCreateFileA := TrueFunctionAddress(@CreateFileA);
if @OldCreateFileW = nil then
@OldCreateFileW := TrueFunctionAddress(@CreateFileW);

PermuteFunction(@OldCreateFile, @MyCreateFile);
PermuteFunction(@OldCreateFileA, @MyCreateFileA);
PermuteFunction(@OldCreateFileW, @MyCreateFileW);

end;

procedure Un_API_hook;
begin

if @OldCreateFile <> nil then
PermuteFunction(@MyCreateFile, @OldCreateFile);
if @OldCreateFileA <> nil then
PermuteFunction(@MyCreateFileA, @OldCreateFileA);
if @OldCreateFileW <> nil then
PermuteFunction(@MyCreateFileW, @OldCreateFileW);
end;

initialization
finalization
Un_API_hook;

end.

(* ------------------------------------------- *)
(* PermuteFunction功能 ：用 NewFunc替代 OldFunc *)
(* Windows Me + Delphi 5.0 *)
(* ------------------------------------------ *)
unit HookAPI;

interface

uses
Windows, Classes ;


type
TImportCode = packed record
JumpInstruction: Word;
AddressOfPointerToFunction: ^Pointer;
end;
PImportCode = ^TImportCode;

type
PImage_Import_Entry = ^Image_Import_Entry;
Image_Import_Entry = record
Characteristics : DWORD;
TimeDateStamp : DWORD;
MajorVersion : Word;
MinorVersion : Word;
Name : DWORD;
LookupTable : DWORD;
end;

Function TrueFunctionAddress(Code: Pointer): Pointer;
Function PermuteFunction(OldFunc, NewFunc: Pointer): Integer;

implementation


function TrueFunctionAddress(Code: Pointer): Pointer;
var func: PImportCode;
begin
Result := Code;
if Code = nil then exit;
try
func := code;
if (func.JumpInstruction=$25FF) then begin
Result := func.AddressOfPointerToFunction^;
end;
except
Result := nil;
end;
end;

Function PermuteFunction(OldFunc, NewFunc: Pointer): Integer;
var IsDone: TList;
Function PermuteAddrInModule(hModule: THandle; OldFunc, NewFunc: Pointer): Integer;
var
Dos : PImageDosHeader;
NT : PImageNTHeaders;
ImportDesc : PImage_Import_Entry;
RVA : DWORD;
Func : ^Pointer;
DLL : String;
f : Pointer;
written : DWORD;
begin
Result := 0;
Dos := Pointer(hModule);
if IsDone.IndexOf(Dos) >= 0 then exit;
IsDone.Add(Dos);
OldFunc := TrueFunctionAddress(OldFunc);
if IsBadReadPtr(Dos,SizeOf(TImageDosHeader)) then exit;
if Dos.e_magic <> IMAGE_DOS_SIGNATURE then exit;
NT := Pointer(Integer(Dos) + dos._lfanew);
RVA := NT^.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;

if RVA = 0 then exit;
ImportDesc := pointer(integer(Dos)+RVA);
While(ImportDesc^.Name<>0) do
begin
DLL := PChar(Integer(Dos) + ImportDesc^.Name);
PermuteAddrInModule(GetModuleHandle(PChar(DLL)),OldFunc,NewFunc);
Func := Pointer(Integer(DOS) + ImportDesc.LookupTable);
While Func^ <> nil do
begin
f := TrueFunctionAddress(Func^);
if f = OldFunc then
begin
WriteProcessMemory(GetCurrentProcess,Func,@NewFunc,4,written);
If Written > 0 then Inc(Result);
end;
Inc(Func);
end;
Inc(ImportDesc);
end;
end;

begin
IsDone := TList.Create;
try
Result := PermuteAddrInModule(GetModuleHandle(nil),OldFunc,NewFunc);
finally
IsDone.Free;
end;
end;
end.

谢谢楼上，不过我基础比较差，弱弱的问一句，有注释吗？

to justineyuan：
unit mess的注释已经添加完成
unit HOOKAPI的注释比较复杂，建议去你看 delphi下深入windows核心编程

接受答案了.