高分求函数HOOK代码(200分)

OD中查看的数据<br>=============================<br>006730A7 &nbsp; &nbsp;8B45 08 &nbsp; &nbsp; &nbsp; &nbsp; MOV EAX,DWORD PTR SS:[EBP+8] &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<br>006730AA &nbsp; &nbsp;FFD0 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;CALL EAX<br>006730AC &nbsp; &nbsp;8945 FC &nbsp; &nbsp; &nbsp; &nbsp; MOV DWORD PTR SS:[EBP-4],EAX<br>006730AF &nbsp; &nbsp;8B47 2C &nbsp; &nbsp; &nbsp; &nbsp; MOV EAX,DWORD PTR DS:[EDI+2C]<br>006730B2 &nbsp; &nbsp;8B4F 30 &nbsp; &nbsp; &nbsp; &nbsp; MOV ECX,DWORD PTR DS:[EDI+30]<br>006730B5 &nbsp; &nbsp;8B55 FC &nbsp; &nbsp; &nbsp; &nbsp; MOV EDX,DWORD PTR SS:[EBP-4]<br>006730B8 &nbsp; &nbsp;8D77 28 &nbsp; &nbsp; &nbsp; &nbsp; LEA ESI,DWORD PTR DS:[EDI+28]<br>=============================<br><br>我想截取 006730AC 处 EAX的值，保存到文本c:/1.txt<br><br>希望做过类似Hook的高手帮解决，分不够可以再加！

先遍历到Offset,在保存地址,再修改地址,类似APIHook,但是<br>GetProcAddress必须改为你实际的代码的Offset处

用我的 Hook 系列控件的话，只需要这样<br><br>procedure GetEax(EAX: DWORD); stdcall;<br>begin<br>&nbsp; //你要的 EAX<br>end;<br><br>procedure HookProc;<br>asm<br>&nbsp; MOV EAX,DWORD PTR SS:[EBP+8]<br>&nbsp; CALL EAX<br><br>&nbsp; pushad<br>&nbsp; push &nbsp;eax<br>&nbsp; call GetEax<br>&nbsp; popad<br><br>&nbsp; push $006730AC<br>end;<br><br>procedure TForm1.btn1Click(Sender: TObject);<br>var<br>&nbsp; Hook: TCoreHook;<br>begin<br>&nbsp; Hook:= TCoreHook.Create;<br>&nbsp; Hook.Addr:= Pointer($006730A7);<br>&nbsp; Hook.Style:= HT_SHORT_JMP;<br>&nbsp; Hook.Event:= @HookProc;<br>&nbsp; Hook.Hook;<br>end;