Delphi修改窗口类名(Hookapi)修改版/知识点:指针

program Project1;

uses
  Forms,
  Windows,
  Messages,
  SysUtils,
  Variants,
  Classes,
  Graphics,
  Controls,
  Dialogs,
  Unit1 in 'Unit1.pas' {Form1};

function GetClassInfoA1(x: Integer;y:Integer;j:Integer): Integer;
stdcall; external 'user32.dll' name 'GetClassInfoA';

function RtlMoveMemory1(x: Integer;y:Pointer;j:Integer): Integer;
stdcall; external 'kernel32.dll' name 'RtlMoveMemory';


var j_apidizhi,j_old:Pointer;
    jmt: array[1..8] of Byte;
    ent: array[1..8] of Byte;
    j_ls:LongWord;

{$R *.res}
function MyGetClassInfoA(hWnd:Integer;lpText: Integer;uType:Integer): Integer; stdcall;
var myclassname:array[0..254] of char;
    jack:Integer;
begin
 CopyMemory(j_apidizhi, @ent, 8);
 CopyMemory(@myclassname,Pointer(lptext),6);
 if myclassname='TForm1' then
 begin
     myclassname:='hgorj3';
     RtlMoveMemory1(lpText,@myclassname,6);
 end;
 jack:=GetClassInfoA1(hWnd,lpText,uType);

 //asm
 //   pushad
  //  mov eax,j_apidizhi
  //  mov byte [eax],$B8
  //  add eax,1
  //  mov ebx,j_ls
 //   mov [eax],ebx
 //   add eax,4
 //   mov byte [eax],$FF
 //   add eax,1
  //  mov byte [eax],$E0
  //  popad
  //end;
 CopyMemory(j_apidizhi, @jmt, 8);
 Result:=jack;
end;

begin
  j_apidizhi:=GetProcAddress(GetModuleHandle('user32.dll'),'GetClassInfoA');
  VirtualProtect(j_apidizhi,8,64,j_old);
  CopyMemory(@ent, j_apidizhi, 8); //保存原指令
  j_ls:=LongWord(@MyGetClassInfoA);
  jmt[1]:=$b8;
  Pinteger(@jmt[2])^:=LongWord(@MyGetClassInfoA);
  jmt[6]:=$FF;
  jmt[7]:=$E0;
  CopyMemory(j_apidizhi, @jmt, 8); //修改API头
  //asm
  //  pushad
  //  mov eax,j_apidizhi
  //  mov byte [eax],$B8
  //  add eax,1
  //  mov ebx,j_ls
 //   mov [eax],ebx
  //  add eax,4
  //  mov byte [eax],$FF
  //  add eax,1
  //  mov byte [eax],$E0
 //   popad
 // end;

  Application.Initialize;
  Application.CreateForm(TForm1, Form1);
  Application.Run;
end.

Pinteger(@jmt[2])^:=LongWord(@MyGetClassInfoA);

重点在这一句

首先@jmt[2]表示jmt第二个元素的地址

比如 00400000 01

       00400001 02

       00400002 03

       00400003 04

       00400004 05

       00400005 06

       00400007 08

      00400002 03

@jmt[2]=00400001

然后把地址转成Pinteger类型 也就是还是00400001 转成整型指针 让编译器识别

那么Pinteger(@jmt[2])的值就是Pinteger(@jmt[2])^

把00400001里的值赋值等于MyGetClassInfoA子程序的的地址

就是这句 Pinteger(@jmt[2])^:=LongWord(@MyGetClassInfoA);