上一个内容：41.HOOK引擎设计原理

以 40.设计HOOK引擎的好处 它的代码为基础进行修改

主要做的是读写寄存器

效果图

添加一个类

htdHook.h文件中的实现

#pragma once
class htdHook
{
public:
    htdHook();
};

htdHook.cpp文件中的实现：

#include "pch.h"
#include "htdHook.h"

unsigned GetJMPCode(unsigned distance, unsigned eip) {
    return distance - eip - 0x5;
}

void _stdcall DisHook(unsigned esp) {
    CString wTxt;
    wTxt.Format(L"%X", esp);
    AfxMessageBox(wTxt);
}

// 全局变量区可能无法执行，需要设置它内存的属性为可执行
char data_code[]{
    0x60,// pushad
    0x9C,// pushfd
    0x54,// push esp
    0xE8,0xCC,0xCC,0xCC,0xCC, // call DisHook
    0x9D,// popfd
    0x61,//popad
    0xC3//retn
};

htdHook::htdHook()
{
    DWORD dOld;
    VirtualProtect(data_code, sizeof(data_code), PAGE_EXECUTE_READWRITE, &dOld);

    unsigned* Adr = (unsigned*)(data_code + 0x4);
    unsigned target = (unsigned)DisHook;
    Adr[0] = GetJMPCode(target, (unsigned)(data_code + 0x3));

    CString wTxt;
    wTxt.Format(L"%X", data_code);
    AfxMessageBox(wTxt);
}

在CWndMain.h文件中通过构造方法来把读写寄存器的代码写入到游戏中