本文整理自网络,侵删。
type
PTIMPORT_CODE=^TIMPORT_CODE;
TIMPORT_CODE=packed record
JmpPtr:Word;
PtrAdd:^Pointer;
end;
function SHFormatDrive(hWnd: HWND;
Drive: Word;
fmtID: Word;
Options: Word): Longint
stdcall; external 'Shell32.dll' Name 'SHFormatDrive'; .............................声明一下
function GetAPIAddress(ApiPtr: Pointer): Pointer;
begin
Result := ApiPtr;
if ApiPtr= nil then
exit;
try
if (PTIMPORT_CODE(ApiPtr).JmpPtr = $25FF) then
Result := PTIMPORT_CODE(ApiPtr).PtrAdd^;
except
Result := nil;
end;
end;
procedure TForm1.Button1Click(Sender: TObject);
var
OrgSHFormatDrive: Pointer;
h: Cardinal;
begin
h:=LoadLibrary('Shell32.dll');
OrgSHFormatDrive:=GetProcAddress(h,'SHFormatDrive');
if GetAPIAddress(@SHFormatDrive) <> OrgSHFormatDrive then
begin
Showmessage('IAT HOOK');
end
else
begin
Showmessage('Not IAT HOOK');
end;
FreeLibrary(h);
end; 相关阅读 >>
Delphi tlistview(tlistbox+图标显示)
Delphi android实例-退出程序(xe8+小米2)
Delphi ini文件操作 tinifile、tmeminifile
Delphi urldownloadtofile 支持进度条
更多相关阅读请进入《Delphi》频道 >>
