# inline\_hook框架

```c
char *lpText1;
ULONG my_esp;
__declspec(naked) void MyMessageBoxA(
HWND hWnd,
LPCTSTR lpText,
LPCTSTR lpCaption,
UINT uType)
{

_asm
{
//pop hWnd
//pop lpText
//pop lpCaption
//pop uType
mov my_esp,esp; //先保存下需要用到的参数
pushad//然后保存整个堆栈
pushfd
push eax
mov eax, my_esp
add eax, 8
mov eax,[eax] //不能直接 mov给变量，编译通不过 ， 需要用eax 中转一下，听说是编译器的问题。
mov lpText1,eax;
pop eax;
}

printf("MyMessageBoxA lpText: %s \r\n",lpText1); //lpText1已经是地址了 不需要&度地址赋。

_asm
{
popfd
popad //把堆栈还原掉。
RETN 16; //把参数废除掉 4*n 屏蔽掉MessageBoxA ,此处就要直接退出messagebox了。
}

//此处是若要hook后执行原函数流程
_asm
{
PUSH EBP   //执行以下被HOOK掉的 头5个字节。
MOV EBP,ESP
JMP newbark;   //然后调回去
}

}
```

在0环 hook ， 禁止系统写保护，实现底层的hook。

```c
void WPOFF()
{
  ULONG uAttr;
  _asm
  {
    push eax;
    mov eax, cr0;
    mov uAttr, eax;
    and eax, 0FFFEFFFFh; // CR0 16 BIT = 0
    mov cr0, eax;
    pop eax;
    cli
  };
  g_uCr0 = uAttr; //保存原有的 CRO 屬性
}
```

```c
VOID WPON()
{
  _asm
  {
    sti
      push eax;
    mov eax, g_uCr0; //恢復原有 CR0 屬性
    mov cr0, eax;
    pop eax;
  };
}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://b0ldfrev.gitbook.io/note/windows_operating_system/inlinehook-kuang-jia.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.