There are two standard ways I can think of for doing this

我可以想到两种标准方法来执行此操作

• DLL import table hook.
  For this you need to parse the PE Header of the DLL, find the import table and write the address of your own function instead of what is already written there. You can save the address of the original function to be able to call it later. The references in the external links of this wikipedia articleshould give you all the information you need to be able to do this.

• Direct modification of the code. Find the actual code of the function you want to hook and modify the first opcodes of it to jump to your own code. you need to save the opcode which were there so they will eventually get executed. This is simpler than it sounds mostly because it was already implement by no less than Microsoft themselves in the form of the Detours library.
  This is a really neat thing to do. with just a couple of lines of code you can for instance replace all calls to GetSystemMetrics() from say outlook.exe and watch the wonders that occur.

• DLL 导入表钩子。
  为此，您需要解析 DLL 的 PE 标头，找到导入表并写入您自己的函数的地址，而不是已经在那里写入的地址。您可以保存原始函数的地址，以便以后调用。这篇维基百科文章的外部链接中的参考资料应为您提供执行此操作所需的所有信息。

• 直接修改代码。找到您要挂钩的函数的实际代码并修改它的第一个操作码以跳转到您自己的代码。您需要保存那里的操作码，以便它们最终会被执行。这比听起来简单，主要是因为它已经由不少于 Microsoft 自己以Detours 库的形式实现。
  这是一件非常巧妙的事情。例如，只需几行代码，您就可以替换所有来自 Outlook.exe 的 GetSystemMetrics() 调用，并观察发生的奇迹。

The advantages of one method are the disadvantages of the other. The first method allows you to add a surgical hook exactly to DLL you want where all other DLLs go by unhooked. The second method allows you the most global kind of hook to intercept all calls do the function.

一种方法的优点是另一种方法的缺点。第一种方法允许您将手术钩子准确地添加到您想要的所有其他 DLL 所在的 DLL 中。第二种方法允许你使用最全局的那种钩子来拦截所有调用做的函数。

Provided that you know all the DLL functions in advance, one technique is to write your own wrapper DLL that will forward all function calls to the real DLL. This DLL doesn't have to be written in C/C++. All you need to do is to match the function calling convention of the original DLL.

假设您事先知道所有 DLL 函数，一种技术是编写您自己的包装 DLL，它将所有函数调用转发到真正的 DLL。这个 DLL 不必用 C/C++ 编写。您需要做的就是匹配原始 DLL 的函数调用约定。

See Microsoft Detours for a library with a C/C++ API. It's a bit non-trivial to inject it in all other programs without triggering virusscanners/malware detectors. But your own process is fair game.

有关带有 C/C++ API 的库，请参阅 Microsoft Detours。在不触发病毒扫描程序/恶意软件检测器的情况下将其注入所有其他程序有点重要。但你自己的过程是公平的游戏。

On Linux, this can be done with the LD_PRELOAD environment variable. Set this variable to point at a shared library that contains a symbol you'd like to override, then launch your app.

在 Linux 上，这可以通过 LD_PRELOAD 环境变量来完成。将此变量设置为指向包含您要覆盖的符号的共享库，然后启动您的应用程序。