"ProcessAPI" Example 

www.madshi.net

The following project can also be found in the "Demo" folder:

// ***************************************************************
//  ProcessAPI                version:  1.0     date: 2003-06-15
//  -------------------------------------------------------------
//  simple demo to show process wide API hooking
//  -------------------------------------------------------------
//  Copyright (C) 1999 - 2003 www.madshi.net, All Rights Reserved
// ***************************************************************

// 2003-06-15 1.0  initial release

program ProcessAPI;

{$R ..\mad.res}

uses Windows, madCodeHook;

// variable for the "next hook", which we then call in the callback function
// it must have *exactly* the same parameters and calling convention as the
// original function
// besides, it's also the parameter that you need to undo the code hook again
var WinExecNextHook : function (cmdLine: pchar; showCmd: dword) : dword; stdcall;

// this function is our hook callback function, which will receive
// all calls to the original WinExec API, as soon as we've hooked it
// the hook function must have *exactly* the same parameters and calling
// convention as the original API
function WinExecHookProc(cmdLine: pchar; showCmd: dword) : dword; stdcall;
begin
  // check the input parameters and ask whether the call should be executed
  if MessageBox(0, cmdLine, 'Execute?', MB_YESNO or MB_ICONQUESTION) = IDYES then
    // it shall be executed, so let's do it
    result := WinExecNextHook(cmdLine, showCmd)
  else
    // we don't execute the call, but we should at least return a valid value
    result := ERROR_ACCESS_DENIED;
end;

begin
  // we install our hook on the API...
  // please note that in this demo the hook only effects our own process!
  HookAPI('kernel32.dll', 'WinExec', @WinExecHookProc, @WinExecNextHook);
  // now call the original (but hooked) API
  // as a result of the hook the user will receive our messageBox etc
  WinExec('notepad.exe', SW_SHOWNORMAL);
  // we like clean programming, don't we?
  // so we cleanly unhook again
  UnhookAPI(@WinExecNextHook);
end.