Win32 CodeHook

Feature	Raw mode hooking	Advanced mode hooking
Interfaces to use	1, ICodeHook 2, IDirectCodeHook	1, ICodeHook 2, ICodeHookHelper
Functions to use	1, For hooking, use ICodeHook.Hook, for unhooking, use ICodeHook.Unhook. 2, For hooking, use IDirectCodeHook.Hook, for unhooking, use IDirectCodeHook.Unhook.	1, For hooking, use ICodeHook.Hook, for unhooking, use ICodeHook.Unhook. 2, For hooking, use the functions which name starts with 'HookWith' in ICodeHookHelper, for unhooking, use ICodeHookHelper.UnhookTarget, ICodeHookHelper.UnhookAll, or ICodeHook.Unhook.
Limitation of the target function calling convention	None. Any calling convention function can be hooked.	Only certain calling convention functions are supported. The supported calling conventions are: stdcall (Windows API default), cdcel (C and C++ default), and register call (Delphi default).
Limitation of the target function parameters	None. Any parameters can be passed in any order.	The target function parameters should be simple. That means all parameters should be no bigger that 32 bits. The simple data types include byte, char, short, word, int, dword, pointer, single float, etc. Other types such as double float (64 bits float), Intel extended float (80 bits float), Windows Variant type, record (structure) are not simple. Each simple parameter is countable and can be added to the AParamCount of the hook function such as ICodeHook.AdvancedHook. If any parameter is not simple, you should better use the raw mode hooking unless you know deeply how compiler and assembly code works.
Limitation of the hook function	The prototype of the hook function should be exactly same as the target function, otherwise, you may get crash.	The prototype of the hook function is fixed, independent of the target function. The prototype is, Delphi syntax: function HookCallback(AExtraParam1: Cardinal; AExtraParam2: Cardinal .. AExtraParamN: Cardinal; AHandle: TCodeHookHandle; AParams: PCardinal): Cardinal; CallingConvertion; C++ syntax: DWORD CallingConvertion HookCallback(DWORD AExtraParam1, DWORD AExtraParam2 .. DWORD AExtraParamN, TCodeHookHandle AHandle, PDWORD AParams); If no extra parameters, the prototype is, Delphi syntax: function HookCallback(AHandle: TCodeHookHandle; AParams: PCardinal): Cardinal; CallingConvertion; C++ syntax: DWORD CallingConvertion HookCallback(TCodeHookHandle AHandle, PDWORD AParams);
Easy to call the old/previous function	No. All depend on yourself. You need to pass correct number of parameters, and pass all parameters in the correct registers or in the correct order to the stack.	Yes. It can't be easier! You only need to use ICodeHook.CallPreviousMethod to call old method without knowing detailed information of the target. The parameters taken by CallPreviousMethod is already passed to your hook function.
Can use one hook for multiple targets	No. Almost impossible. Raw mode hooking takes very few knowledge on the target functions.	Yes. Enough information is tracked by the advanced mode hooking, such as parameter count, target calling convention, etc. In fact after the new Denomo (with GDI resource leak detection) is released, you can see how I use one hook to monitor many target functions.
Can use object (class member) function as hook function	No. There is no way to pass the object itself ("Self" pointer for Delphi, "this" pointer for C++).	Yes. You can pass the object as an extra parameter. And ICodeHookHelper is more easier for use object function as hook.
Performance	Very high. Your hook function is connected to the target directly and the binary code flow is directly to your hook function with a jmp function.	A little lower, comparing with Raw mode hooking. Your hook function is connected to the target with a piece of bridge code. And the bridge code may cost some extra time to execute. However, unless you are making time critical hooking, the lower performance caused by the bridge code is much trivial and you can always ignore it. Win32 CodeHook can generate very compact code that cause very little CPU time.