Can anyone figure out why this doesn't work? It kind of works but the return value I get from IsDebuggerPresent isn't what I want it to be. Also, after I get the return value, my program crashes.

Here's the code:

'frmMain

Option Explicit

Private Declare Function IsDebuggerPresent Lib "kernel32" () As Long

Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Const PROCESS_ALL_ACCESS = &H1F0FFF

Private Declare Function GetCurrentProcessId Lib "kernel32" () As Long

Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal ProcessHandle As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long

Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long

Private Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lib As String) As String

Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long

Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, source As Any, ByVal Length As Long)

Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long

Private btOldAsm(4) As Byte

Public Function RemoteHook(ByVal NewAddr As Long) As Boolean
Dim BytesWritten As Long
Dim hModule As Long
Dim hFnc As Long
Dim btNewAsm(4) As Byte
Dim PID As Long

hModule = GetModuleHandle("Kernel32")

If hModule = 0 Then
hModule = LoadLibrary("Kernel32")
MsgBox "LoadLibrary Error", vbCritical, "Error": Exit Function
End If

hFnc = GetProcAddress(hModule, "IsDebuggerPresent")
If hFnc = 0 Then
MsgBox "Function Error", vbCritical, "Error"
Exit Function
End If

' save the first 4 bytes of the function to hook
ReadProcessMemory OpenProcess(PROCESS_ALL_ACCESS, 0, GetCurrentProcessId), ByVal hFnc, btOldAsm(0), 5, BytesWritten

If BytesWritten <> 5 Then MsgBox "BytesWritten Error", vbCritical, "Error": Exit Function

' *** possible extension
' *** create a proxy function in the remote process
' *** to call the hooked function

' relative JMP address
NewAddr = NewAddr - hFnc - 5

btNewAsm(0) = &HE9 ' JMP near
CopyMemory btNewAsm(1), NewAddr, 4 ' rel. Addr

' overwrite function with JMP instruction
WriteProcessMemory OpenProcess(PROCESS_ALL_ACCESS, 0, GetCurrentProcessId), ByVal hFnc, btNewAsm(0), 5, BytesWritten

'lblGetModuleHandle.Caption = "GetModuleHandle(" & Chr(34) & "Kernel32" & Chr(34) & ")=" & GetModuleHandle("Kernel32")
'lblLoadLibrary.Caption = "LoadLibrary(" & Chr(34) & "Kernel32" & Chr(34) & ")=" & LoadLibrary("Kernel32")
'lblGetProcAddress.Caption = "GetProcAddress(hModule, " & Chr(34) & "IsDebuggerPresent" & Chr(34) & ")=" & GetProcAddress(hModule, "IsDebuggerPresent")

RemoteHook = BytesWritten = 5

End Function

Private Sub Form_Activate()
If RemoteHook(AddressOf MyFunction) = True Then MsgBox "Success"
MsgBox IsDebuggerPresent
End Sub

'modFunction

Public Function MyFunction()
MyFunction = 10
End Function