How to have a function called when a process reads my process's memory - Win32 API

Question

Recently I've been researching hooking into functions and creating callback functions. While I don't completely understand the whole technique, it seems like I should be able to do something like hook the Windows API's ReadProcessMemory() function and have my process call a function whenever something reads its memory. While I only want to do this out of curiosity, hooking into windows functions seems like it would be very useful in the prevention of hacking in online games.

Unfortunately, there is a big lack of tutorials, articles etc. on this subject. I have looked over a lot of injection code but a lack of understanding is holding me back. Is what I want to do possible, and can anyone point me in the right direction?

I should mention that this is my first time willingly stepping outside of OO programming, so I apologise if this makes no sense.

Answer 1

Use a hook function:

BOOL WINAPI hkReadProcessMemory( HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead)
{

    if (GetCurrentProcess() == hProcess) {

           // your process
    }
        return oReadProcessMemory( hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesRead);

}

typedef for function:

typedef BOOL (WINAPI* _NtReadProcessMemory)( HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead);

declare old function:

_NtReadProcessMemory oReadProcessMemory = (_NtReadProcessMemory)
GetProcAddress(GetModuleHandle(L"ntdll"), "NtReadProcessMemory");

install detour:

BOOL bHook = Mhook_SetHook((PVOID*)&oReadProcessMemory, 
            hkReadProcessMemory));

Obviously you'll need to inject this DLL into all processes running on the system.

Mhook: (detour library) http://codefromthe70s.org/mhook22.aspx