Hi,
If you wish to learn the essence of inline hooking I would strongly recommend you look at my blog: http://codeempire.blogspot.co.uk/
It has more than enough inline hooking examples perhaps you may discover that for yourself and its more or less better and effective in terms of code-size and portabillity and dependency than the code shown above.
Why are you unhooking it the re-hooking it there is no point all you are doing is increasing the processing power for your computer, don't ever do that not only is it an un-helpful thing to do during hooking due to you executing more instructions than you need to but it will slow the performance of the CreateThread() itself which may be unnoticeable now but if you inject this code into an high-performance application you may slow it down by several magnitudes therefore its not advised. Next, its always good idea to make the function:
This is because making it __declspec(naked) will make it a simple stub in the memory rather than a function with introductory instructions. This means when using code-injection you could cut down on "waste" bytes being copied over to 100 process which can add by to maybe few Kb of information being added waste. It may not sound much but its always good to cut down as much as possible.
Do be aware making it a __declspec(naked) requires your function to be written in x86 or x64 assembly rather than using C\C++ as compiler literally takes the exact code and copies it over in memory therefore C\C++ code aren't allowed at least on VS. That in mind, I strongly recommend you are strong in developing in assembly as a callback can sometimes require a lot of work from an assembler that too with decent amount of development knowledge of assembly.
Nevertheless, YOU MUST always create an trampoline function or else, when it comes to redirecting the function to an user-callback it will allow you to have complete control over it which is basically the use of hooking therefore trampoline function is one of the most necessary when it comes to hooking. In my blog there is wonderful examples of how hooking and even unhooking can be done, much more easily:
http://codeempire.blogspot.co.uk/2013/11/hooking-x64-system-call-stub.html - Good Example!
http://codeempire.blogspot.co.uk/2013/10/hooking-x86-system-call-stub.html - Good Example!
http://codeempire.blogspot.co.uk/2014/01/global-remote-detour-kifastsystemcall.html - Expert Level!
To those who are interested in learning art of unhooking read my blog here:
http://codeempire.blogspot.co.uk/2013/10/how-to-unhook-ntopenprocess.html - Expert Level!
Anyway, to learn more about hooking and security you should try and learn code-injections as hooking dwells on code-injections a lot as well espicieally the global hook based loading of DLL inside process spaces:
http://codeempire.blogspot.co.uk/2013/10/code-injection-into-mozilla-firefox.html - Good for novices!
http://codeempire.blogspot.co.uk/2013/11/security-process-injection-hooking.html - Good for those who understand hooking and know basic Code-Injection!
That in mind, we can also block DLL injections and to learn this: http://codeempire.blogspot.co.uk/2013/10/security-blocking-dll-injections.html - Easy!
There are other valuable blogs and information floating around Internet about hooking\detouring in general:
http://www.codeproject.com/Articles/2082/API-hooking-revealed
http://www.codeproject.com/Articles/11985/Hooking-the-native-API-and-controlling-process-cre
http://www.codeproject.com/Articles/20084/A-More-Complete-DLL-Injection-Solution-Using-Creat
http://www.codeproject.com/Articles/4610/Three-Ways-to-Inject-Your-Code-into-Another-Proces -
VERY GOOD!
http://jbremer.org/x86-api-hooking-demystified/
I have supplied a lot of information pertaining hooking and I can even give you code samples if you PM me. I hope this helped!