 |
公 告 |
载入中 |
|
我的分类 |
载入中 |
|
最新日志 |
载入中 |
|
最新评论 |
载入中 |
|
最新留言 |
载入中 |
|
Blog信息 |
载入中 |
|
链 接 |
| APIHOOK之拦截OpenProcess(真正的实现了拦截TerminateProcess) |
| ★一统中华★ 发表于 2007-11-7 2:36:00 |
APIHOOK之拦截OpenProcess(真正的实现了拦截TerminateProcess)作者:JiaJia 日期:2007-10-21转 http://www.yulv.net/jiajia/article.asp?id=218 关于API HOOK(OpenProcess),根据网上文章改写 以下是部分程序,在VC++6.0 Plat SDK 2003 SP1下编译通过 #i nclude <windows.h> #i nclude "APIHook.h" extern CAPIHook g_OpenProcess; // 自定义OpenProcess函数 #pragma data_seg("YCIShared") HHOOK g_hHook = NULL; DWORD dwCurrentProcessId=0; #pragma data_seg() HANDLE WINAPI Hook_OpenProcess(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId) { typedef HANDLE (WINAPI *PFNTERMINATEPROCESS)(DWORD, BOOL,DWORD); if(dwProcessId != dwCurrentProcessId) { return ((PFNTERMINATEPROCESS)(PROC)g_OpenProcess)(dwDesiredAccess,bInheritHandle,dwProcessId); } return 0; } // 挂钩OpenProcess函数 CAPIHook g_OpenProcess("kernel32.dll", "OpenProcess", (PROC)Hook_OpenProcess); /////////////////////////////////////////////////////////////////////////// static HMODULE ModuleFromAddress(PVOID pv) { MEMORY_BASIC_INFORMATION mbi; if(::VirtualQuery(pv, &mbi, sizeof(mbi)) != 0) { return (HMODULE)mbi.AllocationBase; } else { return NULL; } } static LRESULT WINAPI GetMsgProc(int code, WPARAM wParam, LPARAM lParam) { return ::CallNextHookEx(g_hHook, code, wParam, lParam); } BOOL WINAPI SetSysHook(BOOL bInstall, DWORD dwThreadId) { BOOL bOk; dwCurrentProcessId=dwThreadId; if(bInstall) { g_hHook = ::SetWindowsHookEx(WH_GETMESSAGE, GetMsgProc, ModuleFromAddress(GetMsgProc), 0); bOk = (g_hHook != NULL); } else { bOk = ::UnhookWindowsHookEx(g_hHook); g_hHook = NULL; } return bOk; } |
| 阅读全文 | 回复(1) | 引用通告 | 编辑 |
- 上一篇:ntfs数据流
- 下一篇:编程禁止Windows文件保护
| Re:APIHOOK之拦截OpenProcess(真正的实现了拦截TerminateProcess) |
| koma(游客)发表评论于2008-5-31 8:03:00 |
 请楼主把APIHOOK.h贴出来啊? |
| 个人主页 | 引用 | 返回 | 删除 | 回复 |
