APIHOOK之拦截OpenProcess | 雨律在线

以下是部分程序,在 VC++ 6.0 Plat SDK 2003 SP1 下编译通过


#include < windows . h >
#include "APIHook.h"

extern CAPIHook g_OpenProcess ;

// 自定义OpenProcess函数
#pragma data_seg ( "YCIShared" )
HHOOK g_hHook = NULL ;
DWORD dwCurrentProcessId = 0 ;
#pragma data_seg ()

HANDLE WINAPI Hook_OpenProcess ( DWORD dwDesiredAccess , BOOL bInheritHandle , DWORD dwProcessId )
{
typedef HANDLE ( WINAPI * PFNTERMINATEPROCESS )( DWORD , BOOL , DWORD );

if ( dwProcessId != dwCurrentProcessId )
{
return (( PFNTERMINATEPROCESS )( PROC ) g_OpenProcess )( dwDesiredAccess , bInheritHandle , dwProcessId );
}
return 0 ;
}

// 挂钩OpenProcess函数
CAPIHook g_OpenProcess ( "kernel32.dll" , "OpenProcess" , ( PROC ) Hook_OpenProcess );
//////////////////////////////////////////////////////

static HMODULE ModuleFromAddress ( PVOID pv )
{
MEMORY_BASIC_INFORMATION mbi ;
if (:: VirtualQuery ( pv , & mbi , sizeof ( mbi )) != 0 )
{
return ( HMODULE ) mbi . AllocationBase ;
}
else
{
return NULL ;
}
}

static LRESULT WINAPI GetMsgProc ( int code , WPARAM wParam , LPARAM lParam )
{
return :: CallNextHookEx ( g_hHook , code , wParam , lParam );
}

BOOL WINAPI SetSysHook ( BOOL bInstall , DWORD dwThreadId )
{
BOOL bOk ;
dwCurrentProcessId = dwThreadId ;
if ( bInstall )
{
g_hHook = :: SetWindowsHookEx ( WH_GETMESSAGE , GetMsgProc ,
ModuleFromAddress ( GetMsgProc ), 0 );
bOk = ( g_hHook != NULL );
}
else
{
bOk = :: UnhookWindowsHookEx ( g_hHook );
g_hHook = NULL ;
}
return bOk ;
}



 
目前有1条回应
Comment
Trackback
Loading ....
  • 小y 回应于2011/03/17 16:41 回复TA

    lz能不能把工程打包?我这里总是编译出错,总是一些莫名其妙的提示类似缺少分号什么的

  • 本篇文章没有Trackback
你目前的身份是游客,请输入昵称和电邮!