本文共计1216个字,预计阅读时长4.9分钟。
LPVOID AddressOfCreateProcess=NULL;
BYTE OriCode[3]={0x0,0x0,0x0};
BYTE NewCode[3]={0x90,0xc3,0x90};
void HookCreateProcess(HANDLE hProc)
{
SIZE_T dwRet=0,i=0;
AddressOfCreateProcess=(LPVOID)GetProcAddress(GetModuleHandleA("ntdll.dll"),"NtCreateUserProcess");
printf("AddressOfCreateProcess: 0x%x\n",(LONGLONG)AddressOfCreateProcess);
ReadProcessMemory(hProc,AddressOfCreateProcess,OriCode,3,&dwRet);
WriteProcessMemory(hProc,AddressOfCreateProcess,NewCode,3,&dwRet);
return;
}
void UnHookCreateProcess(HANDLE hProc)
{
SIZE_T dwRet=0;
WriteProcessMemory(hProc,AddressOfCreateProcess,OriCode,3,&dwRet);
return;
}
void HookAllProcess()
{
HANDLE hp=0;
int pids[200],procsnum=0;
GetAllProcessA(pids,&procsnum);
for(int i=0;i<procsnum;i++)
{
printf("%d\n",pids);
hp=OpenProcess(PROCESS_ALL_ACCESS,0,pids);
HookCreateProcess(hp);
CloseHandle(hp);
}
getchar();
for(int i=0;i<procsnum;i++)
{
printf("%d\n",pids);
hp=OpenProcess(PROCESS_ALL_ACCESS,0,pids);
UnHookCreateProcess(hp);
CloseHandle(hp);
}
return;
}
暂无评论