Здравствуйте, kregheck, Вы писали:
K>Здравствуйте, Аноним, Вы писали:
А>>без перехвата — никак
K>А можно поподробнее. Есть идеи как это реализовать?
/**************************************************************
* Project: Hook API function TerminateProcess
*
* Copyright 2008 xmen
**************************************************************/
#pragma comment(linker, "-entry:DllEntryPoint")
#pragma comment(lib, "kernel32")
#pragma comment(lib, "user32")
#pragma warning(disable: 4508)
#include <windows.h>
extern "C" BOOL WINAPI DllEntryPoint(HINSTANCE, ULONG, LPVOID);
SetHook();
UnHook();
//-----------------
#pragma pack(push)
#pragma pack(1)
typedef struct {
BYTE OpPush;
LPVOID addr;
BYTE OpRet;
} jmp;
#pragma pack(pop)
jmp buf, old;
//-----------------
BOOL
WINAPI
xxxTerminateProcess(
IN HANDLE hProcess,
IN UINT uExitCode
)
{
DWORD CurrPid = GetProcessId(GetCurrentProcess());
CHAR strCurrPid[0x20] = {0};
wsprintf(strCurrPid, "Current PID: %d", CurrPid);
HANDLE hProcess1;
DuplicateHandle(GetCurrentProcess(),
hProcess,
GetCurrentProcess(),
&hProcess1,
PROCESS_QUERY_INFORMATION,
TRUE,
0);
DWORD TermPid = GetProcessId(hProcess1);
CHAR strTermPid[0x20] = {0};
wsprintf(strTermPid, "TerminateProcess(PID: %d)", TermPid);
MessageBox(NULL, strTermPid, strCurrPid, 0x40);
UnHook();
BOOL r = TerminateProcess(hProcess, uExitCode);
SetHook();
return r;
}
SetHook()
{
jmp *pbuf = &buf;
pbuf->OpPush = 0x68;
pbuf->addr = &xxxTerminateProcess;
pbuf->OpRet = 0xC3;
WriteProcessMemory(INVALID_HANDLE_VALUE,
&TerminateProcess,
&buf,
sizeof(jmp),
0);
}
UnHook()
{
WriteProcessMemory(INVALID_HANDLE_VALUE,
&TerminateProcess,
&old,
sizeof(jmp),
0);
}
BOOL WINAPI
DllEntryPoint(HINSTANCE hInstance, ULONG ulReason, LPVOID pv)
{
switch(ulReason)
{
case DLL_PROCESS_ATTACH:
ReadProcessMemory(INVALID_HANDLE_VALUE,
&TerminateProcess,
&old,
sizeof(jmp),
0);
SetHook();
break;
case DLL_PROCESS_DETACH:
UnHook();
break;
}
return TRUE;
}
http://files.rsdn.ru/59750/HTP.rar
