APIHOOK之拦截OpenProcess
Posted by
JiaJia
13 February,2009
(1)Comment
以下是部分程序,在 VC++ 6.0 Plat SDK 2003 SP1 下编译通过#include < windows . h >
#include "APIHook.h"
extern CAPIHook g_OpenProcess ;
// 自定义OpenProcess函数
#pragma data_seg ( "YCIShared" )
HHOOK g_hHook = NULL ;
DWORD dwCurrentProcessId = 0 ;
#pragma data_seg ()
HANDLE WINAPI Hook_OpenProcess ( DWORD dwDesiredAccess , BOOL bInheritHandle , DWORD dwProcessId )
{
typedef HANDLE ( WINAPI * PFNTERMINATEPROCESS )( DWORD , BOOL , DWORD );
if ( dwProcessId != dwCurrentProcessId )
{
return (( PFNTERMINATEPROCESS )( PROC ) g_OpenProcess )( dwDesiredAccess , bInheritHandle , dwProcessId );
}
return 0 ;
}
// 挂钩OpenProcess函数
CAPIHook g_OpenProcess ( "kernel32.dll" , "OpenProcess" , ( PROC ) Hook_OpenProcess );
//////////////////////////////////////////////////////
static HMODULE ModuleFromAddress ( PVOID pv )
{
MEMORY_BASIC_INFORMATION mbi ;
if (:: VirtualQuery ( pv , & mbi , sizeof ( mbi )) != 0 )
{
return ( HMODULE ) mbi . AllocationBase ;
}
else
{
return NULL ;
}
}
static LRESULT WINAPI GetMsgProc ( int code , WPARAM wParam , LPARAM lParam )
{
return :: CallNextHookEx ( g_hHook , code , wParam , lParam );
}
BOOL WINAPI SetSysHook ( BOOL bInstall , DWORD dwThreadId )
{
BOOL bOk ;
dwCurrentProcessId = dwThreadId ;
if ( bInstall )
{
g_hHook = :: SetWindowsHookEx ( WH_GETMESSAGE , GetMsgProc ,
ModuleFromAddress ( GetMsgProc ), 0 );
bOk = ( g_hHook != NULL );
}
else
{
bOk = :: UnhookWindowsHookEx ( g_hHook );
g_hHook = NULL ;
}
return bOk ;
}
Related Items
Categories :
学习编程
Comments
Leave a comment
Or, take a look at Archives and Categories
lz能不能把工程打包?我这里总是编译出错,总是一些莫名其妙的提示类似缺少分号什么的