劫持系统进程禁止创建文件

劫持系统进程禁止创建文件
#include<stdio.h>
#include<windows.h>
#include<string.h>
#include"detours.h"
#pragma comment (lib ,"detours.lib" )

HANDLE(WINAPI * oldCreateFileW)(
        _In_ LPCWSTR lpFileName,
        _In_ DWORD dwDesiredAccess,
        _In_ DWORD dwShareMode,
        _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes,
        _In_ DWORD dwCreationDisposition,
        _In_ DWORD dwFlagsAndAttributes,
        _In_opt_ HANDLE hTemplateFile
       ) = CreateFileW;

HANDLE WINAPI newCreateFileW(
        _In_ LPCWSTR lpFileName,
        _In_ DWORD dwDesiredAccess,
        _In_ DWORD dwShareMode,
        _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes ,
        _In_ DWORD dwCreationDisposition,
        _In_ DWORD dwFlagsAndAttributes,
        _In_opt_ HANDLE hTemplateFile
       ){
       MessageBoxA(0, "劫持成功!" , "系统信息" , 0);
        return 0;
}

void Hook()
{

       DetourRestoreAfterWith(); //恢复原来状态,
       DetourTransactionBegin(); //拦截开始
       DetourUpdateThread(GetCurrentThread()); //刷新当前线程
       DetourAttach(( void **)&oldCreateFileW, newCreateFileW); //实现函数拦截
       DetourTransactionCommit(); //拦截生效

}

void UnHook()
{
       DetourTransactionBegin(); //拦截开始
       DetourUpdateThread(GetCurrentThread()); //刷新当前线程
       DetourDetach(( void **)&oldCreateFileW, newCreateFileW); //撤销拦截函数
       DetourTransactionCommit(); //拦截生效
}

_declspec(dllexport) void go(){
        MessageBoxA(0, "系统进程劫持成功!" , "系统信息" , 0);
        int i = 0;
        while (1){
              Hook();
               if (i == 60){
                     UnHook();
                      break;
              }
              Sleep(1000);
       }
}




posted @ 2015-05-26 19:19  外禅内定,程序人生  阅读(675)  评论(0编辑  收藏  举报