Hook API-之進程保護 |
尚未結案
|
takdick
一般會員 發表:50 回覆:63 積分:22 註冊:2002-08-05 發送簡訊給我 |
Hook API-之進程保護
http://www.98exe.net/Article/c/2006-04-05/1504.html 在網上看到了這一篇文章,按提供的源碼編譯一下該dll,發現裡面用到的ProcessHandleToId,ProcessIdToFileName和PosText函數代碼沒有附上,請問如何解決?或有沒有其他方法能達到同樣的效果?Dll代碼如下: <textarea class="delphi" rows="10" cols="60" name="code"> library Dll; uses Windows, SysUtils, Classes; const PRG_NAME = 'ddos.exe'; var TerminateProcessNext : function (processHandle, exitCode: dword) : bool; stdcall; NtTerminateProcessNext : function (processHandle, exitCode: dword) : dword; stdcall; {$R *.res} function ThisIsOurProcess(processHandle: dword) : boolean; var pid : dword; arrCh : array [0..MAX_PATH] of char; begin pid := ProcessHandleToId(processHandle); result := (pid <> 0) and ProcessIdToFileName(pid, arrCh) and (PosText(PRG_NAME, arrCh) > 0); end; function TerminateProcessCallback(processHandle, exitCode: dword) : bool; stdcall; begin if ThisIsOurProcess(processHandle) then begin result := false; SetLastError(ERROR_ACCESS_DENIED); end else result := TerminateProcessNext(processHandle, exitCode); end; function NtTerminateProcessCallback(processHandle, exitCode: dword) : dword; stdcall; const STATUS_ACCESS_DENIED = $C0000022; begin if ThisIsOurProcess(processHandle) then begin result := STATUS_ACCESS_DENIED end else result := NtTerminateProcessNext(processHandle, exitCode); end; begin if GetVersion and $80000000 = 0 then HookAPI( 'ntdll.dll', 'NtTerminateProcess', @NtTerminateProcessCallback, @NtTerminateProcessNext) else HookAPI('kernel32.dll', 'TerminateProcess', @TerminateProcessCallback, @TerminateProcessNext); end. </textarea> |
本站聲明 |
1. 本論壇為無營利行為之開放平台,所有文章都是由網友自行張貼,如牽涉到法律糾紛一切與本站無關。 2. 假如網友發表之內容涉及侵權,而損及您的利益,請立即通知版主刪除。 3. 請勿批評中華民國元首及政府或批評各政黨,是藍是綠本站無權干涉,但這裡不是政治性論壇! |