www.gusucode.com > VB病毒编程源代码资料及教程 > VB病毒编程源代码资料及教程/code/!!病毒编程资料/禁止进程创建/dll/hook.cpp
#include "stdafx.h"
#include <windows.h>
#include "stdio.h"
#include "stdlib.h"
HANDLE hProcess=0;
UCHAR OldCode[5]={0}, NewCode[5]={0};
ULONG FunAddr=0;
HWND hExe=0;
HINSTANCE hMod=0;
HHOOK hHook=0;
BOOL HookStatus(BOOL Status){
BOOL ret=FALSE;
if (Status) {
ret = WriteProcessMemory(hProcess, (void *)FunAddr, NewCode, 5, 0);
if (ret) return TRUE;}
else {
ret = WriteProcessMemory(hProcess, (void *)FunAddr, OldCode, 5, 0);
if (ret) return TRUE;}
return FALSE;
}
BOOL WINAPI CreateProcessWCallBack(LPCWSTR lpApplicationName,
LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation){
ULONG ret=0;
BOOL b=FALSE;
COPYDATASTRUCT cds={0};
cds.lpData = (void *)lpApplicationName;
cds.cbData = 255;
ret = SendMessage(hExe, WM_COPYDATA, GetCurrentProcessId(), (LPARAM)&cds);
if (ret==1234) {
HookStatus(FALSE);
b = CreateProcessW(lpApplicationName,
lpCommandLine,
lpProcessAttributes,
lpThreadAttributes,
bInheritHandles,
dwCreationFlags,
lpEnvironment,
lpCurrentDirectory,
lpStartupInfo,
lpProcessInformation);
HookStatus(TRUE);
return b;
} else return FALSE;
return FALSE;
}
BOOL HookCreateProcess(){
ULONG JmpAddr=0;
char msg[255]={0};
FunAddr = (ULONG)GetProcAddress(LoadLibrary("Kernel32.dll"), "CreateProcessW");
memcpy(OldCode, (void *)FunAddr, 5);
NewCode[0] = 0xe9;
JmpAddr = (ULONG)CreateProcessWCallBack - FunAddr - 5;
memcpy(&NewCode[1], &JmpAddr, 4);
//sprintf(msg, "NewCode: %x %x %x %x %x\nFunAddr: %x\nJmpAddr: %x\nMyFun: %x", NewCode[0], NewCode[1], NewCode[2], NewCode[3], NewCode[4], FunAddr, JmpAddr, (ULONG)CreateProcessWCallBack);
//MessageBox(0, msg, "", MB_OK);
HookStatus(TRUE);
return TRUE;
}
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved)
{
hMod = (HINSTANCE)hModule;
if (ul_reason_for_call==DLL_PROCESS_ATTACH){
hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, GetCurrentProcessId());
hExe = FindWindow(NULL, "Hook CreateProcessW");
HookCreateProcess();}
if (ul_reason_for_call==DLL_PROCESS_DETACH) HookStatus(FALSE);
return TRUE;
}
extern "C" __declspec(dllexport) BOOL UnLoadHook(){
return(UnhookWindowsHookEx(hHook));
}
LRESULT CALLBACK HookProc(int nCode,WPARAM wParam,LPARAM lParam){
return(CallNextHookEx(hHook,nCode,wParam,lParam));
}
extern "C" __declspec(dllexport) BOOL StartHook(){
hHook = SetWindowsHookEx(WH_GETMESSAGE,(HOOKPROC)HookProc, hMod, 0);
if (hHook) return TRUE;
return FALSE;
}