分享一份很久以前写的无模块注入型IatHook CreatePorcessW的源码
本帖最后由 哎呦呦 于 2016-7-12 03:54 编辑部分代码:
typedef bool (WINAPI *pCreateProcessW)(
LPCWSTR lpApplicationName,
LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation
);
BOOL EnablePrivilege(LPSTR name)
{
HANDLE hToken;
BOOL rv;
TOKEN_PRIVILEGES priv = {1, {0, 0, SE_PRIVILEGE_ENABLED}};
LookupPrivilegeValue(0, name, &priv.Privileges.Luid);
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken);
AdjustTokenPrivileges(hToken, FALSE, &priv, sizeof priv, 0, 0);
rv = GetLastError() == ERROR_SUCCESS;
CloseHandle(hToken);
return rv;
}
bool WINAPI MyCreateProcessW(
LPCWSTR lpApplicationName,
LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation
)
{
pCreateProcessW MpCreateProcessW= (pCreateProcessW)dwOldpFunAddr;
if(IDYES ==MessageBoxW(0,lpApplicationName,lpCommandLine,MB_YESNO))
{
return MpCreateProcessW(lpApplicationName,lpCommandLine,lpProcessAttributes,lpThreadAttributes,bInheritHandles,
dwCreationFlags,lpEnvironment,lpCurrentDirectory,lpStartupInfo,lpProcessInformation);
}
else
{
return FALSE;
}
}
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
运行代码会对explorer.exe注入修改IAT表HOOK CreateProcessW函数,别问我有什么用!完整源码下载地址:
链接:http://pan.baidu.com/s/1eS2UEXG 密码:yfj6
学习一下,多谢楼主 感谢楼主分享,虽然看不懂{:5_116:} 看不懂啊,有易语言的吗 虽然现在还是看不懂,我相信努力会让我看得懂的 看上去好像有点复杂!不知道咋整! 谢谢 学习中。。。
页:
[1]
2