吾爱破解 - LCG - LSG |安卓破解|病毒分析|www.52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 3153|回复: 4
收起左侧

[C&C++ 转载] 咨询个防止进程被杀事情

[复制链接]
可坏 发表于 2017-4-10 04:52
Hook掉TerminateProcess 和 OpenProcess 是成功的  但是还是能通过任务管理器把进程杀掉  我很纳闷 请帮忙看下问题出在哪里?
[C++] 纯文本查看 复制代码
// HookOpenProcessDlg.h : 头文件
//

#pragma once
typedef HANDLE(WINAPI *TypeOpenProcess)( _In_ DWORD dwDesiredAccess,_In_ BOOL bInheritHandle,_In_ DWORD dwProcessId);
typedef BOOL (WINAPI *TypeTerminateProcess)(_In_ HANDLE hProcess, _In_ UINT uExitCode);
// CHookOpenProcessDlg 对话框
class CHookOpenProcessDlg : public CDialogEx
{
// 构造
public:
	CHookOpenProcessDlg(CWnd* pParent = NULL);	// 标准构造函数

// 对话框数据
	enum { IDD = IDD_HOOKOPENPROCESS_DIALOG };

	protected:
	virtual void DoDataExchange(CDataExchange* pDX);	// DDX/DDV 支持


// 实现
protected:
	HICON m_hIcon;

	// 生成的消息映射函数
	virtual BOOL OnInitDialog();
	afx_msg void OnSysCommand(UINT nID, LPARAM lParam);
	afx_msg void OnPaint();
	afx_msg HCURSOR OnQueryDragIcon();
	DECLARE_MESSAGE_MAP()
public:
	afx_msg void OnBnClickedBtnhook();
	afx_msg void OnDestroy();
	static DWORD m_dwProcess;
	static TypeOpenProcess OriginOpenProcess;
	static HANDLE  OpenProcessHandle;
	static TypeOpenProcess  OriginOpenProcessTarget;

	static TypeTerminateProcess	OriginOpenTerminateProcess;
	static TypeTerminateProcess	OriginOpenTerminateProcessTarget;
	afx_msg void OnBnClickedButton2();
};
HookOpenProcess.7z (368.57 KB, 下载次数: 2)







[C++] 纯文本查看 复制代码
// HookOpenProcessDlg.cpp : 实现文件
//

#include "stdafx.h"
#include "HookOpenProcess.h"
#include "HookOpenProcessDlg.h"
#include "afxdialogex.h"

#ifdef _DEBUG
#define new DEBUG_NEW
#endif


// 用于应用程序“关于”菜单项的 CAboutDlg 对话框

class CAboutDlg : public CDialogEx
{
public:
	CAboutDlg();

// 对话框数据
	enum { IDD = IDD_ABOUTBOX };

	protected:
	virtual void DoDataExchange(CDataExchange* pDX);    // DDX/DDV 支持

// 实现
protected:
	DECLARE_MESSAGE_MAP()
};

CAboutDlg::CAboutDlg() : CDialogEx(CAboutDlg::IDD)
{
}

void CAboutDlg::DoDataExchange(CDataExchange* pDX)
{
	CDialogEx::DoDataExchange(pDX);
}

BEGIN_MESSAGE_MAP(CAboutDlg, CDialogEx)
END_MESSAGE_MAP()


// CHookOpenProcessDlg 对话框




CHookOpenProcessDlg::CHookOpenProcessDlg(CWnd* pParent /*=NULL*/)
	: CDialogEx(CHookOpenProcessDlg::IDD, pParent)
{
	m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}

void CHookOpenProcessDlg::DoDataExchange(CDataExchange* pDX)
{
	CDialogEx::DoDataExchange(pDX);
}

BEGIN_MESSAGE_MAP(CHookOpenProcessDlg, CDialogEx)
	ON_WM_SYSCOMMAND()
	ON_WM_PAINT()
	ON_WM_QUERYDRAGICON()
	ON_BN_CLICKED(IDC_BTNHook, &CHookOpenProcessDlg::OnBnClickedBtnhook)
	ON_WM_DESTROY()
	ON_BN_CLICKED(IDC_BUTTON2, &CHookOpenProcessDlg::OnBnClickedButton2)
END_MESSAGE_MAP()


// CHookOpenProcessDlg 消息处理程序

BOOL CHookOpenProcessDlg::OnInitDialog()
{
	CDialogEx::OnInitDialog();

	// 将“关于...”菜单项添加到系统菜单中。

	// IDM_ABOUTBOX 必须在系统命令范围内。
	ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
	ASSERT(IDM_ABOUTBOX < 0xF000);

	CMenu* pSysMenu = GetSystemMenu(FALSE);
	if (pSysMenu != NULL)
	{
		BOOL bNameValid;
		CString strAboutMenu;
		bNameValid = strAboutMenu.LoadString(IDS_ABOUTBOX);
		ASSERT(bNameValid);
		if (!strAboutMenu.IsEmpty())
		{
			pSysMenu->AppendMenu(MF_SEPARATOR);
			pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
		}
	}

	// 设置此对话框的图标。当应用程序主窗口不是对话框时,框架将自动
	//  执行此操作
	SetIcon(m_hIcon, TRUE);			// 设置大图标
	SetIcon(m_hIcon, FALSE);		// 设置小图标

	// TODO: 在此添加额外的初始化代码
	m_dwProcess = GetCurrentProcessId();
	MH_STATUS iRet = MH_Initialize();
	if (iRet != MH_OK)
	{
		CString str;
		str += MH_StatusToString(iRet);
		MessageBox(str);
	}
	OnBnClickedBtnhook();
	return TRUE;  // 除非将焦点设置到控件,否则返回 TRUE
}

void CHookOpenProcessDlg::OnSysCommand(UINT nID, LPARAM lParam)
{
	if ((nID & 0xFFF0) == IDM_ABOUTBOX)
	{
		CAboutDlg dlgAbout;
		dlgAbout.DoModal();
	}
	else
	{
		CDialogEx::OnSysCommand(nID, lParam);
	}
}

// 如果向对话框添加最小化按钮,则需要下面的代码
//  来绘制该图标。对于使用文档/视图模型的 MFC 应用程序,
//  这将由框架自动完成。

void CHookOpenProcessDlg::OnPaint()
{
	if (IsIconic())
	{
		CPaintDC dc(this); // 用于绘制的设备上下文

		SendMessage(WM_ICONERASEBKGND, reinterpret_cast<WPARAM>(dc.GetSafeHdc()), 0);

		// 使图标在工作区矩形中居中
		int cxIcon = GetSystemMetrics(SM_CXICON);
		int cyIcon = GetSystemMetrics(SM_CYICON);
		CRect rect;
		GetClientRect(&rect);
		int x = (rect.Width() - cxIcon + 1) / 2;
		int y = (rect.Height() - cyIcon + 1) / 2;

		// 绘制图标
		dc.DrawIcon(x, y, m_hIcon);
	}
	else
	{
		CDialogEx::OnPaint();
	}
}

//当用户拖动最小化窗口时系统调用此函数取得光标
//显示。
HCURSOR CHookOpenProcessDlg::OnQueryDragIcon()
{
	return static_cast<HCURSOR>(m_hIcon);
}


HANDLE WINAPI MyOpenProcess(_In_ DWORD dwDesiredAccess,_In_ BOOL bInheritHandle,_In_ DWORD dwProcessId)
{
	HANDLE _handle = NULL;
	if (CHookOpenProcessDlg::OriginOpenProcess)
	{
		_handle = CHookOpenProcessDlg::OriginOpenProcess(dwDesiredAccess,bInheritHandle,dwProcessId);
	}
   if (CHookOpenProcessDlg::m_dwProcess == dwProcessId)
   {
	 CHookOpenProcessDlg::OpenProcessHandle = _handle;
   }
   return NULL;
}
BOOL WINAPI MyTerminateProcess(_In_ HANDLE hProcess, _In_ UINT uExitCode)
{
	if (hProcess == CHookOpenProcessDlg::OpenProcessHandle)
	{
		return 0xff;
	}
	if (CHookOpenProcessDlg::OriginOpenTerminateProcess)
	{
	   return CHookOpenProcessDlg::OriginOpenTerminateProcess(hProcess,uExitCode);
	}
	return TRUE;
}
void CHookOpenProcessDlg::OnBnClickedBtnhook()
{
	// TODO: 在此添加控件通知处理程序代码
	MH_STATUS iRet = MH_CreateHookApiEx(L"Kernel32.dll","TerminateProcess",&MyTerminateProcess,reinterpret_cast<void**>(&OriginOpenTerminateProcess),reinterpret_cast<void**>(&OriginOpenTerminateProcessTarget));
	if (iRet != MH_OK)
	{
		CString str;
		str += MH_StatusToString(iRet);
		MessageBox(str);
	}
	iRet = MH_EnableHook(OriginOpenTerminateProcessTarget);
	if (iRet != MH_OK)
	{
		CString str;
		str += MH_StatusToString(iRet);
		MessageBox(str);
	}
	 iRet = MH_CreateHookApiEx(L"Kernel32.dll","OpenProcess",&MyOpenProcess,reinterpret_cast<void**>(&OriginOpenProcess),reinterpret_cast<void**>(&OriginOpenProcessTarget));
	if (iRet != MH_OK)
	{
		CString str;
		str += MH_StatusToString(iRet);
		MessageBox(str);
	}
	iRet = MH_EnableHook(OriginOpenProcessTarget);
	if (iRet != MH_OK)
	{
		CString str;
		str += MH_StatusToString(iRet);
		MessageBox(str);
	}
}


void CHookOpenProcessDlg::OnDestroy()
{
	CDialogEx::OnDestroy();

	// TODO: 在此处添加消息处理程序代码
	MH_STATUS iRet = MH_Uninitialize();
	if (iRet != MH_OK)
	{
		CString str;
		str += MH_StatusToString(iRet);
		MessageBox(str);
	}
}

DWORD CHookOpenProcessDlg::m_dwProcess = 0;

TypeOpenProcess CHookOpenProcessDlg::OriginOpenProcess = NULL;

HANDLE CHookOpenProcessDlg::OpenProcessHandle = NULL;

TypeOpenProcess CHookOpenProcessDlg::OriginOpenProcessTarget = NULL;

TypeTerminateProcess CHookOpenProcessDlg::OriginOpenTerminateProcess = NULL;

TypeTerminateProcess CHookOpenProcessDlg::OriginOpenTerminateProcessTarget = NULL;



void CHookOpenProcessDlg::OnBnClickedButton2()
{
	
	MH_STATUS iRet = MH_QueueEnableHook(CHookOpenProcessDlg::OriginOpenProcessTarget);
	if (iRet == MH_OK)
	{
		CString str("OriginOpenProcessTarget");
		str += MH_StatusToString(iRet);
		MessageBox(str);
	}
	iRet = MH_QueueEnableHook(CHookOpenProcessDlg::OriginOpenTerminateProcessTarget);
	if (iRet != MH_OK)
	{
		CString str("OriginOpenTerminateProcessTarget");
		str += MH_StatusToString(iRet);
		MessageBox(str);
	}
}



发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

 楼主| 可坏 发表于 2017-4-10 08:25
不会是因为必须dll注入或加载才行吧
zheng123 发表于 2017-4-10 09:06
jht168888 发表于 2017-4-10 09:50
SSSSS 发表于 2017-4-10 14:05 来自手机
这种举动会被360直接拦截的
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则 警告:本版块禁止灌水或回复与主题无关内容,违者重罚!

快速回复 收藏帖子 返回列表 搜索

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-3-29 22:37

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表