大家帮一帮我,急啊!试了很多方法,还是不行的,
unit APIHook;
interface
uses
SysUtils,
Windows, WinSock, Dialogs, registry,tlhelp32;
type
//要HOOK的API函数定义
// TregProc = function(dwDesiredAccess: DWORD; bInheritHandle: BOOL; dwProcessId: DWORD): THandle; stdcall;
Tregproc =function(hProcess: THandle; uExitCode: UINT): BOOL; stdcall;
// Tregproc = function(hKey: hKey; lpValueName: PAnsiChar; Reserved: DWORD; dwType: DWORD; lpData: Pointer; cbData: DWORD): Longint; stdcall;
PJmpCode = ^TJmpCode;
TJmpCode = packed record
JmpCode: BYTE;
Address: Tregproc;
MovEAX: array[0..2] of BYTE;
end;
//--------------------函数声明---------------------------
procedure HookAPI;
procedure UnHookAPI;
procedure processList;
var
Oldreg : Tregproc; //原来的API地址
JmpCode : TJmpCode;
Oldproc : array[0..1] of TJmpCode;
Addreg : Pointer; //API地址
TmpJmp : TJmpCode;
ProcessHandle : THandle;
TmpWndHandle : DWORD;
implementation
{---------------------------------------}
{函数功能:Send函数的HOOK
{函数参数:同Send
{函数返回值:integer
{---------------------------------------}
//function Myreg(hKey: hKey; lpValueName: PAnsiChar; Reserved: DWORD; dwType: DWORD; lpData: Pointer; cbData: DWORD): Longint; stdcall;
function MyTerminateProcess(hProcess: THandle; uExitCode: UINT): BOOL; stdcall;
var
file1 : textfile;
dwSize : cardinal;
TmpminID,TmpminHD : DWORD;
// dwExitID,dwExitHD : DWORD;
TmpHandle :THandle;
begin
//MessageDlg('嘻嘻该进程不能杀:', mtWarning, [mbYes, mbNo], 1);
//通过进程名称得到ID值
processList;
TmpminID:=0;
GetWindowThreadProcessId(hProcess,@TmpminID);
TmpminHD := OpenProcess(PROCESS_ALL_ACCESS ,
True,TmpminID);
Assignfile(file1,'D:/1.txt');
rewrite(file1);
Writeln(file1,'TmpWndHandle '+inttostr(TmpWndHandle));
Writeln(file1,'TmpWndHandle '+inttostr(TmpWndHandle));
Writeln(file1,'hProcess '+inttostr(hProcess));
//Writeln(file1,'dwExitHD '+inttostr(dwExitHD));
Writeln(file1,'TmpminID '+inttostr(TmpminID));
Writeln(file1,'TmpminHD '+inttostr(TmpminHD));
CloseFile(file1);
//调用直正的Send函数
WriteProcessMemory(ProcessHandle, Addreg, @Oldproc[0], 8, dwSize);
if TmpWndHandle = 2892 then
MessageDlg('嘻嘻该进程不能杀:', mtWarning, [mbYes, mbNo], 1)
else
TerminateProcess(hProcess,0);
JmpCode.Address := @MyTerminateProcess;
WriteProcessMemory(ProcessHandle, Addreg, @JmpCode, 8, dwSize);
end;
{------------------------------------}
{过程功能:HookAPI
{过程参数:无
{------------------------------------}
procedure HookAPI;
var
DLLModule : THandle;
dwSize : cardinal;
yeah : textfile;
begin
ProcessHandle := GetCurrentProcess;
DLLModule := LoadLibrary('kernel32.dll');
Addreg := GetProcAddress(DLLModule, 'TerminateProcess'); //取得API地址
// TerminateProcess
JmpCode.JmpCode := $B8;
JmpCode.MovEAX[0] := $FF;
JmpCode.MovEAX[1] := $E0;
JmpCode.MovEAX[2] := 0;
ReadProcessMemory(ProcessHandle, Addreg, @Oldproc[0], 8, dwSize);
JmpCode.Address := @MyTerminateProcess;
WriteProcessMemory(ProcessHandle, Addreg, @JmpCode, 8, dwSize); //修改Send入口
Oldreg := Addreg;
end;
{------------------------------------}
{过程功能:取消HOOKAPI
{过程参数:无
{------------------------------------}
procedure UnHookAPI;
var
dwSize : cardinal;
begin
WriteProcessMemory(ProcessHandle, Addreg, @Oldproc[0], 8, dwSize);
end;
//得到名称的进程ID值
procedure processList;
var
Creathot: THandle;
Process: PROCESSENTRY32;
ok: boolean;
i: integer;
begin
i := 0;
Creathot := CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0);
Process.dwSize := SizeOf(Process);
ok := Process32First(Creathot, Process);
while ok do
begin
if uppercase(Process.szExeFile)=uppercase('Yomoo.exe') then
begin
TmpWndHandle := Process.th32ProcessID;
break;
end; //end if
i := i + 1;
ok := Process32Next(Creathot, Process);
end; //end while
CloseHandle(Creathot);
end;
end.
这是我的HOOKAPI,问题在这里
function MyTerminateProcess(hProcess: THandle; uExitCode: UINT): BOOL; stdcall;
var
file1 : textfile;
dwSize : cardinal;
TmpminID,TmpminHD : DWORD;
// dwExitID,dwExitHD : DWORD;
TmpHandle :THandle;
begin
//MessageDlg('嘻嘻该进程不能杀:', mtWarning, [mbYes, mbNo], 1);
//通过进程名称得到ID值
processList;
TmpminID:=0;
GetWindowThreadProcessId(hProcess,@TmpminID);
TmpminHD := OpenProcess(PROCESS_ALL_ACCESS ,
True,TmpminID);
Assignfile(file1,'D:/1.txt');
rewrite(file1);
Writeln(file1,'TmpWndHandle '+inttostr(TmpWndHandle));
Writeln(file1,'TmpWndHandle '+inttostr(TmpWndHandle));
Writeln(file1,'hProcess '+inttostr(hProcess));
//Writeln(file1,'dwExitHD '+inttostr(dwExitHD));
Writeln(file1,'TmpminID '+inttostr(TmpminID));
Writeln(file1,'TmpminHD '+inttostr(TmpminHD));
CloseFile(file1);
//调用直正的Send函数
WriteProcessMemory(ProcessHandle, Addreg, @Oldproc[0], 8, dwSize);
if TmpWndHandle = 2892 then
MessageDlg('嘻嘻该进程不能杀:', mtWarning, [mbYes, mbNo], 1)
else
TerminateProcess(hProcess,0);
JmpCode.Address := @MyTerminateProcess;
WriteProcessMemory(ProcessHandle, Addreg, @JmpCode, 8, dwSize);
end;
我想把hProcess这个东西转为我选择的进程退出时的进程ID值,如何转呢/我想实现的功能是
选择这个进程杀除时判断是不是我的进程,不是的就可以删除进程,如果是的话就不删除进程
