T
takdick
Unregistered / Unconfirmed
GUEST, unregistred user!
Hook API-之進程保護<br>http://www.98exe.net/Article/c/2006-04-05/1504.html<br>在網上看到了這一篇文章,按提供的源碼編譯一下該dll,發現裡面用到的ProcessHandleToId,ProcessIdToFileName和PosText函數代碼沒有附上,請問如何解決?或有沒有其他方法能達到同樣的效果?Dll代碼如下:<br>library Dll;<br>uses<br> Windows, SysUtils, Classes;<br><br>const<br>PRG_NAME = 'ddos.exe';<br><br>var TerminateProcessNext : function (processHandle, exitCode: dword) : bool; stdcall;<br>NtTerminateProcessNext : function (processHandle, exitCode: dword) : dword; stdcall;<br><br><br>{$R *.res}<br>function ThisIsOurProcess(processHandle: dword) : boolean;<br>var pid : dword;<br>arrCh : array [0..MAX_PATH] of char;<br>begin<br>pid := ProcessHandleToId(processHandle);<br>result := (pid <> 0) and ProcessIdToFileName(pid, arrCh) and<br>(PosText(PRG_NAME, arrCh) > 0);<br>end; <br><br>function TerminateProcessCallback(processHandle, exitCode: dword) : bool; stdcall; <br>begin <br>if ThisIsOurProcess(processHandle) then <br>begin <br>result := false; <br>SetLastError(ERROR_ACCESS_DENIED); <br>end <br>else <br>result := TerminateProcessNext(processHandle, exitCode); <br><br>end; <br><br>function NtTerminateProcessCallback(processHandle, exitCode: dword) : dword; stdcall; <br>const STATUS_ACCESS_DENIED = $C0000022; <br>begin <br>if ThisIsOurProcess(processHandle) then <br>begin <br>result := STATUS_ACCESS_DENIED <br>end <br>else <br>result := NtTerminateProcessNext(processHandle, exitCode); <br>end; <br><br>begin<br>if GetVersion and $80000000 = 0 then <br>HookAPI( 'ntdll.dll', 'NtTerminateProcess', @NtTerminateProcessCallback, @NtTerminateProcessNext)<br>else HookAPI('kernel32.dll', 'TerminateProcess', @TerminateProcessCallback, @TerminateProcessNext); <br>end.