S.l.e!ep.￠%

像打了激速一樣，以四倍的速度運(yùn)轉(zhuǎn)，開(kāi)心的工作
簡(jiǎn)單、開(kāi)放、平等的公司文化；尊重個(gè)性、自由與個(gè)人價(jià)值；

posts - 1098, comments - 335, trackbacks - 0, articles - 1

C++博客 :: 首頁(yè) :: 新隨筆 :: 聯(lián)系 :: 聚合

HOOK SSDT Hide Process （九）Using API Enum Process

Posted on 2009-10-28 14:49 S.l.e!ep.￠% 閱讀(307) 評(píng)論(0) 編輯收藏引用所屬分類: RootKit

應(yīng)用層的代碼，與之前的代碼不同之前，并沒(méi)有直接使用 ZwQuerySystemInformation() 而是公開(kāi)的API EnumProcess

#include? < windows.h >
#include? < stdio.h >
#include? " psapi.h "
#pragma?comment(lib,? " psapi.lib " )

void ?PrintModules(?DWORD?processID?)
{
????HMODULE?hMods[ 1024 ];
????HANDLE?hProcess;
????DWORD?cbNeeded;
????unsigned? int ?i;
???? // ?Print?the?process?identifier.
????printf(? " Process?ID:?%u\n " ,?processID?);
???? // ?Get?a?list?of?all?the?modules?in?this?process.
????
????hProcess? = ?OpenProcess(?PROCESS_QUERY_INFORMATION? |
????????PROCESS_VM_READ,
????????FALSE,?processID?);
???? if ?(NULL? == ?hProcess)
???????? return ;
???? if (?EnumProcessModules(hProcess,?hMods,? sizeof (hMods),? & cbNeeded))
????{
???????? for ?(?i? = ? 0 ;?i? < ?(cbNeeded? / ? sizeof (HMODULE));?i ++ ?)
????????{
???????????? char ?szModName[MAX_PATH];
???????????? // ?Get?the?full?path?to?the?module's?file.
???????????? if ?(?GetModuleFileNameEx(?hProcess,?hMods[i],?szModName,? sizeof (szModName)))
????????????{
???????????????? // ?Print?the?module?name?and?handle?value.
????????????????printf( " \t%s?(0x%08X)\n " ,?szModName,?hMods?);
????????????}
????????}
????????????????}
????CloseHandle(?hProcess?);
}
void ?main(?)
{
???? // ?Get?the?list?of?process?identifiers.
????DWORD?aProcesses[ 1024 ],?cbNeeded,?cProcesses;
????unsigned? int ?i;
???? if ?(? ! EnumProcesses(?aProcesses,? sizeof (aProcesses),? & cbNeeded?)?)
???????? return ;
???? // ?Calculate?how?many?process?identifiers?were?returned.
????cProcesses? = ?cbNeeded? / ? sizeof (DWORD);
???? // ?Print?the?name?of?the?modules?for?each?process.
???? for ?(?i? = ? 0 ;?i? < ?cProcesses;?i ++ ?)
????????PrintModules(?aProcesses[i]?);
}

只有注冊(cè)用戶登錄后才能發(fā)表評(píng)論。


相關(guān)文章: Load Driver protect_pwd.txt Windows下Hook API技術(shù) inline hook 對(duì)付API-splicing的一種簡(jiǎn)單方法修改IAT實(shí)現(xiàn)API HOOK API-HOOK and ANTI-API-HOOK For Ring3 API Hook jmp 法 DirectX Input 鍵盤(pán)實(shí)現(xiàn) 收藏一個(gè)反鍵盤(pán)記錄工具的分析不用hook 實(shí)現(xiàn)掛機(jī)鎖

網(wǎng)站導(dǎo)航: 博客園 IT新聞 BlogJava 博問(wèn) Chat2DB 管理

青青草原综合久久大伊人导航_色综合久久天天综合_日日噜噜夜夜狠狠久久丁香五月_热久久这里只有精品

S.l.e!ep.￠%

HOOK SSDT Hide Process （九）Using API Enum Process

日歷

公告

常用鏈接

留言簿(5)

隨筆分類(1107)

隨筆檔案(1098)

文章檔案(1)

相冊(cè)

收藏夾(3)

DataStruct

搜索

積分與排名

最新評(píng)論

閱讀排行榜

評(píng)論排行榜