#include <stdio.h>
#include <stdlib.h>
#include <Windows.h>
#include<string.h>
#include "detours.h"
#pragma comment(lib,"detours.lib")
//指针存储系统函数
static BOOL (WINAPI *poldCreateProcessW)( LPCWSTR lpApplicationName, LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory, LPPROCESS_INFORMATION lpProcessInformation)= CreateProcessW;
BOOL newCreateProcessW(LPCWSTR lpApplicationName, LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes, LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles, DWORD dwCreationFlags, LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory, LPPROCESS_INFORMATION lpProcessInformation)
{
MessageBoxA(0, "系统劫持", "系统已经被劫持", 0);
return 0;
}
void Hook()
{
DetourRestoreAfterWith(); //恢复原来的状态
DetourTransactionBegin(); //拦截开始
DetourUpdateThread(GetCurrentThread()); //刷新当前线程
DetourAttach((void **)&poldCreateProcessW, newCreateProcessW); //实现函数拦截
DetourTransactionCommit(); //拦截生效
}
void UnHook()
{
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach((void **)&poldCreateProcessW, newCreateProcessW);
DetourTransactionCommit();
}
__declspec(dllexport) void go()
{
Hook();
Sleep(1000 * 30);
UnHook();
}
//可以从网络,进程,线程,文件劫持,加载模块;