/******************************************************* /*《加密与解密》第三版配套实例 /* 第15章 反跟踪技术 /*15.2.3 ThreadHideFromDebugger /* code by forgot 2008.3 /*(c) 看雪软件安全网站 www.pediy.com 2000-2008 ********************************************************/ #include <stdio.h> #include <windows.h> #include <tchar.h> typedef DWORD (WINAPI *ZW_SET_INFORMATION_THREAD)(HANDLE, DWORD, PVOID, ULONG); #define ThreadHideFromDebugger 17 VOID DisableDebugEvent(VOID) { HINSTANCE hModule; ZW_SET_INFORMATION_THREAD ZwSetInformationThread; hModule = GetModuleHandleA("Ntdll"); ZwSetInformationThread = (ZW_SET_INFORMATION_THREAD)GetProcAddress(hModule, "ZwSetInformationThread"); ZwSetInformationThread(GetCurrentThread(), ThreadHideFromDebugger, NULL, NULL); } int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, PSTR szCmdLine, int iCmdShow) { DisableDebugEvent(); return 0 ; }