该楼层疑似违规已被系统折叠 隐藏此楼查看此楼
//以前发过,再贴一次
//-----------------------------------------------------
#include "windows.h"
#pragma comment(lib,"user32.lib")
LPCRITICAL_SECTION lpDllLock=NULL;
#define CODE_MOV_LEN 5
void FindKernelMemDllLock(DWORD CodeAddr)
{
int iIndex;
PUCHAR code=(PUCHAR)CodeAddr;
for(iIndex=0;iIndex<1024;++iIndex)
{
if(IsBadReadPtr(code+iIndex,CODE_MOV_LEN))
break;
if(code[iIndex]==0x90 && code[iIndex+1]==0x90)
{
for(;iIndex<1024 && code[iIndex]==0x90;++iIndex);
if(!IsBadReadPtr(code+iIndex,CODE_MOV_LEN) && code[iIndex]==0x68)
{
lpDllLock=(LPCRITICAL_SECTION)(*((ULONG *)(code+iIndex+1)));
break;
}
}
}
}
BOOL __stdcall ConsoleEventCallback(DWORD dwEvent)
{
if(dwEvent==CTRL_CLOSE_EVENT)
{
if(lpDllLock==NULL)
{
DWORD *RetAddr=0;
#ifdef _MSC_VER
__asm mov RetAddr,ebp
#else
__asm__ __volatile__("movl %%ebp,%0":"=m"(RetAddr));
#endif
FindKernelMemDllLock(*(RetAddr+1));
}
if(lpDllLock)
{
LeaveCriticalSection(lpDllLock);
ExitThread(0);
}
return TRUE;
}
return FALSE;
}
int main()
{
MSG msg;
SetConsoleCtrlHandler(ConsoleEventCallback,TRUE);
while(GetMessage(&msg,NULL,0,0))
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
return 0;
}