我試圖鉤OpenProcess從的Kernel32.dll,以防止所謂的「注射器」從注入其他dll`s到我的過程的程序:C++掛鉤kernel32.dll中OpenProcess與彎路
// -------------------------------------------------------------------
HANDLE WINAPI myOpenProcess(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId)
{
//
if (dwDesiredAccess == PROCESS_ALL_ACCESS || dwDesiredAccess == PROCESS_VM_OPERATION ||
dwDesiredAccess == PROCESS_VM_READ || dwDesiredAccess == PROCESS_VM_WRITE)
{
printf("Blcoked Process ID : %d , DesiredAccess : %d ", dwProcessId, dwDesiredAccess);
return false;
}
//
return dOpenProcess(dwDesiredAccess, bInheritHandle, dwProcessId);
}
什麼我需要添加,以「檢測」如果有人打開了「注入」的過程? 我不想「阻止」,我希望「發現」注射並決定要做什麼。
當然,C++ :) – Mecanik
你在哪裏看到C#的標籤? – Mecanik
Ahhh對不起...它被自動添加oO – Mecanik