我试图钩OpenProcess从的Kernel32.dll,以防止所谓的“注射器”从注入其他dll`s到我的过程的程序:C++挂钩kernel32.dll中OpenProcess与弯路
// -------------------------------------------------------------------
HANDLE WINAPI myOpenProcess(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId)
{
//
if (dwDesiredAccess == PROCESS_ALL_ACCESS || dwDesiredAccess == PROCESS_VM_OPERATION ||
dwDesiredAccess == PROCESS_VM_READ || dwDesiredAccess == PROCESS_VM_WRITE)
{
printf("Blcoked Process ID : %d , DesiredAccess : %d ", dwProcessId, dwDesiredAccess);
return false;
}
//
return dOpenProcess(dwDesiredAccess, bInheritHandle, dwProcessId);
}
什么我需要添加,以“检测”如果有人打开了“注入”的过程? 我不想“阻止”,我希望“发现”注射并决定要做什么。
当然,C++ :) – Mecanik
你在哪里看到C#的标签? – Mecanik
Ahhh对不起...它被自动添加oO – Mecanik