文件名称:驱动程序保护进程(修改SSDT方式)源码
文件大小:40KB
文件格式:RAR
更新时间:2014-07-29 19:37:49
驱动 保护 进程 SSDT
typedef NTSTATUS (*ZWOPENPROCESS)( OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PCLIENT_ID ClientId ); NTSYSAPI NTSTATUS NTAPI ZwOpenProcess ( OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PCLIENT_ID ClientId ); ZWOPENPROCESS OldZwOpenProcess; NTSTATUS NewZwOpenProcess ( OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PCLIENT_ID ClientId ) { NTSTATUS ntStatus; ntStatus = ((ZWOPENPROCESS)(OldZwOpenProcess)) ( ProcessHandle, DesiredAccess, ObjectAttributes, ClientId ); if(ClientId->UniqueProcess == (HANDLE)ulPID) *ProcessHandle = NULL; return ntStatus; }
【文件预览】:
Protect
----Protect.sln(5KB)
----Release()
--------Protect.sys(3KB)
--------Win32_Demo.exe(61KB)
----Protect.suo(15KB)
----Protect()
--------sources(228B)
--------Protect.vsprops(289B)
--------Protect.W7.vcproj(6KB)
--------makefile(260B)
--------Protect.c(5KB)
----Win32_Demo()
--------stdafx.h(233B)
--------targetver.h(498B)
--------Win32_Demo.cpp(4KB)
--------stdafx.cpp(215B)
--------ReadMe.txt(1KB)
--------Win32_Demo.vcproj(4KB)