body
{
font-family: 微软雅黑,"Microsoft YaHei", Georgia,Helvetica,Arial,sans-serif,宋体, PMingLiU,serif;
font-size: 10.5pt;
line-height: 1.5;
}
html, body
{
}
h1 {
font-size:1.5em;
font-weight:bold;
}
h2 {
font-size:1.4em;
font-weight:bold;
}
h3 {
font-size:1.3em;
font-weight:bold;
}
h4 {
font-size:1.2em;
font-weight:bold;
}
h5 {
font-size:1.1em;
font-weight:bold;
}
h6 {
font-size:1.0em;
font-weight:bold;
}
img {
border:0;
max-width: 100%;
height: auto !important;
}
blockquote {
margin-top:0px;
margin-bottom:0px;
}
table {
border-collapse:collapse;
border:1px solid #bbbbbb;
}
td {
border-collapse:collapse;
border:1px solid #bbbbbb;
}
注意release模式:
这里实现对tasklist指令的劫持,其它不劫持:
#include<stdio.h>
#include<windows.h>
#include<string.h>
#include"detours.h"
#pragma comment (lib ,"detours.lib" )
static int (*oldsystem)(const char * _Command) = system;
//全部劫持
int newsystemA(const char * _Command ){
//puts(_Command);
return 0;
}
//劫持过滤
int newsystem(const char * _Command ){
char*p = strstr( _Command, "mspaint");
if(!p){
oldsystem( _Command); //函数回调
return 1;
}
printf( "%s 劫持成功\n" , _Command );
return 0;
}
//开始拦截
void Hook()
{
DetourRestoreAfterWith(); //恢复原来状态,
DetourTransactionBegin(); //拦截开始
DetourUpdateThread(GetCurrentThread()); //刷新当前线程
//这里可以连续多次调用DetourAttach,表明HOOK多个函数
//printf("%p %p\n", &oldsystem, &newsystem);
DetourAttach(( void **)&oldsystem, newsystem); //实现函数拦截
//printf("%p %p\n", &oldsystem, &newsystem);
//
DetourTransactionCommit(); //拦截生效
}
//取消拦截
void UnHook()
{
DetourTransactionBegin(); //拦截开始
DetourUpdateThread(GetCurrentThread()); //刷新当前线程
//这里可以连续多次调用DetourDetach,表明撤销多个函数HOOK
DetourDetach(( void **)&oldsystem, newsystem); //撤销拦截函数
DetourTransactionCommit(); //拦截生效
}
int main(){
Hook();
getchar();
system( "calc");
getchar();
system( "notepad");
getchar();
system( "mspaint");
getchar();
return 0;
}