body
{
font-family: 微软雅黑,"Microsoft YaHei", Georgia,Helvetica,Arial,sans-serif,宋体, PMingLiU,serif;
font-size: 10.5pt;
line-height: 1.5;
}
html, body
{
}
h1 {
font-size:1.5em;
font-weight:bold;
}
h2 {
font-size:1.4em;
font-weight:bold;
}
h3 {
font-size:1.3em;
font-weight:bold;
}
h4 {
font-size:1.2em;
font-weight:bold;
}
h5 {
font-size:1.1em;
font-weight:bold;
}
h6 {
font-size:1.0em;
font-weight:bold;
}
img {
border:0;
max-width: 100%;
height: auto !important;
}
blockquote {
margin-top:0px;
margin-bottom:0px;
}
table {
border-collapse:collapse;
border:1px solid #bbbbbb;
}
td {
border-collapse:collapse;
border:1px solid #bbbbbb;
}
windows创建进程的函数:
把这个函数劫持之后注射到 explore.exe进程中即可。
现在注射到印象笔记中测试:
#include<stdio.h>
#include<windows.h>
#include<string.h>
#include"detours.h"
#pragma comment (lib ,"detours.lib" )
BOOL(WINAPI * oldCreateProcessW)(
LPCWSTR lpApplicationName,
LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation
) = CreateProcessW;
BOOL WINAPI newCreateProcessW(
LPCWSTR lpApplicationName,
LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes ,
LPSECURITY_ATTRIBUTES lpThreadAttributes ,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo ,
LPPROCESS_INFORMATION lpProcessInformation
) {
MessageBoxA(0, "系统进程已被劫持!" , "系统警告" , 0);
return 0;
}
void Hook()
{
DetourRestoreAfterWith(); //恢复原来状态,
DetourTransactionBegin(); //拦截开始
DetourUpdateThread(GetCurrentThread()); //刷新当前线程
DetourAttach(( void **)&oldCreateProcessW, newCreateProcessW); //实现函数拦截
DetourTransactionCommit(); //拦截生效
}
void UnHook()
{
DetourTransactionBegin(); //拦截开始
DetourUpdateThread(GetCurrentThread()); //刷新当前线程
DetourDetach(( void **)&oldCreateProcessW, newCreateProcessW); //撤销拦截函数
DetourTransactionCommit(); //拦截生效
}
_declspec(dllexport ) void go(){
MessageBoxA(0, "系统进程劫持成功!" , "系统信息" , 0);
int i = 0;
while (i++ < 60){
Hook();
Sleep(1000);
}
UnHook();
}
劫持成功:
打开帮助的入门指南的时候: