📄 tmext01.bat
字号:
;@GOTO TRANSLATE
;This example shows hooking WindowProcedures via RegisterClass
;Task managers have popup menus offering to perform various actions (not only) with processes.
;For example to end them. So how it is:
;1) TrackPopupMenu(Ex) - select End/Kill Process/Task
;2) OpenProcess
;3) MessageBox
;4) If Yes TerminateProcess
;But in ATM is 1 <-> 2.
;But W2K Task Manager refuses to end smss, csrss, winlogon, services a priori - so I
;will use Menu ID for Set Priority and will hook SetPriorityClass instead of using End process ID
;and hooking TerminateProcess
;A) Through RegisterClass and CreateDialogParam hook all WindowProc and DlgProc
;B) In hooked TrackPopupMenu(Ex): look for Apply Hooks menu item
; if it isn't there find menu item ID for Set Priority/Kill task/Kill process, store it
; and append menu item "Apply Hooks" with ID = ApplyHooksId
;C) In hooked OpenProcess save handle and ID of the last opened process
;D) In hooked WindowProc and DlgProc catch WM_COMMAND with ID = ApplyHooksId, replace it
; with stored Set Priority/Kill task/Kill process ID and go on
;E) In hooked MessageBox press Yes
;F) In hooked TerminateProcess/SetPriorityClass compare process handles and establish hooks
;0) All is coordinated by WatchTerminateProcess variable
.586P
.MODEL FLAT, STDCALL
OPTION CASEMAP: NONE
INCLUDE WINDOWS.inc
UNICODE = FALSE
INCLUDE APIMACRO.mac
INCLUDE ApiHooks.inc
INCLUDELIB iKERNEL32.lib
INCLUDELIB iUSER32.lib
INCLUDELIB iCOMDLG32.lib
INCLUDELIB iADVAPI32.lib
INCLUDELIB iApiHooks.lib
;------------------------------------------------------------------
.DATA
;Copy&Pasted from EDu32----------------------------------
OpenFName LABEL OPENFILENAME
XlStructSize DWORD SIZEOF OPENFILENAME
XhWndOwner DWORD NULL
XhInstance DWORD NULL
XlpstrFilter DWORD EXEFilter
XlpstrCustomFilter DWORD NULL
XnMaxCustFilter DWORD NULL
XnFilterIndex DWORD NULL
XlpstrFile DWORD szFileName
XnMaxFile DWORD 260
XlpstrFileTitle DWORD NULL
XnMaxFileTitle DWORD NULL
XlpstrInitialDir DWORD NULL
XlpstrTitle DWORD SelectDOSExecutable
XFlags DWORD OFN_FILEMUSTEXIST OR OFN_NOLONGNAMES
XnFileOffset WORD NULL
XnFileExtension WORD NULL
XlpstrDefExt DWORD NULL
XlCustData DWORD NULL
XlpfnHook DWORD NULL
XlpTemplateName DWORD NULL
SelectDOSExecutable BYTE "Select module to load...",0
EXEFilter BYTE "Dynamic Link Libraries (*.dll; *.ocx; *.vbx; *.drv)",0,"*.dll;*.ocx;*.vbx;*.drv",0,"All files (*.*)",0,"*.*",0,0
;-----------------------------------------------------------------
TEXTA ApplyHooks, <Load Module/0> ;my menu item
TEXTA KillTa, <Kill ta/0> ;ProcDump's Kill task
TEXTA KillPr, <Kill pr/0> ;ATM's Kill process
TEXTA SetPr, <Set &Pr/0> ;TASKMGR's Set Priority
TEXTA NorPr, </0>
TEXTA PKillPr, <&Kill Pr/0> ;PROCEXP's Kill Process
TEXT Hooks, <Task manager extension 01/0>
TEXT Applied, <Module loaded./0>
TEXT Failed, <Can/-t load module/:/0>
;-----------------------------------------------------------------
WndCode LABEL BYTE
PUSH 12345678H
PUSH OFFSET WndStub
RET
WndCodeL EQU $-WndCode
.DATA?
Counter DWORD ?
PID DWORD ?
PHD DWORD ?
OrigEIP DWORD ?
EndProcessId DWORD ?
OrigWndProc DWORD 16 DUP (?)
WatchTerminateProcess BYTE ?
InATM BYTE ?
szFileName BYTE MAX_PATH+1 DUP (?)
WndCodeStart BYTE 16*WndCodeL DUP (?)
.CODE
;------------------------------------------------------------------
TEXTA zKERNEL32, <KERNEL32.dll/0>
TEXTA zUSER32, <USER32.dll/0>
TEXTA zTrackPopupMenu, <TrackPopupMenu/0>
TEXTA zTrackPopupMenuEx, <TrackPopupMenuEx/0>
TEXTA zRegisterClassExA, <RegisterClassExA/0>
TEXTA zCreateDialogParamA,<CreateDialogParamA/0>
TEXTA zCreateDialogParamW,<CreateDialogParamW/0>
TEXTA zMessageBoxA, <MessageBoxA/0>
TEXTA zMessageBoxW, <MessageBoxW/0>
TEXTA zOpenProcess, <OpenProcess/0>
TEXTA zSetPriorityClass, <SetPriorityClass/0>
TEXTA zTerminateProcess, <TerminateProcess/0>
TEXTA zGetProcAddress, <GetProcAddress/0>
;------------------------------------------------------------------
FindMenuItemString PROC USES EBX ESI EDI, hMenu, IdString
LOCAL mii :MENUITEMINFO
LOCAL string[100] :BYTE
SUB EBX, EBX
MOV mii.cbSize, SIZEOF MENUITEMINFO
MOV mii.fMask, MIIM_TYPE OR MIIM_ID OR MIIM_SUBMENU ;OR MIIM_DATA
@@:
LEA ECX, string
LEA EAX, mii
MOV ESI, IdString
MOV mii.cch, 100
MOV mii.dwTypeData, ECX
iWin32 GetMenuItemInfoA, hMenu, EBX, TRUE, EAX
TEST EAX, EAX
JE FindFin
INC EBX
CMP mii.fType, MFT_STRING
JE CmpIt
CMP mii.fType, MFT_RADIOCHECK
JNE @B
CmpIt:
MOV EDI, mii.dwTypeData
MOV EAX, mii.wID ;dwItemData
MOV ECX, mii.hSubMenu
Compare:
CMP BYTE PTR [ESI], 0
JE FindFin
CMPSB
JNE @B
JMP Compare
FindFin:
RET
FindMenuItemString ENDP
ApplyHooksId = 0E1C2H
;------------------------------------------------------------------
;One routine for both TrackPopupMenu and TrackPopupMenuEx
NewTrackPopupMenu:
PUSH OrgTrackPopupMenu ;ProcDump
JMP @F
NewTrackPopupMenuEx:
PUSH OrgTrackPopupMenuEx ;ATM, TASKMGR
@@:
TrackP PROC xxx, hMenu
sWin32 FindMenuItemString, hMenu, sApplyHooks
TEST EAX, EAX
JNE @F
sWin32 FindMenuItemString, hMenu, sKillTa
TEST EAX, EAX
JNE Modify
sWin32 FindMenuItemString, hMenu, sKillPr
TEST EAX, EAX
JNE Modify
sWin32 FindMenuItemString, hMenu, sPKillPr
TEST EAX, EAX
JNE Modify
sWin32 FindMenuItemString, hMenu, sSetPr
TEST EAX, EAX
JE Notin
sWin32 FindMenuItemString, ECX, sNorPr
TEST EAX, EAX
JE Notin
Modify:
MOV EndProcessId, EAX
iWin32 AppendMenuA, hMenu, MF_SEPARATOR, EAX, EAX
iWin32 AppendMenuA, hMenu, MF_STRING, ApplyHooksId, sApplyHooks
@@:
MOV WatchTerminateProcess, 3
Notin:
LEAVE
RETN
TrackP ENDP
;------------------------------------------------------------------
CreateWndStub PROC USES ESI EDI
MOV EAX, Counter
MOV ECX, WndCodeL
MOV EDI, EAX
IMUL EDI, ECX ;WndCodeL
MOV ESI, OFFSET WndCode
ADD EDI, OFFSET WndCodeStart
MOV EDX, EDI
REP MOVSB
MOV [EDX+1], EAX
INC Counter
RET
CreateWndStub ENDP
NewRegisterClassExA: ;ProcDump
PUSH ESI
sWin32 CreateWndStub
MOV ESI, [ESP+08] ;lpWndClass
ASSUME ESI: PTR WNDCLASSEX
MOV ECX, [ESI].lpfnWndProc
MOV [ESI].lpfnWndProc, EDX
MOV OrigWndProc[EAX*4], ECX
POP ESI
JMP OrgRegisterClassExA
ASSUME ESI: NOTHING
;One routine for both CreateDialogParamA and CreateDialogParamW
NewCreateDialogParamA:
PUSH OrgCreateDialogParamA
MOV InATM, TRUE ;Only ATM calls CDPA, so I know
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -