exitwinexe.cpp

Cracker终结者——提供最优秀的软件保护技术

#define WIN32_LEAN_AND_MEAN
//#define UNICODE
#ifdef UNICODE
  #define _UNICODE
#endif
#include <windows.h>
#include <tchar.h>
//#define AH_STATIC_LINKING
#include <ApiHooks.h>
//#define PW_STATIC_LINKING
#include <PrcWorks.h>

/////////////////////////////////////////////////////////
DWORD EnumPIDs(DWORD **pPIDs) {
  LONG r=0, s=r+1, t;
  DWORD *buf=NULL;
  while(s>r) { 
    r=s+0x100;  
    if(buf)
      LocalFree(buf);
    if(buf=(LPDWORD)LocalAlloc(LPTR, r*sizeof(LONG)))
       if((s = BuildPIDList(buf, r, PW_ALLSESSIONS)) == PW_MEMERROR)
         return((DWORD)LocalFree(buf));
       else
         *pPIDs = buf;
    else
      return(0);
  }
  return(s);
}
/////////////////////////////////////////////////////////
int APIENTRY sWinMain(VOID) {
  DWORD i, nPIDs, *PIDs;
  TCHAR Hooks_DLL[MAX_PATH];

  if((INT)GetVersion()>0)
    return(0);
                
  nPIDs = GetModuleFileName(NULL, Hooks_DLL, sizeof(Hooks_DLL)/sizeof(TCHAR));
  Hooks_DLL[nPIDs-1] = 'L';   
  Hooks_DLL[nPIDs-2] = 'L';   
  Hooks_DLL[nPIDs-3] = 'D';   

  nPIDs = EnumPIDs(&PIDs);

  if(EstablishApiHooks(NULL, Hooks_DLL, PIDs[0], 3000) == ErrorAWSuccess) {
    DWORD LACr = LoadAndCall(NULL, Hooks_DLL, PIDs[0], 3000, 0, _T("GetApiHookChain"), 1, &i);
    if((0<LACr) && (LACr<ErrorAHMin)) {
      for(i=1; i<nPIDs; i++)
        EstablishApiHooks(NULL, (LPCTSTR)LACr, PIDs[i], 3000);
      ((PAPI_HOOK)(LACr)+1)->dwFlags |= HOOK_EXPORT | HOOK_LOAD_EXPORT;
      EstablishApiHooks(NULL, (LPCTSTR)LACr, GetCurrentProcessId(), 3000);
    }
  }
            
  LocalFree(PIDs);
  return(0);
}

VOID APIENTRY xWinMain(VOID) {
  ExitProcess(sWinMain());
}