question aboute termiateprocess hook
Posted
by imans62
on Stack Overflow
See other posts from Stack Overflow
or by imans62
Published on 2010-05-16T09:15:43Z
Indexed on
2010/05/16
9:20 UTC
Read the original article
Hit count: 175
Filed under:
hook
i write this code but not work correctly can u help me?
void EnableDebugPriv() { HANDLE hToken; LUID luid; TOKEN_PRIVILEGES tkp;
OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken );
LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &luid );
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = luid;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges( hToken, false, &tkp, sizeof( tkp ), NULL, NULL );
CloseHandle( hToken );
} NTSTATUS WINAPI HookedNtTerminateProcess( __in HANDLE hProcess, __in UINT uExitCode ) { NTSTATUS statues = OriginalNtTerminateProcess(hProcess,uExitCode); HANDLE hProc;
PROCESSENTRY32 entry;
entry.dwFlags = sizeof( PROCESSENTRY32 );
HANDLE snapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, NULL );
if ( Process32First( snapshot, &entry ) == TRUE ) {
while ( Process32Next( snapshot, &entry ) == TRUE ) {
if ( wcsicmp( entry.szExeFile, L"calc.exe" ) == 0 ) {
EnableDebugPriv();
HANDLE hProc = OpenProcess( PROCESS_ALL_ACCESS, FALSE, entry.th32ProcessID );
// Do stuff..
//CloseHandle( hProc );
}
}
}
if(hProc == hProcess) MessageBox(NULL, L"Error", L"Information", MB_OK); else TerminateProcess(hProcess,uExitCode);
CloseHandle( hProc); CloseHandle( snapshot );
return statues;
© Stack Overflow or respective owner
