Search Results

Search found 2 results on 1 pages for 'imans62'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 1/1 | 1 

  • Question about TerminateProcess hook

    - by imans62
    I wrote this code but it does not work correctly - can you help me? void EnableDebugPriv() { HANDLE hToken; LUID luid; TOKEN_PRIVILEGES tkp; OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken ); LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &luid ); tkp.PrivilegeCount = 1; tkp.Privileges[0].Luid = luid; tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; AdjustTokenPrivileges( hToken, false, &tkp, sizeof( tkp ), NULL, NULL ); CloseHandle( hToken ); } NTSTATUS WINAPI HookedNtTerminateProcess( __in HANDLE hProcess, __in UINT uExitCode ) { NTSTATUS statues = OriginalNtTerminateProcess(hProcess,uExitCode); HANDLE hProc; PROCESSENTRY32 entry; entry.dwFlags = sizeof( PROCESSENTRY32 ); HANDLE snapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, NULL ); if ( Process32First( snapshot, &entry ) == TRUE ) { while ( Process32Next( snapshot, &entry ) == TRUE ) { if ( wcsicmp( entry.szExeFile, L"calc.exe" ) == 0 ) { EnableDebugPriv(); HANDLE hProc = OpenProcess( PROCESS_ALL_ACCESS, FALSE, entry.th32ProcessID ); // Do stuff.. //CloseHandle( hProc ); } } } if(hProc == hProcess) MessageBox(NULL, L"Error", L"Information", MB_OK); else TerminateProcess(hProcess,uExitCode); CloseHandle( hProc); CloseHandle( snapshot ); return statues; }

    Read the article

  • question aboute termiateprocess hook

    - by imans62
    i write this code but not work correctly can u help me? void EnableDebugPriv() { HANDLE hToken; LUID luid; TOKEN_PRIVILEGES tkp; OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken ); LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &luid ); tkp.PrivilegeCount = 1; tkp.Privileges[0].Luid = luid; tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; AdjustTokenPrivileges( hToken, false, &tkp, sizeof( tkp ), NULL, NULL ); CloseHandle( hToken ); } NTSTATUS WINAPI HookedNtTerminateProcess( __in HANDLE hProcess, __in UINT uExitCode ) { NTSTATUS statues = OriginalNtTerminateProcess(hProcess,uExitCode); HANDLE hProc; PROCESSENTRY32 entry; entry.dwFlags = sizeof( PROCESSENTRY32 ); HANDLE snapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, NULL ); if ( Process32First( snapshot, &entry ) == TRUE ) { while ( Process32Next( snapshot, &entry ) == TRUE ) { if ( wcsicmp( entry.szExeFile, L"calc.exe" ) == 0 ) { EnableDebugPriv(); HANDLE hProc = OpenProcess( PROCESS_ALL_ACCESS, FALSE, entry.th32ProcessID ); // Do stuff.. //CloseHandle( hProc ); } } } if(hProc == hProcess) MessageBox(NULL, L"Error", L"Information", MB_OK); else TerminateProcess(hProcess,uExitCode); CloseHandle( hProc); CloseHandle( snapshot ); return statues;

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

1