HOOK SSDT(inline hook)主要代码:
/*
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * *
* 更多游戏逆向视频www.yxfzedu.com *
* *
* 有任何问题请发邮件至service@yxfzedu.com *
* *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
*/
ULONG g_NtopenkeyAddr;
ULONG g_jmp_addr;
UCHAR g_original_code[5];
__declspec(naked) VOID NewNtOpenKey() {
__asm {
//pop eax;
//add esp, 4;
mov edi, edi;
push ebp
mov ebp, esp;
jmp g_jmp_addr;
}
}
VOID HookNtOpenKey() {
g_NtopenkeyAddr = KeServiceDescriptorTable.ServiceTableBase[182];
g_jmp_addr = g_NtopenkeyAddr + 5;
UCHAR code[5];
ULONG jmp_target;
jmp_target = (ULONG)NewNtOpenKey - g_NtopenkeyAddr - 5;
code[0] = 0xe9;
*(ULONG*)&code[1] = jmp_target;
PageProtectOFF();
//g_NtopenkeyAddr = code;
RtlCopyMemory(g_original_code, (PVOID)g_NtopenkeyAddr, 5);
RtlCopyMemory((PVOID)g_NtopenkeyAddr, code,5);
PageProtectOn();
}
VOID UnHookNtOpenKey() {
PageProtectOFF();
//g_NtopenkeyAddr = code;
RtlCopyMemory((PVOID)g_NtopenkeyAddr, g_original_code, 5);
PageProtectOn();
}
更多游戏逆向视频www.yxfzedu.com
网友评论