|
#include <ntddk.h>
#include "ntifs.h"
#include "hook.h"
#include <windef.h>
NTSTATUS NewNtGetContextThread(
IN HANDLE ThreadHandle,
OUT PCONTEXT Context
);
int ProcessNameOffset;
typedef ULONG (*NTGETCONTEXTTHREAD)(HANDLE, PCONTEXT);
NTGETCONTEXTTHREAD OriginalNtGetContextThread;
ULONG NtGetContextThread_callnumber = 0x0055;
#define SYSCALL_INDEX(_function) *(PULONG)((PUCHAR)_function+1)
#define SYSTEMSERVICE(_callnumber) KeServiceDescriptorTable->ServiceTable[_callnumber]
PEPROCESS PeProcess;
void hook()
{
ProcessNameOffset = 0;
PeProcess = PsGetCurrentProcess();
OriginalNtGetContextThread = SYSTEMSERVICE(NtGetContextThread_callnumber);
SYSTEMSERVICE(NtGetContextThread_callnumber) = (PVOID)NewNtGetContextThread;
__asm{
push eax
mov eax, CR0
or eax, NOT 0x0FFFEFFFF
mov CR0, eax
pop eax
sti
}
}
NTSTATUS NewNtGetContextThread(HANDLE hThread, PCONTEXT pContext)
{
while (ProcessNameOffset != 9999999999) {
ProcessNameOffset++;
PeProcess = PsGetCurrentProcess();
if (strncmp("GAMEMON.DES", (const char *)(PeProcess + ProcessNameOffset), 11)){
return STATUS_SUCCESS;
}
return OriginalNtGetContextThread(hThread, pContext);
}
return OriginalNtGetContextThread(hThread, pContext);
}
|
נושאים פעילים
רשימת משתמשים
חיפוש
עזרה
הרשמה
התחברות
UnderWarrior Forums : 
תיכנות
