劫持系統進程禁止建立文件

#include <stdio.h>

#include <windows.h>

#include <string.h>

#include "detours.h"

#pragma comment ( lib , "detours.lib" )

HANDLE ( WINAPI * oldCreateFileW)(

        _In_ LPCWSTR lpFileName,

        _In_ DWORD dwDesiredAccess,

        _In_ DWORD dwShareMode,

        _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes,

        _In_ DWORD dwCreationDisposition,

        _In_ DWORD dwFlagsAndAttributes,

        _In_opt_ HANDLE hTemplateFile

       ) = CreateFileW;

HANDLE WINAPI newCreateFileW(

        _In_ LPCWSTR lpFileName ,

        _In_ DWORD dwDesiredAccess ,

        _In_ DWORD dwShareMode ,

        _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes ,

        _In_ DWORD dwCreationDisposition ,

        _In_ DWORD dwFlagsAndAttributes ,

        _In_opt_ HANDLE hTemplateFile

       ){

       MessageBoxA(0, "劫持成功！" , "系統信息" , 0);

        return 0;

}

void Hook()

{

       DetourRestoreAfterWith(); //恢復原來狀態,

       DetourTransactionBegin(); //攔截開始

       DetourUpdateThread(GetCurrentThread()); //刷新當前線程

       DetourAttach(( void **)&oldCreateFileW, newCreateFileW); //實現函數攔截

       DetourTransactionCommit(); //攔截生效

}

void UnHook()

{

       DetourTransactionBegin(); //攔截開始

       DetourUpdateThread(GetCurrentThread()); //刷新當前線程

       DetourDetach(( void **)&oldCreateFileW, newCreateFileW); //撤銷攔截函數

       DetourTransactionCommit(); //攔截生效

}

_declspec ( dllexport ) void go(){

        MessageBoxA(0, "系統進程劫持成功！" , "系統信息" , 0);

        int i = 0;

        while (1){

              Hook();

               if (i == 60){

                     UnHook();

                      break ;

              }

              Sleep(1000);

       }

}

來自爲知筆記(Wiz)