劫持系統進程禁止打開任何進程（5）

windows建立進程的函數：

把這個函數劫持以後注射到 explore.exe進程中便可。

如今注射到印象筆記中測試：

#include <stdio.h>

#include <windows.h>

#include <string.h>

#include "detours.h"

#pragma comment ( lib , "detours.lib" )

BOOL ( WINAPI * oldCreateProcessW)(

        LPCWSTR lpApplicationName,

        LPWSTR lpCommandLine,

        LPSECURITY_ATTRIBUTES lpProcessAttributes,

        LPSECURITY_ATTRIBUTES lpThreadAttributes,

        BOOL bInheritHandles,

        DWORD dwCreationFlags,

        LPVOID lpEnvironment,

        LPCWSTR lpCurrentDirectory,

        LPSTARTUPINFOW lpStartupInfo,

        LPPROCESS_INFORMATION lpProcessInformation

       ) = CreateProcessW;

BOOL WINAPI newCreateProcessW(

        LPCWSTR lpApplicationName ,

        LPWSTR lpCommandLine ,

        LPSECURITY_ATTRIBUTES lpProcessAttributes ,

        LPSECURITY_ATTRIBUTES lpThreadAttributes ,

        BOOL bInheritHandles ,

        DWORD dwCreationFlags ,

        LPVOID lpEnvironment ,

        LPCWSTR lpCurrentDirectory ,

        LPSTARTUPINFOW lpStartupInfo ,

        LPPROCESS_INFORMATION lpProcessInformation

       ) {

       MessageBoxA(0, "系統進程已被劫持！" , "系統警告" , 0);

        return 0;

}

void Hook()

{

       DetourRestoreAfterWith(); //恢復原來狀態,

       DetourTransactionBegin(); //攔截開始

       DetourUpdateThread(GetCurrentThread()); //刷新當前線程

       DetourAttach(( void **)&oldCreateProcessW, newCreateProcessW); //實現函數攔截

       DetourTransactionCommit(); //攔截生效

}

void UnHook()

{

       DetourTransactionBegin(); //攔截開始

       DetourUpdateThread(GetCurrentThread()); //刷新當前線程

       DetourDetach(( void **)&oldCreateProcessW, newCreateProcessW); //撤銷攔截函數

       DetourTransactionCommit(); //攔截生效

}

_declspec ( dllexport ) void go(){

       MessageBoxA(0, "系統進程劫持成功！" , "系統信息" , 0);

        int i = 0;

        while (i++ < 60){

              Hook();

              Sleep(1000);

       }

       UnHook();

}

劫持成功：

   

打開幫助的入門指南的時候：

來自爲知筆記(Wiz)