劫持系统进程禁止创建文件

#include<stdio.h>

#include<windows.h>

#include<string.h>

#include"detours.h"

#pragma comment (lib ,"detours.lib" )

HANDLE(WINAPI * oldCreateFileW)(

        _In_ LPCWSTR lpFileName,

        _In_ DWORD dwDesiredAccess,

        _In_ DWORD dwShareMode,

        _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes,

        _In_ DWORD dwCreationDisposition,

        _In_ DWORD dwFlagsAndAttributes,

        _In_opt_ HANDLE hTemplateFile

       ) = CreateFileW;

HANDLE WINAPI newCreateFileW(

        _In_ LPCWSTR lpFileName,

        _In_ DWORD dwDesiredAccess,

        _In_ DWORD dwShareMode,

        _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes ,

        _In_ DWORD dwCreationDisposition,

        _In_ DWORD dwFlagsAndAttributes,

        _In_opt_ HANDLE hTemplateFile

       ){

       MessageBoxA(0, "劫持成功！" , "系统信息" , 0);

        return 0;

}

void Hook()

{

       DetourRestoreAfterWith(); //恢复原来状态,

       DetourTransactionBegin(); //拦截开始

       DetourUpdateThread(GetCurrentThread()); //刷新当前线程

       DetourAttach(( void **)&oldCreateFileW, newCreateFileW); //实现函数拦截

       DetourTransactionCommit(); //拦截生效

}

void UnHook()

{

       DetourTransactionBegin(); //拦截开始

       DetourUpdateThread(GetCurrentThread()); //刷新当前线程

       DetourDetach(( void **)&oldCreateFileW, newCreateFileW); //撤销拦截函数

       DetourTransactionCommit(); //拦截生效

}

_declspec(dllexport) void go(){

        MessageBoxA(0, "系统进程劫持成功！" , "系统信息" , 0);

        int i = 0;

        while (1){

              Hook();

               if (i == 60){

                     UnHook();

                      break;

              }

              Sleep(1000);

       }

}

来自为知笔记(Wiz)