暂时放下 - 润新知

暂时放下

_declspec (naked )
void fake_my_native_api(PKAPC Apc, PVOID SystemArgument1, PVOID SystemArgument2, KPRIORITY Increment )
{

/* ULONG ptarget_thread;
ULONG ptarget_process;

ULONG pcurrent_process;

PUCHAR ptarget_process_name;
PUCHAR pcurrent_process_name;

__asm
{
  push ebp;
  mov ebp, esp;
  pushad;
}

ptarget_thread   = (ULONG)(Apc->Thread);
ptarget_process   = *(PULONG)(ptarget_thread + 0x220);

ptarget_process_name = (PUCHAR)(ptarget_process + 0x174);

    pcurrent_process  = *(PULONG)PsGetCurrentProcess();
pcurrent_process_name   = (PUCHAR)(pcurrent_process + 0x174);

if( _stricmp( ptarget_process_name, "notepad.exe") == 0 )
{
  if( _stricmp(pcurrent_process_name, "notepad.exe") != 0 )
  {
   __asm
   {
    mov eax, 0x0;
    popad;
    pop ebp;
    ret;
   }
  }
}

else
{
  __asm
  {
   popad;
   pop ebp;
   jmp fake_proxy_my_native_api;
  }
}
*/

__asm
{
  jmp fake_proxy_my_native_api;
}

}
相关阅读:
文档01_基础
 文档07_JavaScript_ajax
文档02_JavaScript
文档06_JavaScript_面相对象
 文档05_JavaScript_节点
 文档06_Asp.net2.0_01
文档04_JavaScript_事件
 文档05_多线程
 文档03_JavaScript_函数
 根据日期计算星座
原文地址：https://www.cnblogs.com/herso/p/1439375.html

Copyright © 2020-2023 润新知