|
[求助]拦截 zwcreatefile 怎么不成功啊!!!!!
好的,,,多谢指点 |
|
[求助]拦截 zwcreatefile 怎么不成功啊!!!!!
我是返回的STATUS_ACCESS_DENIED啊,,,,代码没问题,,,用记事本就可以栏截,,,用AUTOCAD 就不行??? |
|
[求助]拦截 zwcreatefile 怎么不成功啊!!!!!
用DLL HOOK API 拦截发现,,程序确实用了 createfile ,,,驱动+DLL 拦截,,都不成功,,,WHY? HANDLE WINAPI MyCreateFileA ( LPCTSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile ) { TCHAR exe[256]={0}; GetModuleFileName(NULL,exe,256); TCHAR tmp[256]={0}; char *p=(char *)lpFileName; sprintf(tmp,"[%d]%s,CreateFileA:%s\n",gnum++,exe,lpFileName); if(dwCreationDisposition & CREATE_NEW) if(strlen(p)>4&& !_strnicmp(p+strlen(p)-4,".dwg",4) && udoscmp((char *)lpFileName)) { MessageBoxA(0,"","what are you doing noe",MB_OK); //DeleteFile(lpFileName); return 0; } OutputDebugString(tmp); return TrueCreateFileA ( lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile ); } |
|
[求助]拦截 zwcreatefile 怎么不成功啊!!!!!
老外写的东西就是不一样?????不知道它是怎么创建的??? |
|
[求助]拦截 zwcreatefile 怎么不成功啊!!!!!
NTSTATUS HookZwCreateFile( OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER AllocationSize OPTIONAL, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG CreateDisposition, IN ULONG CreateOptions, IN PVOID EaBuffer OPTIONAL, IN ULONG EaLength ) { UNICODE_STRING ufilename; ANSI_STRING afilename; char * p; int i=0; ufilename=*(ObjectAttributes->ObjectName); RtlUnicodeStringToAnsiString(&afilename,&ufilename,TRUE); p=afilename.Buffer; DbgPrint("createfile :%s\n",afilename.Buffer); DbgPrint("ext:%s\n",p+strlen(p)-4); if(strlen(p)>12) if( /* ( ((CreateDisposition & FILE_CREATE) ) || ((CreateDisposition & FILE_OPEN_IF) ) || ((CreateDisposition & FILE_OVERWRITE_IF) ) || ((CreateDisposition & FILE_SUPERSEDE) ) ) && */ (!_strnicmp(p+strlen(p)-4,".dwg",4)) && udoscmp(p+4) ) { DbgPrint("filter\n"); return STATUS_ACCESS_DENIED; } //ExFreePool(ufilename.Buffer); return RealZwCreateFile ( FileHandle, DesiredAccess, ObjectAttributes, IoStatusBlock, AllocationSize, FileAttributes, ShareAccess, CreateDisposition, CreateOptions, EaBuffer, EaLength ); } 代码没什么问题吧??? 其它的程序都可以拦截,,,就autocad.exe 拦截不了,,,文件还是被创建了,,,??? |
|
[求助]拦截 zwcreatefile 怎么不成功啊!!!!!
我刚刚在网上找了一下,,好像还有个zwopenfile 也可以创建文件的,,,先试一下,,, |
|
[求助]拦截 zwcreatefile 怎么不成功啊!!!!!
没人遇到过这各问题吗?????? |
|
[原创]发布Windows CE API 手册 (资源)
大牛;;膜拜 |
|
[原创][公开源代码]完美、诛仙等游戏验证码答题反外挂系统的初级识别程序
太强大了 牛人[] |
|
[推荐]一段不错的DLL自删除代码
不错,,多谢了 |
|
[求助]怎么禁止COPY 指定目录???急急
怎么追踪 ControlCode 啊,,,是那两个IRP啊 |
|
[求助]怎么禁止COPY 指定目录???急急
怎么了,,各位哥说一下啊 |
|
[求助]怎么禁止COPY 指定目录???急急
让读啊,,就是不能用ctrl +C ctrl+V 复制,,就可以了... |
|
[求助]怎么禁止COPY 指定目录???急急
那怎么怎么知道他是写还是读啊??? |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值