这个非常简单啊!
你可以看看我的一个代码就知道了
#include "stdafx.h"
#include <Windows.h>
#include "../BPHookFunction/BPHookFunction.h"
typedef VOID (*PRtlCopyMemory)(
_Out_ VOID UNALIGNED *Destination,
_In_ const VOID UNALIGNED *Source,
_In_ SIZE_T Length
);
VOID MyRtlCopyMemory(
_Out_ VOID UNALIGNED *Destination,
_In_ const VOID UNALIGNED *Source,
_In_ SIZE_T Length
);
PRtlCopyMemory NtDllMemcpy = 0,NtDllMemcpy2=0;
ULONGLONG Num = 0;
CRITICAL_SECTION g_cs;
int _tmain(int argc, _TCHAR* argv[])
{
ULONGLONG m_Num = 0;
WCHAR Buffer[_MAX_PATH]={0};
WCHAR Buffer2[_MAX_PATH]={0};
wcscpy(Buffer,L"Test");
::InitializeCriticalSection(&g_cs);
EnterCriticalSection(&g_cs);
Num = 0;
LeaveCriticalSection(&g_cs);
NtDllMemcpy= (PRtlCopyMemory)GetProcAddress(::GetDllModuleHandleW(L"Ntdll.dll"),"memcpy");
NtDllMemcpy2=NtDllMemcpy;
SetInlineHook((PVOID*)&NtDllMemcpy,MyRtlCopyMemory);
EnterCriticalSection(&g_cs);
Num = 1;
LeaveCriticalSection(&g_cs);
NtDllMemcpy2(&Buffer2,&Buffer,sizeof(Buffer2));
return 0;
}
VOID MyRtlCopyMemory(
_Out_ VOID UNALIGNED *Destination,
_In_ const VOID UNALIGNED *Source,
_In_ SIZE_T Length
)
{
ULONGLONG m_Num=0;
EnterCriticalSection(&g_cs);
m_Num=Num;
LeaveCriticalSection(&g_cs);
if(m_Num!=0)
NtDllMemcpy(Destination,Source,Length);
}
这个程序需要的库和头文件我上传在了我自己的一个帖子这里了,地址
http://bbs.pediy.com/showthread.php?t=206885