颈椎牵引架方法和时间:Hook SSDT NtOpenProcess的完整代码
来源:百度文库 编辑:偶看新闻 时间:2024/04/29 01:44:52
以下是通过Hook SSDT NtOpenProcess保护进程的完整代码,对喜欢HOOK的初学者帮助很大
驱动代码Protect.C:#include "ntddk.h"
#define NT_DEVICE_NAME L"\\Device\\ProtectProcess"
#define DOS_DEVICE_NAME L"\\DosDevices\\ProtectProcess"
#define IOCTL_PROTECT_CONTROL CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED, FILE_ANY_ACCESS)
NTSTATUS DispatchDeviceControl(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp);
VOID OnUnload(IN PDRIVER_OBJECT DriverObject);
#pragma pack(1) //SSDT表的结构
typedef struct ServiceDescriptorEntry {
unsigned int *ServiceTableBase;
unsigned int *ServiceCounterTableBase; //Used only in checked build
unsigned int NumberOfServices;
unsigned char *ParamTableBase;
} ServiceDescriptorTableEntry_t, *PServiceDescriptorTableEntry_t;
#pragma pack()
__declspec(dllimport) ServiceDescriptorTableEntry_t KeServiceDescriptorTable; //变量名是不能变的,因为是从外部导入
//这个是查询某个函数的地址的一个宏
#define SYSTEMSERVICE(_function) KeServiceDescriptorTable.ServiceTableBase[*(PULONG)((PUCHAR)_function+1)]
NTSYSAPI NTSTATUS NTAPI ZwOpenProcess(OUT PHANDLE ProcessHandle,IN ACCESS_MASK DesiredAccess,IN POBJECT_ATTRIBUTES ObjectAttributes,IN PCLIENT_ID ClientId OPTIONAL);
typedef NTSTATUS (*ZWOPENPROCESS)(OUT PHANDLE ProcessHandle,IN ACCESS_MASK DesiredAccess,IN POBJECT_ATTRIBUTES ObjectAttributes,IN PCLIENT_ID ClientId OPTIONAL);
ZWOPENPROCESS OldZwOpenProcess;
long pid = -1;
NTSTATUS NewZwOpenProcess(OUT PHANDLE ProcessHandle,IN ACCESS_MASK DesiredAccess,IN POBJECT_ATTRIBUTES ObjectAttributes,IN PCLIENT_ID ClientId OPTIONAL)
{
//用来替换的新函数
NTSTATUS nStatus = STATUS_SUCCESS;
if((long)ClientId->UniqueProcess == pid)
{
DbgPrint("保护进程 PID:%ld\n",pid);
return STATUS_ACCESS_DENIED;
}
//剩下的交给我们的原函数
nStatus = OldZwOpenProcess(ProcessHandle,DesiredAccess,ObjectAttributes,ClientId);
return STATUS_SUCCESS;
}
VOID OnUnload(IN PDRIVER_OBJECT DriverObject)
{
//卸载时会调用
UNICODE_STRING DeviceLinkString;
PDEVICE_OBJECT DeviceObjectTemp1=NULL;
PDEVICE_OBJECT DeviceObjectTemp2=NULL;
DbgPrint("驱动程序卸载...\n");
RtlInitUnicodeString(&DeviceLinkString,DOS_DEVICE_NAME);
IoDeleteSymbolicLink(&DeviceLinkString);
if(DriverObject)
{
DeviceObjectTemp1=DriverObject->DeviceObject;
while(DeviceObjectTemp1)
{
DeviceObjectTemp2=DeviceObjectTemp1;
DeviceObjectTemp1=DeviceObjectTemp1->NextDevice;
IoDeleteDevice(DeviceObjectTemp2);
}
}
DbgPrint("设备已经卸载\n");
DbgPrint("修复SSDT表\n");
(ZWOPENPROCESS)(SYSTEMSERVICE(ZwOpenProcess)) = OldZwOpenProcess;
DbgPrint("驱动卸载完毕.\n");
}
NTSTATUS DispatchDeviceControl(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp)
{
//IRP_MJ_DEVICE_CONTROL的响应函数
NTSTATUS nStatus = STATUS_SUCCESS;
ULONG IoControlCode = 0;
PIO_STACK_LOCATION IrpStack = NULL;
long* inBuf = NULL;
char* outBuf = NULL;
ULONG inSize = 0;
ULONG outSize = 0;
PCHAR buffer = NULL;
PMDL mdl = NULL;
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;
IrpStack = IoGetCurrentIrpStackLocation(Irp);
switch(IrpStack->MajorFunction)
{
case IRP_MJ_CREATE:
DbgPrint("IRP_MJ_CREATE 被调用\n");
break;
case IRP_MJ_CLOSE:
DbgPrint("IRP_MJ_CLOSE 被调用\n");
break;
case IRP_MJ_DEVICE_CONTROL:
DbgPrint("IRP_MJ_DEVICE_CONTROL 被调用\n");
IoControlCode = IrpStack->Parameters.DeviceIoControl.IoControlCode;
switch(IoControlCode)
{
case IOCTL_PROTECT_CONTROL:
inSize = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
outSize = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
inBuf = (long*)Irp->AssociatedIrp.SystemBuffer;
pid = *inBuf;
DbgPrint("===========================\n");
DbgPrint("IOCTL_PROTECT_CONTROL 被调用,通讯成功!\n");
DbgPrint("输入缓冲区大小: %d\n",inSize);
DbgPrint("输出缓冲区大小: %d\n",outSize);
DbgPrint("输入缓冲区内容: %ld\n",*inBuf);
DbgPrint("当前保护进程ID: %ld\n",pid);
DbgPrint("===========================\n");
strcpy(Irp->UserBuffer,"OK!\n");
break;
default:
break;
}
break;
default:
DbgPrint("未知请求包被调用\n");
break;
}
nStatus = Irp->IoStatus.Status;
IoCompleteRequest(Irp,IO_NO_INCREMENT);
return nStatus;
}
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject,IN PUNICODE_STRING theRegistryPath)
{
//驱动入口函数
NTSTATUS ntStatus = STATUS_SUCCESS;
UNICODE_STRING ntDeviceName;
UNICODE_STRING DeviceLinkString;
PDEVICE_OBJECT deviceObject = NULL;
DbgPrint("驱动程序加载...\n");
RtlInitUnicodeString( &ntDeviceName, NT_DEVICE_NAME );
ntStatus = IoCreateDevice(
DriverObject,
0,
&ntDeviceName,
FILE_DEVICE_UNKNOWN,
0,
FALSE,
&deviceObject );
if ( !NT_SUCCESS( ntStatus ) )
{
DbgPrint("无法创建驱动设备");
return ntStatus;
}
RtlInitUnicodeString(&DeviceLinkString,DOS_DEVICE_NAME);
ntStatus=IoCreateSymbolicLink(&DeviceLinkString,&ntDeviceName);
if(!NT_SUCCESS(ntStatus))
{
return ntStatus;
}
DriverObject->MajorFunction[IRP_MJ_CREATE] = DispatchDeviceControl;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = DispatchDeviceControl;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DispatchDeviceControl;
DriverObject->DriverUnload = OnUnload;
DbgPrint("驱动程序已经启动\n");
DbgPrint("修改SSDT表...\n");
//修改 ZwOpenProcess 函数地址
OldZwOpenProcess =(ZWOPENPROCESS)(SYSTEMSERVICE(ZwOpenProcess));
(ZWOPENPROCESS)(SYSTEMSERVICE(ZwOpenProcess)) = NewZwOpenProcess;
DbgPrint("驱动程序加载完毕.\n");
return STATUS_SUCCESS;
}
复制代码
安装驱动的源代码:#include
#include
#include
#include
#define BUF_SIZE 4096
int main(int argc,char* argv[])
{
char path[BUF_SIZE];
char base[BUF_SIZE];
char sername[BUF_SIZE];
char disname[BUF_SIZE];
memset(path,0,BUF_SIZE);
memset(base,0,BUF_SIZE);
memset(sername,0,BUF_SIZE);
memset(disname,0,BUF_SIZE);
SC_HANDLE rh = NULL;
SC_HANDLE sh = NULL;
if (argc == 1)
{
printf("use: install/start/uninstall\n");
exit(0);
}
::GetModuleFileName(0,base,BUF_SIZE);
int p = strlen(base);
while(base[p] != '\\'){p--;}
strncpy(path,base,p+1);
memset(base,0,BUF_SIZE);
sprintf(base,"%sInstall.ini",path);
memset(path,0,BUF_SIZE);
::GetPrivateProfileString("Config","Path","",path,BUF_SIZE,base);
::GetPrivateProfileString("Config","ServiceName","",sername,BUF_SIZE,base);
::GetPrivateProfileString("Config","DisplayName","",disname,BUF_SIZE,base);
printf("[*]Service Name:%s\n",sername);
printf("[*]Display Name:%s\n",disname);
printf("[*]Driver Path:%s\n",path);
sh = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
if (!sh){
printf("[-]Error OpenSCManger.\n");
exit(0);
}
if (argc == 2 && !strcmp(argv[1],"install"))
{
if (!strcmp(path,""))
{
printf("[-]error read Install.ini\n");
exit(0);
}
rh = CreateService(sh,sername,disname,
SERVICE_ALL_ACCESS,
SERVICE_KERNEL_DRIVER,
//{
//SERVICE_SYSTEM_START,
SERVICE_DEMAND_START,
//}
SERVICE_ERROR_NORMAL,
path,
NULL,NULL,NULL,NULL,NULL);
if (!rh){
printf("[-]error CreateService.\n");
exit(0);
}
printf("[-]Install Service Complete...\n");
}else if (argc == 2 && !strcmp(argv[1],"start"))
{
rh = OpenService(sh,sername,SERVICE_ALL_ACCESS);
if (!rh){
printf("error OpenService.\n");
exit(0);
}
StartService(rh,NULL,NULL);
printf("[-]Start Service Complete...\n");
}else if (argc == 2 && !strcmp(argv[1],"uninstall"))
{
rh = OpenService(sh,sername,SERVICE_ALL_ACCESS);
if (!rh){
printf("error OpenService.\n");
exit(0);
}
SERVICE_STATUS ss;
ControlService(rh,SERVICE_CONTROL_STOP,&ss);
printf("[-]Stop Service Complete...\n");
DeleteService(rh);
printf("[-]Delete Service Complete...\n");
}
CloseServiceHandle(rh);
CloseServiceHandle(sh);
return 1;
}
复制代码
调用驱动的应用程序代码:#include
#include
#include
#include
#define IOCTL_HELLO_CONTROL CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED, FILE_ANY_ACCESS)
int main(int argc,char* argv[])
{
long pid = 0;
char ret[4096];
DWORD ReBytes = 0;
HANDLE hDevice=CreateFile("\\\\.\\ProtectProcess",GENERIC_READ|GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
if(hDevice==INVALID_HANDLE_VALUE)
{
if (2 == GetLastError())
{
printf("驱动程序未注册\n");
}else
printf("CreateFile() GetLastError reports %d\n",GetLastError());
return FALSE;
}
memset(ret,0,4096);
printf("控制台版进程保护器\n");
printf("请输入需要保护的进程PID:");
scanf("%ld",&pid);
DeviceIoControl(hDevice,IOCTL_HELLO_CONTROL,&pid,sizeof(long),ret,4096,&ReBytes,NULL);
printf("Return Value:%s\n",ret);
CloseHandle(hDevice);
system("pause");
return 1;
}
复制代码
驱动代码Protect.C:#include "ntddk.h"
#define NT_DEVICE_NAME L"\\Device\\ProtectProcess"
#define DOS_DEVICE_NAME L"\\DosDevices\\ProtectProcess"
#define IOCTL_PROTECT_CONTROL CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED, FILE_ANY_ACCESS)
NTSTATUS DispatchDeviceControl(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp);
VOID OnUnload(IN PDRIVER_OBJECT DriverObject);
#pragma pack(1) //SSDT表的结构
typedef struct ServiceDescriptorEntry {
unsigned int *ServiceTableBase;
unsigned int *ServiceCounterTableBase; //Used only in checked build
unsigned int NumberOfServices;
unsigned char *ParamTableBase;
} ServiceDescriptorTableEntry_t, *PServiceDescriptorTableEntry_t;
#pragma pack()
__declspec(dllimport) ServiceDescriptorTableEntry_t KeServiceDescriptorTable; //变量名是不能变的,因为是从外部导入
//这个是查询某个函数的地址的一个宏
#define SYSTEMSERVICE(_function) KeServiceDescriptorTable.ServiceTableBase[*(PULONG)((PUCHAR)_function+1)]
NTSYSAPI NTSTATUS NTAPI ZwOpenProcess(OUT PHANDLE ProcessHandle,IN ACCESS_MASK DesiredAccess,IN POBJECT_ATTRIBUTES ObjectAttributes,IN PCLIENT_ID ClientId OPTIONAL);
typedef NTSTATUS (*ZWOPENPROCESS)(OUT PHANDLE ProcessHandle,IN ACCESS_MASK DesiredAccess,IN POBJECT_ATTRIBUTES ObjectAttributes,IN PCLIENT_ID ClientId OPTIONAL);
ZWOPENPROCESS OldZwOpenProcess;
long pid = -1;
NTSTATUS NewZwOpenProcess(OUT PHANDLE ProcessHandle,IN ACCESS_MASK DesiredAccess,IN POBJECT_ATTRIBUTES ObjectAttributes,IN PCLIENT_ID ClientId OPTIONAL)
{
//用来替换的新函数
NTSTATUS nStatus = STATUS_SUCCESS;
if((long)ClientId->UniqueProcess == pid)
{
DbgPrint("保护进程 PID:%ld\n",pid);
return STATUS_ACCESS_DENIED;
}
//剩下的交给我们的原函数
nStatus = OldZwOpenProcess(ProcessHandle,DesiredAccess,ObjectAttributes,ClientId);
return STATUS_SUCCESS;
}
VOID OnUnload(IN PDRIVER_OBJECT DriverObject)
{
//卸载时会调用
UNICODE_STRING DeviceLinkString;
PDEVICE_OBJECT DeviceObjectTemp1=NULL;
PDEVICE_OBJECT DeviceObjectTemp2=NULL;
DbgPrint("驱动程序卸载...\n");
RtlInitUnicodeString(&DeviceLinkString,DOS_DEVICE_NAME);
IoDeleteSymbolicLink(&DeviceLinkString);
if(DriverObject)
{
DeviceObjectTemp1=DriverObject->DeviceObject;
while(DeviceObjectTemp1)
{
DeviceObjectTemp2=DeviceObjectTemp1;
DeviceObjectTemp1=DeviceObjectTemp1->NextDevice;
IoDeleteDevice(DeviceObjectTemp2);
}
}
DbgPrint("设备已经卸载\n");
DbgPrint("修复SSDT表\n");
(ZWOPENPROCESS)(SYSTEMSERVICE(ZwOpenProcess)) = OldZwOpenProcess;
DbgPrint("驱动卸载完毕.\n");
}
NTSTATUS DispatchDeviceControl(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp)
{
//IRP_MJ_DEVICE_CONTROL的响应函数
NTSTATUS nStatus = STATUS_SUCCESS;
ULONG IoControlCode = 0;
PIO_STACK_LOCATION IrpStack = NULL;
long* inBuf = NULL;
char* outBuf = NULL;
ULONG inSize = 0;
ULONG outSize = 0;
PCHAR buffer = NULL;
PMDL mdl = NULL;
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;
IrpStack = IoGetCurrentIrpStackLocation(Irp);
switch(IrpStack->MajorFunction)
{
case IRP_MJ_CREATE:
DbgPrint("IRP_MJ_CREATE 被调用\n");
break;
case IRP_MJ_CLOSE:
DbgPrint("IRP_MJ_CLOSE 被调用\n");
break;
case IRP_MJ_DEVICE_CONTROL:
DbgPrint("IRP_MJ_DEVICE_CONTROL 被调用\n");
IoControlCode = IrpStack->Parameters.DeviceIoControl.IoControlCode;
switch(IoControlCode)
{
case IOCTL_PROTECT_CONTROL:
inSize = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
outSize = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
inBuf = (long*)Irp->AssociatedIrp.SystemBuffer;
pid = *inBuf;
DbgPrint("===========================\n");
DbgPrint("IOCTL_PROTECT_CONTROL 被调用,通讯成功!\n");
DbgPrint("输入缓冲区大小: %d\n",inSize);
DbgPrint("输出缓冲区大小: %d\n",outSize);
DbgPrint("输入缓冲区内容: %ld\n",*inBuf);
DbgPrint("当前保护进程ID: %ld\n",pid);
DbgPrint("===========================\n");
strcpy(Irp->UserBuffer,"OK!\n");
break;
default:
break;
}
break;
default:
DbgPrint("未知请求包被调用\n");
break;
}
nStatus = Irp->IoStatus.Status;
IoCompleteRequest(Irp,IO_NO_INCREMENT);
return nStatus;
}
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject,IN PUNICODE_STRING theRegistryPath)
{
//驱动入口函数
NTSTATUS ntStatus = STATUS_SUCCESS;
UNICODE_STRING ntDeviceName;
UNICODE_STRING DeviceLinkString;
PDEVICE_OBJECT deviceObject = NULL;
DbgPrint("驱动程序加载...\n");
RtlInitUnicodeString( &ntDeviceName, NT_DEVICE_NAME );
ntStatus = IoCreateDevice(
DriverObject,
0,
&ntDeviceName,
FILE_DEVICE_UNKNOWN,
0,
FALSE,
&deviceObject );
if ( !NT_SUCCESS( ntStatus ) )
{
DbgPrint("无法创建驱动设备");
return ntStatus;
}
RtlInitUnicodeString(&DeviceLinkString,DOS_DEVICE_NAME);
ntStatus=IoCreateSymbolicLink(&DeviceLinkString,&ntDeviceName);
if(!NT_SUCCESS(ntStatus))
{
return ntStatus;
}
DriverObject->MajorFunction[IRP_MJ_CREATE] = DispatchDeviceControl;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = DispatchDeviceControl;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DispatchDeviceControl;
DriverObject->DriverUnload = OnUnload;
DbgPrint("驱动程序已经启动\n");
DbgPrint("修改SSDT表...\n");
//修改 ZwOpenProcess 函数地址
OldZwOpenProcess =(ZWOPENPROCESS)(SYSTEMSERVICE(ZwOpenProcess));
(ZWOPENPROCESS)(SYSTEMSERVICE(ZwOpenProcess)) = NewZwOpenProcess;
DbgPrint("驱动程序加载完毕.\n");
return STATUS_SUCCESS;
}
复制代码
安装驱动的源代码:#include
#include
#include
#include
#define BUF_SIZE 4096
int main(int argc,char* argv[])
{
char path[BUF_SIZE];
char base[BUF_SIZE];
char sername[BUF_SIZE];
char disname[BUF_SIZE];
memset(path,0,BUF_SIZE);
memset(base,0,BUF_SIZE);
memset(sername,0,BUF_SIZE);
memset(disname,0,BUF_SIZE);
SC_HANDLE rh = NULL;
SC_HANDLE sh = NULL;
if (argc == 1)
{
printf("use: install/start/uninstall\n");
exit(0);
}
::GetModuleFileName(0,base,BUF_SIZE);
int p = strlen(base);
while(base[p] != '\\'){p--;}
strncpy(path,base,p+1);
memset(base,0,BUF_SIZE);
sprintf(base,"%sInstall.ini",path);
memset(path,0,BUF_SIZE);
::GetPrivateProfileString("Config","Path","",path,BUF_SIZE,base);
::GetPrivateProfileString("Config","ServiceName","",sername,BUF_SIZE,base);
::GetPrivateProfileString("Config","DisplayName","",disname,BUF_SIZE,base);
printf("[*]Service Name:%s\n",sername);
printf("[*]Display Name:%s\n",disname);
printf("[*]Driver Path:%s\n",path);
sh = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
if (!sh){
printf("[-]Error OpenSCManger.\n");
exit(0);
}
if (argc == 2 && !strcmp(argv[1],"install"))
{
if (!strcmp(path,""))
{
printf("[-]error read Install.ini\n");
exit(0);
}
rh = CreateService(sh,sername,disname,
SERVICE_ALL_ACCESS,
SERVICE_KERNEL_DRIVER,
//{
//SERVICE_SYSTEM_START,
SERVICE_DEMAND_START,
//}
SERVICE_ERROR_NORMAL,
path,
NULL,NULL,NULL,NULL,NULL);
if (!rh){
printf("[-]error CreateService.\n");
exit(0);
}
printf("[-]Install Service Complete...\n");
}else if (argc == 2 && !strcmp(argv[1],"start"))
{
rh = OpenService(sh,sername,SERVICE_ALL_ACCESS);
if (!rh){
printf("error OpenService.\n");
exit(0);
}
StartService(rh,NULL,NULL);
printf("[-]Start Service Complete...\n");
}else if (argc == 2 && !strcmp(argv[1],"uninstall"))
{
rh = OpenService(sh,sername,SERVICE_ALL_ACCESS);
if (!rh){
printf("error OpenService.\n");
exit(0);
}
SERVICE_STATUS ss;
ControlService(rh,SERVICE_CONTROL_STOP,&ss);
printf("[-]Stop Service Complete...\n");
DeleteService(rh);
printf("[-]Delete Service Complete...\n");
}
CloseServiceHandle(rh);
CloseServiceHandle(sh);
return 1;
}
复制代码
调用驱动的应用程序代码:#include
#include
#include
#include
#define IOCTL_HELLO_CONTROL CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED, FILE_ANY_ACCESS)
int main(int argc,char* argv[])
{
long pid = 0;
char ret[4096];
DWORD ReBytes = 0;
HANDLE hDevice=CreateFile("\\\\.\\ProtectProcess",GENERIC_READ|GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
if(hDevice==INVALID_HANDLE_VALUE)
{
if (2 == GetLastError())
{
printf("驱动程序未注册\n");
}else
printf("CreateFile() GetLastError reports %d\n",GetLastError());
return FALSE;
}
memset(ret,0,4096);
printf("控制台版进程保护器\n");
printf("请输入需要保护的进程PID:");
scanf("%ld",&pid);
DeviceIoControl(hDevice,IOCTL_HELLO_CONTROL,&pid,sizeof(long),ret,4096,&ReBytes,NULL);
printf("Return Value:%s\n",ret);
CloseHandle(hDevice);
system("pause");
return 1;
}
复制代码
ssdt是什么意思?
冰刃里的SSDT是什么意思?为什么有几条是红的?
QA Hook 是什么意思?
my HOOK ------什么意思
IE Seach Hook Hijacker
ON HOOK DIAL是什么意思?
hook是什么意思啊,急
hook游戏失败
提示: hook游戏失败
hook初始化失败
ON HOOK DIAL
hook游戏失败
HOOK 2 ERROR 提示
lifting hook 怎么翻译?
Hook up 是什么意思???
IE Search Hook Hijacher
冰刃 中的SPI BHO SSDT 消息钩子是什么意思?
为什么HOOK。DLL不能改名
hook sb. up 如何翻译?
Reaper hook v15 VAC Proof
IE Search HOOK Hi jacker
如何做hook拿下函数
WH_GETMESSAGE HOOK如何监视键盘输入
VC++ Hook API 挂钩任务管理器