Question about TerminateProcess hook
Posted
by imans62
on Stack Overflow
See other posts from Stack Overflow
or by imans62
Published on 2010-05-16T09:15:43Z
Indexed on
2010/05/16
9:30 UTC
Read the original article
Hit count: 210
I wrote this code but it does not work correctly - can you help me?
void EnableDebugPriv() {
HANDLE hToken;
LUID luid;
TOKEN_PRIVILEGES tkp;
OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken );
LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &luid );
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = luid;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges( hToken, false, &tkp, sizeof( tkp ), NULL, NULL );
CloseHandle( hToken );
}
NTSTATUS WINAPI HookedNtTerminateProcess(
__in HANDLE hProcess,
__in UINT uExitCode
)
{
NTSTATUS statues = OriginalNtTerminateProcess(hProcess,uExitCode);
HANDLE hProc;
PROCESSENTRY32 entry;
entry.dwFlags = sizeof( PROCESSENTRY32 );
HANDLE snapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, NULL );
if ( Process32First( snapshot, &entry ) == TRUE ) {
while ( Process32Next( snapshot, &entry ) == TRUE ) {
if ( wcsicmp( entry.szExeFile, L"calc.exe" ) == 0 ) {
EnableDebugPriv();
HANDLE hProc = OpenProcess( PROCESS_ALL_ACCESS, FALSE, entry.th32ProcessID );
// Do stuff..
//CloseHandle( hProc );
}
}
}
if(hProc == hProcess)
MessageBox(NULL, L"Error", L"Information", MB_OK);
else
TerminateProcess(hProcess,uExitCode);
CloseHandle( hProc);
CloseHandle( snapshot );
return statues;
}
© Stack Overflow or respective owner
