还是推荐用HOOK API Hook NtOpenProcess,NtTerminateProcess
给我5分下载分贴全部代码! 带exe文件,配置文件保护library ptx;uses SysUtils, Windows, TLHelp32, madCodeHook;var TgtFunc: Pointer; hKernel: THandle; OpenProcessNext: function (dwDesiredAccess: DWORD; bInheritHandle: BOOL; dwProcessId: DWORD): THandle; stdcall; TerminateProcessNext: function (hProcess: THandle; uExitCode: UINT): BOOL; stdcall; MoveFileANext: function (lpExistingFileName, lpNewFileName: PAnsiChar): BOOL; stdcall; MoveFileWNext: function (lpExistingFileName, lpNewFileName: PWideChar): BOOL; stdcall; DeleteFileANext: function (lpFileName: PAnsiChar): BOOL; stdcall; DeleteFileWNext: function (lpFileName: PWideChar): BOOL; stdcall;function GetProcessNameById(const AID: Integer): String; var h:thandle; f:boolean; lppe:tprocessentry32; begin Result := ''; h := CreateToolhelp32Snapshot(TH32cs_SnapProcess, 0); lppe.dwSize := sizeof(lppe); f := Process32First(h, lppe); while integer(f) <> 0 do begin if Integer(lppe.th32ProcessID) = AID then begin Result:= string(lppe.szExeFile); break; end; f := Process32Next(h, lppe); end; end;function IsPPID(ckId: DWORD): Boolean; var Cxmc: String; begin Result := False; Cxmc := LowerCase(ExtractFileName(GetProcessNameById(ckId))); if (Cxmc = 'dgmatimer.exe') or (Cxmc = 'dgmasvc.exe') then Result := True; end;function NewOpenProcess(dwDesiredAccess: DWORD; bInheritHandle: BOOL; dwProcessId: DWORD): THandle; stdcall; begin if IsPPID(dwProcessId) then Result := High(THandle) else Result := OpenProcessNext(dwDesiredAccess,bInheritHandle,dwProcessId); end;function NewTerminateProcess(hProcess: THandle; uExitCode: UINT): BOOL; stdcall; begin if hProcess = High(THandle) then begin SetLastError(ERROR_ACCESS_DENIED); Result := False; end else Result := TerminateProcessNext(hProcess,uExitCode); end;//function RenameFile; function NewMoveFileA(lpExistingFileName, lpNewFileName: PAnsiChar): BOOL; stdcall; var FileName: String; begin FileName := LowerCase(ExtractFileName(lpExistingFileName)); if (FileName = 'ptx.dll') or (FileName = 'dgmasvc.exe') or (FileName = 'dgmatimer.exe') or (FileName = 'gmdefine.sys') then begin SetLastError(ERROR_WRITE_PROTECT); Result := False; end else Result := MoveFileANext(lpExistingFileName, lpNewFileName); end;function NewMoveFileW(lpExistingFileName, lpNewFileName: PWideChar): BOOL; stdcall; var FileName: String; begin FileName := LowerCase(ExtractFileName(lpExistingFileName)); if (FileName = 'ptx.dll') or (FileName = 'dgmasvc.exe') or (FileName = 'dgmatimer.exe') or (FileName = 'gmdefine.sys') then begin SetLastError(ERROR_WRITE_PROTECT); Result := False; end else Result := MoveFileWNext(lpExistingFileName, lpNewFileName); end;function NewDeleteFileA(lpFileName: PAnsiChar): BOOL; stdcall; var FileName: String; begin FileName := LowerCase(ExtractFileName(lpFileName)); if (FileName = 'ptx.dll') or (FileName = 'dgmasvc.exe') or (FileName = 'dgmatimer.exe') or (FileName = 'gmdefine.sys') then begin SetLastError(ERROR_WRITE_PROTECT); Result := False; end else Result := DeleteFileANext(lpFileName); end;function NewDeleteFileW(lpFileName: PWideChar): BOOL; stdcall; var FileName: String; begin FileName := LowerCase(ExtractFileName(lpFileName)); if (FileName = 'ptx.dll') or (FileName = 'dgmasvc.exe') or (FileName = 'dgmatimer.exe') or (FileName = 'gmdefine.sys') then begin SetLastError(ERROR_WRITE_PROTECT); Result := False; end else Result := DeleteFileWNext(lpFileName); end;begin if IsPPID(GetCurrentProcessId) then Exit;
Hook NtOpenProcess,NtTerminateProcess
带exe文件,配置文件保护library ptx;uses
SysUtils,
Windows,
TLHelp32,
madCodeHook;var
TgtFunc: Pointer;
hKernel: THandle;
OpenProcessNext: function (dwDesiredAccess: DWORD; bInheritHandle: BOOL; dwProcessId: DWORD): THandle; stdcall;
TerminateProcessNext: function (hProcess: THandle; uExitCode: UINT): BOOL; stdcall;
MoveFileANext: function (lpExistingFileName, lpNewFileName: PAnsiChar): BOOL; stdcall;
MoveFileWNext: function (lpExistingFileName, lpNewFileName: PWideChar): BOOL; stdcall;
DeleteFileANext: function (lpFileName: PAnsiChar): BOOL; stdcall;
DeleteFileWNext: function (lpFileName: PWideChar): BOOL; stdcall;function GetProcessNameById(const AID: Integer): String;
var
h:thandle;
f:boolean;
lppe:tprocessentry32;
begin
Result := '';
h := CreateToolhelp32Snapshot(TH32cs_SnapProcess, 0);
lppe.dwSize := sizeof(lppe);
f := Process32First(h, lppe);
while integer(f) <> 0 do
begin
if Integer(lppe.th32ProcessID) = AID then
begin
Result:= string(lppe.szExeFile);
break;
end;
f := Process32Next(h, lppe);
end;
end;function IsPPID(ckId: DWORD): Boolean;
var
Cxmc: String;
begin
Result := False;
Cxmc := LowerCase(ExtractFileName(GetProcessNameById(ckId)));
if (Cxmc = 'dgmatimer.exe') or (Cxmc = 'dgmasvc.exe') then
Result := True;
end;function NewOpenProcess(dwDesiredAccess: DWORD; bInheritHandle: BOOL; dwProcessId: DWORD): THandle; stdcall;
begin
if IsPPID(dwProcessId) then
Result := High(THandle)
else
Result := OpenProcessNext(dwDesiredAccess,bInheritHandle,dwProcessId);
end;function NewTerminateProcess(hProcess: THandle; uExitCode: UINT): BOOL; stdcall;
begin
if hProcess = High(THandle) then
begin
SetLastError(ERROR_ACCESS_DENIED);
Result := False;
end else
Result := TerminateProcessNext(hProcess,uExitCode);
end;//function RenameFile;
function NewMoveFileA(lpExistingFileName, lpNewFileName: PAnsiChar): BOOL; stdcall;
var
FileName: String;
begin
FileName := LowerCase(ExtractFileName(lpExistingFileName));
if (FileName = 'ptx.dll') or (FileName = 'dgmasvc.exe') or (FileName = 'dgmatimer.exe') or (FileName = 'gmdefine.sys') then
begin
SetLastError(ERROR_WRITE_PROTECT);
Result := False;
end else
Result := MoveFileANext(lpExistingFileName, lpNewFileName);
end;function NewMoveFileW(lpExistingFileName, lpNewFileName: PWideChar): BOOL; stdcall;
var
FileName: String;
begin
FileName := LowerCase(ExtractFileName(lpExistingFileName));
if (FileName = 'ptx.dll') or (FileName = 'dgmasvc.exe') or (FileName = 'dgmatimer.exe') or (FileName = 'gmdefine.sys') then
begin
SetLastError(ERROR_WRITE_PROTECT);
Result := False;
end else
Result := MoveFileWNext(lpExistingFileName, lpNewFileName);
end;function NewDeleteFileA(lpFileName: PAnsiChar): BOOL; stdcall;
var
FileName: String;
begin
FileName := LowerCase(ExtractFileName(lpFileName));
if (FileName = 'ptx.dll') or (FileName = 'dgmasvc.exe') or (FileName = 'dgmatimer.exe') or (FileName = 'gmdefine.sys') then
begin
SetLastError(ERROR_WRITE_PROTECT);
Result := False;
end else
Result := DeleteFileANext(lpFileName);
end;function NewDeleteFileW(lpFileName: PWideChar): BOOL; stdcall;
var
FileName: String;
begin
FileName := LowerCase(ExtractFileName(lpFileName));
if (FileName = 'ptx.dll') or (FileName = 'dgmasvc.exe') or (FileName = 'dgmatimer.exe') or (FileName = 'gmdefine.sys') then
begin
SetLastError(ERROR_WRITE_PROTECT);
Result := False;
end else
Result := DeleteFileWNext(lpFileName);
end;begin
if IsPPID(GetCurrentProcessId) then
Exit;
hKernel := GetModuleHandle(kernel32); TgtFunc := GetProcAddress(hKernel,'OpenProcess');
madCodeHook.HookCode(TgtFunc,@NewOpenProcess,@OpenProcessNext);
TgtFunc := GetProcAddress(hKernel,'TerminateProcess');
madCodeHook.HookCode(TgtFunc,@NewTerminateProcess,@TerminateProcessNext);
TgtFunc := GetProcAddress(hKernel,'DeleteFileA');
madCodeHook.HookCode(TgtFunc,@NewDeleteFileA,@DeleteFileANext);
TgtFunc := GetProcAddress(hKernel,'DeleteFileW');
madCodeHook.HookCode(TgtFunc,@NewDeleteFileW,@DeleteFileWNext);
TgtFunc := GetProcAddress(hKernel,'MoveFileA');
madCodeHook.HookCode(TgtFunc,@NewMoveFileA,@MoveFileANext);
TgtFunc := GetProcAddress(hKernel,'MoveFileW');
madCodeHook.HookCode(TgtFunc,@NewMoveFileW,@MoveFileWNext); CloseHandle(hKernel);
end.