static CString EXCLUDE_PROCESS=_T("ACRORD32INFO.EXE;MSNMSGR.EXE;EXPLORER.EXE;QQ.EXE;LOGON.EXE;USERINIT.EXE;KERNEL32.EXE;WSCNTFY.EXE;CTFMON.EXE;IE1XPLORER.EXE;RUNDLL32.EXE;CONIME.EXE;WUAUCLT.EXE;TASKMGR.EXE;MMC.EXE;CMD;SVCHOST.EXE;"); //排除进程名称HANDLE WINAPI CMyHook::HookCreateFileWCallback(
LPCWSTR lpFileName,
DWORD dwDesiredAccess,
DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile)
/*
HFILE WINAPI CMyHook::HookOpenFileCallback(
LPCSTR lpFileName,
LPOFSTRUCT lpReOpenBuff,
UINT uStyle
)
*/{
BOOL bValid = TRUE;
CString strName;
strName=lpFileName;
strName.MakeUpper();
strName.TrimRight(); if (strName.Find(_T("."))>0)
{
if ( (strName[0] == 'I' || strName[0] == 'J') && strName.GetLength()>5)
{
if( strName.Find( _T("~$"), 0 ) == -1 )
{
WriteLog(_T("CreateFile"));
WriteLog(strName);
//::AfxMessageBox(_T("1"));
bValid=isValid();
}
}
}
if(bValid)
//return OpenFileNext(lpFileName,lpReOpenBuff,uStyle);
return CreateFileWNext(lpFileName,dwDesiredAccess,dwShareMode,lpSecurityAttributes,dwCreationDisposition,dwFlagsAndAttributes,hTemplateFile);
else return NULL;
}
//获取当前的进程名称及其全路径
BOOL CMyHook::ValidateInitialize()
{
HANDLE hProcess = NULL;
CString str; hProcess = OpenProcess( PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE,
GetCurrentProcessId() );
if( NULL != hProcess )
{
HMODULE hMod = NULL;
DWORD cbNeeded = 0;
if(EnumProcessModules( hProcess, &hMod, sizeof(hMod), &cbNeeded) )
{
//进程名称
g_szProcessName.GetBuffer(MAX_PATH);
GetModuleBaseName(hProcess, hMod,(LPSTR)(LPCTSTR)g_szProcessName, MAX_PATH);
g_szProcessName.ReleaseBuffer();
g_szProcessName.MakeUpper();
//进程路径
g_szExecuteProcess.GetBuffer(MAX_PATH);
GetModuleFileName(hMod,(LPSTR)(LPCTSTR)g_szExecuteProcess, MAX_PATH );
g_szExecuteProcess.ReleaseBuffer();
g_szExecuteProcess.MakeUpper();
if(g_szExecuteProcess.ReverseFind('\\')>0)
g_szExecuteProcess=g_szExecuteProcess.Left(g_szExecuteProcess.ReverseFind('\\'));
str.Format(_T("[003]process name(%s) path(%s)."),g_szProcessName,g_szExecuteProcess);
WriteLog(str);
}
else
{
CloseHandle( hProcess );
str.Format(_T("[002]enum process module failed, error(%d)."),GetLastError());
WriteLog(str);
return FALSE;
}
CloseHandle( hProcess );
}
else
{
str.Format(_T("[001]enum process module failed, error(%d)."),GetLastError());
WriteLog(str);
return FALSE;
} if( g_szProcessName.Find(_T("XPLORER."))>=0)
{
//str.Format(_T("[test]process name(%s) path(%s)."),g_szProcessName, g_szExecuteProcess);
//WriteLog(str);
//return FALSE;
} //排除常用系统进程
if(EXCLUDE_PROCESS.Find(g_szProcessName) < 0) //if(g_szProcessName.Find(_T("TICFSVC."))>=0 || g_szProcessName.Find(_T("WINWORD."))>=0)
return TRUE;
else
return FALSE;
}
大家看看是怎么能解决!!
LPCWSTR lpFileName,
DWORD dwDesiredAccess,
DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile)
/*
HFILE WINAPI CMyHook::HookOpenFileCallback(
LPCSTR lpFileName,
LPOFSTRUCT lpReOpenBuff,
UINT uStyle
)
*/{
BOOL bValid = TRUE;
CString strName;
strName=lpFileName;
strName.MakeUpper();
strName.TrimRight(); if (strName.Find(_T("."))>0)
{
if ( (strName[0] == 'I' || strName[0] == 'J') && strName.GetLength()>5)
{
if( strName.Find( _T("~$"), 0 ) == -1 )
{
WriteLog(_T("CreateFile"));
WriteLog(strName);
//::AfxMessageBox(_T("1"));
bValid=isValid();
}
}
}
if(bValid)
//return OpenFileNext(lpFileName,lpReOpenBuff,uStyle);
return CreateFileWNext(lpFileName,dwDesiredAccess,dwShareMode,lpSecurityAttributes,dwCreationDisposition,dwFlagsAndAttributes,hTemplateFile);
else return NULL;
}
//获取当前的进程名称及其全路径
BOOL CMyHook::ValidateInitialize()
{
HANDLE hProcess = NULL;
CString str; hProcess = OpenProcess( PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE,
GetCurrentProcessId() );
if( NULL != hProcess )
{
HMODULE hMod = NULL;
DWORD cbNeeded = 0;
if(EnumProcessModules( hProcess, &hMod, sizeof(hMod), &cbNeeded) )
{
//进程名称
g_szProcessName.GetBuffer(MAX_PATH);
GetModuleBaseName(hProcess, hMod,(LPSTR)(LPCTSTR)g_szProcessName, MAX_PATH);
g_szProcessName.ReleaseBuffer();
g_szProcessName.MakeUpper();
//进程路径
g_szExecuteProcess.GetBuffer(MAX_PATH);
GetModuleFileName(hMod,(LPSTR)(LPCTSTR)g_szExecuteProcess, MAX_PATH );
g_szExecuteProcess.ReleaseBuffer();
g_szExecuteProcess.MakeUpper();
if(g_szExecuteProcess.ReverseFind('\\')>0)
g_szExecuteProcess=g_szExecuteProcess.Left(g_szExecuteProcess.ReverseFind('\\'));
str.Format(_T("[003]process name(%s) path(%s)."),g_szProcessName,g_szExecuteProcess);
WriteLog(str);
}
else
{
CloseHandle( hProcess );
str.Format(_T("[002]enum process module failed, error(%d)."),GetLastError());
WriteLog(str);
return FALSE;
}
CloseHandle( hProcess );
}
else
{
str.Format(_T("[001]enum process module failed, error(%d)."),GetLastError());
WriteLog(str);
return FALSE;
} if( g_szProcessName.Find(_T("XPLORER."))>=0)
{
//str.Format(_T("[test]process name(%s) path(%s)."),g_szProcessName, g_szExecuteProcess);
//WriteLog(str);
//return FALSE;
} //排除常用系统进程
if(EXCLUDE_PROCESS.Find(g_szProcessName) < 0) //if(g_szProcessName.Find(_T("TICFSVC."))>=0 || g_szProcessName.Find(_T("WINWORD."))>=0)
return TRUE;
else
return FALSE;
}
大家看看是怎么能解决!!
所以对于后来所打开的EXE不能进行HOOK,】
我想知道如何能对EXE也进行HOOK!
验证不通过,不让安装!!