1,183
社区成员
发帖
与我相关
我的任务
分享如何HOOK到winlogon.exe进程??
发现瑞星杀毒软件可以HOOK到winlogon.exe进程, 请问使用哪种类型的HOOK能HOOK到winlogon.exe进程?
...全文
请发表友善的回复…
发表回复
xiaowengweng 2004-05-11
- 打赏
- 举报
hook到winlogon.exe有什么用处??
bottom 2004-05-11
- 打赏
- 举报
倒 怎么没有 你看不懂 C++不成!老外写的 就是和那个一样的 !
mscrack 2004-05-10
- 打赏
- 举报
那个没说SAS WINDOW是怎么找出来的啊。不是吗?
ly_liuyang 2004-05-10
- 打赏
- 举报
SAS Windows在XP下是Hook不到的,除非XP上设置使用经典模式的登陆界面
visual_cjiajia 2004-05-10
- 打赏
- 举报
你怎么老是抓这 OpenDesktop不放 死脑筋 CSDN有文档不去搜索有现成的
mscrack 2004-05-10
- 打赏
- 举报
那如何知道NT系统有存在SAS Window呢?
procedure TForm1.Button1Click(Sender: TObject);
var
hDeskPrev,hStaPrev:HWINSTA;
hDesktop,hSta:HDESK;
begin
hStaPrev := GetProcessWindowStation();
hDeskPrev := GetThreadDesktop( GetCurrentThreadId() );
hSta := OpenWindowStation( 'Winsta0', false, MAXIMUM_ALLOWED );
SetProcessWindowStation( hSta );
hDesktop := OpenDesktop( 'Winlogon', 0 , false, MAXIMUM_ALLOWED );
SetThreadDesktop( hDesktop );
PostMessage( HWND_BROADCAST, WM_HOTKEY, 0, MAKELONG( MOD_CONTROL or MOD_ALT, VK_DELETE ) );
SetThreadDesktop( hDeskPrev );
SetProcessWindowStation( hStaPrev );
CloseDesktop( hDesktop );
CloseWindowStation( hSta );
end;
广播ctrl+alt+delete键,失败了. 为什么OpenDekstop总返回0 ?
win2000/xp下禁用ctrl+al+delete键,该怎么做才能找到'SAS WINDOW'窗口?
procedure TForm1.Button1Click(Sender: TObject);
var
hDeskPrev,hStaPrev:HWINSTA;
hDesktop,hSta:HDESK;
begin
hStaPrev := GetProcessWindowStation();
hDeskPrev := GetThreadDesktop( GetCurrentThreadId() );
hSta := OpenWindowStation( 'Winsta0', false, MAXIMUM_ALLOWED );
SetProcessWindowStation( hSta );
hDesktop := OpenDesktop( 'Winlogon', 0 , false, MAXIMUM_ALLOWED );
SetThreadDesktop( hDesktop );
PostMessage( HWND_BROADCAST, WM_HOTKEY, 0, MAKELONG( MOD_CONTROL or MOD_ALT, VK_DELETE ) );
SetThreadDesktop( hDeskPrev );
SetProcessWindowStation( hStaPrev );
CloseDesktop( hDesktop );
CloseWindowStation( hSta );
end;
广播ctrl+alt+delete键,失败了. 为什么OpenDekstop总返回0 ?
win2000/xp下禁用ctrl+al+delete键,该怎么做才能找到'SAS WINDOW'窗口?
eytech 2004-05-09
- 打赏
- 举报
C写的程序,难看明白,有没有DELPHI 的如果有,麻烦大家帮忙给我一份
zhiwei1217@sina.com
support@eytech.com
zhiwei1217@sina.com
support@eytech.com
visual_cjiajia 2004-04-20
- 打赏
- 举报
当然要注入 APIHOOK
visual_cjiajia 2004-04-20
- 打赏
- 举报
呵呵 http://www.2ccc.com 上有!
mscrack 2004-04-20
- 打赏
- 举报
要注入才能找到?
mscrack 2004-04-20
- 打赏
- 举报
function SetPrivilege:bool;
var
hToken:dword;
tkp:TTOKENPRIVILEGES;
rl:dword;
begin
result:=false;
if OpenProcessToken(GetCurrentProcess,TOKEN_ALL_ACCESS,hToken) then
if LookupPrivilegeValue(nil,'SeDebugPrivilege',tkp.privileges[0].luid) then
begin
tkp.PrivilegeCount:=1;
tkp.Privileges[0].Attributes:=SE_PRIVILEGE_ENABLED;
result:=AdjustTokenPrivileges(hToken,false,tkp,sizeof(tkp),tkp,rl);
end;
end;
function EnumWindowsProc(hWnd:HWND;lParam:lParam):bool;stdcall;
var
lpbuffer:array [0..254] of char;
wText:string;
begin
GetWindowText(hWnd,lpbuffer,255);
wText:=strpas(lpbuffer);
// form1.listbox1.items.add(wText); //listbox里面没发现有啊??
if CompareText(wText,'SAS window')=0 then
begin
hSASWnd:=hWnd;
result:=false;
showmessage('SAS window');
end;
result:=true;
end;
procedure TForm1.Button1Click(Sender: TObject);
var
hDesk:dword;
begin
hDesk:=OpenDesktop('Winlogon',0,false,MAXIMUM_ALLOWED);
EnumDesktopWindows(hDesk,@EnumWindowsProc,0);
end;
procedure TForm1.FormCreate(Sender: TObject);
begin
if not setprivilege then
messagebox(handle,'setprivilege error','error',0);
end;
找不到... 为什么?
var
hToken:dword;
tkp:TTOKENPRIVILEGES;
rl:dword;
begin
result:=false;
if OpenProcessToken(GetCurrentProcess,TOKEN_ALL_ACCESS,hToken) then
if LookupPrivilegeValue(nil,'SeDebugPrivilege',tkp.privileges[0].luid) then
begin
tkp.PrivilegeCount:=1;
tkp.Privileges[0].Attributes:=SE_PRIVILEGE_ENABLED;
result:=AdjustTokenPrivileges(hToken,false,tkp,sizeof(tkp),tkp,rl);
end;
end;
function EnumWindowsProc(hWnd:HWND;lParam:lParam):bool;stdcall;
var
lpbuffer:array [0..254] of char;
wText:string;
begin
GetWindowText(hWnd,lpbuffer,255);
wText:=strpas(lpbuffer);
// form1.listbox1.items.add(wText); //listbox里面没发现有啊??
if CompareText(wText,'SAS window')=0 then
begin
hSASWnd:=hWnd;
result:=false;
showmessage('SAS window');
end;
result:=true;
end;
procedure TForm1.Button1Click(Sender: TObject);
var
hDesk:dword;
begin
hDesk:=OpenDesktop('Winlogon',0,false,MAXIMUM_ALLOWED);
EnumDesktopWindows(hDesk,@EnumWindowsProc,0);
end;
procedure TForm1.FormCreate(Sender: TObject);
begin
if not setprivilege then
messagebox(handle,'setprivilege error','error',0);
end;
找不到... 为什么?
xzhifei 2004-04-20
- 打赏
- 举报
如果用的是NT系统,就一定有SAS Window
mscrack 2004-04-20
- 打赏
- 举报
http://www.csdn.net/develop/read_article.asp?id=15645
根据这里面提供的内容, 好像找不到SAS Window啊??
根据这里面提供的内容, 好像找不到SAS Window啊??
ly_liuyang 2004-04-19
- 打赏
- 举报
Admin提升到System身份或直接SYstem身份下
使用DLL注入技术就可以Hook WinLogon了,上文的是VC方法,Google上有Delphi方法的
使用DLL注入技术就可以Hook WinLogon了,上文的是VC方法,Google上有Delphi方法的
visual_cjiajia 2004-04-19
- 打赏
- 举报
http://www.csdn.net/develop/read_article.asp?id=15645
