Re:闲庭信步:
我也遇到了同样的情况(windows 2000),只要把ReplaceIATEntryInOneMod()函数中的WriteProcessMemory(GetCurrentProcess(),ppfn,&pfnHook,sizeof(pfnHook),NULL);
这一句改为如下代码即可拦截所有的程序了:
MEMORY_BASIC_INFORMATION mbi;
::VirtualQuery(ppfn, &mbi, sizeof(MEMORY_BASIC_INFORMATION));
// In order to provide writable access to this part of the
// memory we need to change the memory protection
if (FALSE == ::VirtualProtect(
mbi.BaseAddress,
mbi.RegionSize,
PAGE_READWRITE,
&mbi.Protect)
)
return; //error
// Hook the function.
*ppfn = *pfnHook;
// Restore the protection back
DWORD dwOldProtect;
::VirtualProtect(
mbi.BaseAddress,
mbi.RegionSize,
mbi.Protect,
&dwOldProtect
);