- 注册时间
- 2011-3-6
- 最后登录
- 1970-1-1
该用户从未签到
|
void HideDll()
{
HMODULE hMod = ::GetModuleHandle("MyHook.dll");
PLIST_ENTRY Head,Cur;
PPEB_LDR_DATA ldr;
PLDR_MODULE ldm;
__asm
{
mov eax , fs:[0x30]
mov ecx , [eax + 0x0c] //Ldr
mov ldr , ecx
}
Head = &(ldr->InLoadOrderModuleList);
Cur = Head->Flink;
do
{
ldm = CONTAINING_RECORD( Cur, LDR_MODULE, InLoadOrderModuleList);
//printf("EntryPoint [0x%X]\n",ldm->BaseAddress);
if( hMod == ldm->BaseAddress)
{
ldm->InLoadOrderModuleList.Blink->Flink =
ldm->InLoadOrderModuleList.Flink;
ldm->InLoadOrderModuleList.Flink->Blink =
ldm->InLoadOrderModuleList.Blink;
ldm->InInitializationOrderModuleList.Blink->Flink =
ldm->InInitializationOrderModuleList.Flink;
ldm->InInitializationOrderModuleList.Flink->Blink =
ldm->InInitializationOrderModuleList.Blink;
ldm->InMemoryOrderModuleList.Blink->Flink =
ldm->InMemoryOrderModuleList.Flink;
ldm->InMemoryOrderModuleList.Flink->Blink =
ldm->InMemoryOrderModuleList.Blink;
break;
}
Cur= Cur->Flink;
}while(Head != Cur);
} |
|
发表于 2013-5-7 09:11:04