Delphi Hook

ÇëÎÊÓÃcmd.exe Ö´ÐÐregedit.exe ʱ£¬ÎªÊ²Ã´ÓÃCreateProcess hook²»µ½£¬

°´ctrl+alt+del µÈÒ²hook²»µ½£¬ËûÃDz»Êǵ÷ÓÃCreateProcess Âð£¿

---

ÊÔÊÔ¼àÊÓShellexecute£¬ÓÃShell¹³×Ó

---

function NewShellExecuteW(hwnd:HWND;Operation:PWideChar;FileName:PWideChar;Parameters:PWideChar;Directory:PWideChar;ShowCmd:Integer):HINST;Stdcall;
type
  TNewShellExecuteW=function (hwnd:HWND;Operation:PWideChar;fileName:PWideChar;Parameters:PWideChar;Directory:PWideChar;ShowCmd:Integer):HINST;Stdcall;
begin
Resutl:=8;
Exit;
end;
ΪʲôÕâÑù±àÒë²»ÄÜͨ¹ýÀ´£¬Õâ¸öº¯Êý±¾À´¾ÍÊÇÕâôÉùÃ÷µÄ°¡£¬

[DCC Error] eabe_data_main.dpr(127): E2005 'hwnd' is not a type identifier

---

NtCreateProcess(

  OUT PHANDLE ProcessHandle,
  IN ACCESS_MASK DesiredAccess,
  IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
  IN HANDLE ParentProcess,
  IN BOOLEAN InheritObjectTable,
  IN HANDLE SectionHandle OPTIONAL,
  IN HANDLE DebugPort OPTIONAL,
  IN HANDLE ExceptionPort OPTIONAL );


ºÍzwCreateProcessÕâÁ½¸öº¯ÊýµÄdelphiÉùÃ÷

°ïÎÒ°ÑÕâ¸öת»»³ÉdelphiµÄfunction.

---

MARK

---

hwnd:HWND
C++ÕÕ³­¹ýÀ´µÄ°É£¬DELPHI²»Çø·Ö´óСдµÄ¡£

---

ÒýÓÃ

hwnd:HWND
C++ÕÕ³­¹ýÀ´µÄ°É£¬DELPHI²»Çø·Ö´óСдµÄ¡£