拦截程序某个操作

浩森呀 · 发表于昨天 14:38

需要拦截 receive type:kill-oss-manager kill student, winlogon desktop! 这两个操作的执行，这些是日志
MMPC Main...
2022-06-01 15:47:25: RegisterServiceCtrlHandler success
2022-06-01 15:47:25: Student Side.
2022-06-01 15:47:25: Open AntiFunc..!
2022-06-01 15:47:26: curPath :C:\Program Files (x86)\Os-Easy\os-easy multicast teaching system\
2022-06-01 15:47:26: bind success!
2022-06-01 15:47:26: EXPLORER.EXE Get Wrong Token !
2022-06-01 15:47:26: start path:C:\Program Files (x86)\Os-Easy\os-easy multicast teaching system\Student.exe
2022-06-01 15:49:01: processId:7400,sessionid:1,curSessionId:1
2022-06-01 15:49:01: CreateProcessAsUser ok!
2022-06-01 15:49:01: start path:C:\Program Files (x86)\Os-Easy\os-easy multicast teaching system\Student.exe
2022-06-01 15:49:01: receive type:daemon
2022-06-01 15:49:02: receive type:kill-oss-manager
2022-06-01 15:49:02: receive type:npd-auto
2022-06-01 15:49:02: start npd
2022-06-01 16:14:11: processId:7436,sessionid:1,curSessionId:1
2022-06-01 16:14:11: find logonUi.exe
2022-06-01 16:14:11: kill student, winlogon desktop!
2022-06-01 16:14:11: EXPLORER.EXE Get Wrong Token !

补充内容 (2024-10-22 10:21):
软件是噢易多媒体教室

qq73s5456 · 发表于昨天 17:41

OD 找到对应位置 NOP 掉？

vcdemon · 发表于昨天 17:43

软件发上来

po1718 · 发表于昨天 21:27

什么程序,原程序都没有,猜不到啊....

		自动登录	找回密码
密码			注册

[逆向安全] 拦截程序某个操作