标题:利用低级键盘钩子,和子类化SAS窗口屏蔽所有热键!
只看楼主
sll0807
Rank: 3Rank: 3
等 级:论坛游侠
威 望:5
帖 子:69
专家分:123
注 册:2009-3-2
结帖率:100%
已结贴  问题点数:20 回复次数:4 
利用低级键盘钩子,和子类化SAS窗口屏蔽所有热键!
将DLL注入Winlogon进程接管Sas窗口按键消息能完美屏蔽包括CTRL+DEL+ALT在内所有热键

老帖子了 写成汇编版本的 大家看下吧!~
ASMIDE:MASMPlus
EXE:

程序代码:
.386
.Model Flat, StdCall
Option Casemap :None

Include        Windows.Inc
Include        User32.Inc
Include        Kernel32.Inc
Include        Advapi32.inc

IncludeLib    User32.Lib
IncludeLib    Kernel32.Lib
IncludeLib    Advapi32.lib

.Data?
dwProcessID        dd    ?
szMyDllFull        db    MAX_PATH dup(?)

.Const
szDllKernel        db    'Kernel32.dll',0
szLoadLibrary    db    'LoadLibraryA',0
szMyDll            db    '\APIHook.DLL',0

.Code

EnumProcess Proc Uses esi edi ebx _lpProcName:DWORD,_dwPID:DWORD
    Local @stProcess:PROCESSENTRY32
    Local    @hSnapshot

    invoke    CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,0
    mov        @hSnapshot,eax
    mov        @stProcess.dwSize,sizeof @stProcess
    invoke    Process32First,@hSnapshot,addr @stProcess
    
    .While    eax
        invoke    lstrcmp,addr @stProcess.szExeFile,_lpProcName
        .if        eax == 0
            
            mov    esi,_dwPID
            push    @stProcess.th32ProcessID
            pop     DWORD ptr [esi]
            mov    eax,TRUE
            ret
        .endif
        
        invoke    Process32Next,@hSnapshot,addr @stProcess
    .EndW
    
    invoke    CloseHandle,@hSnapshot
    
    xor    eax,eax
    ret
    
EnumProcess     EndP

EnableDebugPriv    Proc
    Local    @tkp:TOKEN_PRIVILEGES
    Local    @sdnv:LUID
    Local    @hToken
    
    invoke    RtlZeroMemory,addr @tkp,sizeof TOKEN_PRIVILEGES
    invoke    RtlZeroMemory,addr @sdnv,sizeof LUID
    
    invoke    GetCurrentProcess
    mov        ecx,eax
    invoke    OpenProcessToken,ecx,TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY,addr @hToken
    
    invoke    LookupPrivilegeValue,0,CTEXT("SeDebugPrivilege"),addr @sdnv
    mov        @tkp.PrivilegeCount,1
    m2m        @tkp.Privileges.Luid.LowPart,@sdnv.LowPart
    m2m        @tkp.Privileges.Luid.HighPart,@sdnv.HighPart
    mov        @tkp.Privileges.Attributes,SE_PRIVILEGE_ENABLED
    invoke    AdjustTokenPrivileges,@hToken,FALSE,addr @tkp,sizeof @tkp,0,0
    
    invoke    CloseHandle,@hToken
    ret
    
EnableDebugPriv    EndP

RemoteInject Proc _dwPID:DWORD
    Local    @dwProcessID
    Local @hProcess
    Local    @lpLoadLibrary
    Local    @lpDllName

    invoke    GetCurrentDirectory,MAX_PATH,addr szMyDllFull
    invoke    lstrcat,addr szMyDllFull,addr szMyDll
    
    invoke    GetModuleHandle,addr szDllKernel
    invoke    GetProcAddress,eax,offset szLoadLibrary
    mov        @lpLoadLibrary,eax
    
    invoke    OpenProcess,PROCESS_CREATE_THREAD or PROCESS_VM_OPERATION or PROCESS_VM_WRITE,FALSE,dwProcessID
    .if eax
        mov    @hProcess,eax
        
        invoke    VirtualAllocEx,@hProcess,NULL,MAX_PATH,MEM_COMMIT,PAGE_EXECUTE_READWRITE
        .if    eax
            mov    @lpDllName,eax
            
            invoke    WriteProcessMemory,@hProcess,eax,offset szMyDllFull,MAX_PATH,NULL
            invoke    CreateRemoteThread,@hProcess,NULL,0,@lpLoadLibrary,@lpDllName,0,NULL
            invoke    CloseHandle,eax
            
        .endif
        
        invoke    CloseHandle,@hProcess
    .else
        
        invoke    MessageBox,NULL,CTEXT("无法打开进程"),NULL,MB_OK or MB_ICONWARNING
        
    .endif
    ret
    
RemoteInject EndP

Start    Proc

    invoke    EnableDebugPriv
    invoke    EnumProcess,CTEXT("winlogon.exe"),offset dwProcessID
    
    invoke    RemoteInject,dwProcessID
    ret
    
Start EndP

End Start


Dll:

程序代码:
.386
.Model Flat,StdCall
Option CaseMap :None

Include        Windows.inc
Include        User32.inc
Include        Kernel32.inc
Include        Shlwapi.inc

IncludeLib    User32.lib
IncludeLib    Kernel32.lib
IncludeLib    Shlwapi.lib

KBDLLHOOKSTRUCT STRUCT
    
    vKcode            DWORD ?
    scanCode            DWORD ?
    flags                DWORD ?
    time                DWORD ?
    dwExtraInfo        DWORD ?
    
KBDLLHOOKSTRUCT ENDS

.Data?
hHook                            dd ?
dwThread                        dd ?
hThread                        dd ?
hDesktop                        dd ?
hInstDll                        dd ?
hSasWnd                        dd ?
lpOldProc                    dd ?

.Code

KeyboardProc Proc _dwCode:DWORD,_wParam:DWORD,_lParam:DWORD

    .if _dwCode==HC_ACTION
        .if (_wParam == WM_KEYDOWN) 
            mov edx,_lParam 
            assume edx:PTR KBDLLHOOKSTRUCT 
            .if ([edx].vKcode == VK_LWIN) || ([edx].vKcode==VK_RWIN)
                
                ;拦截左右WIN键
                mov eax,TRUE 
                ret 
            .endif
        .endif
    .endif
    
    invoke CallNextHookEx,hHook,_dwCode,_wParam,_lParam 
    ret
    
KeyboardProc EndP

EnumWindowsProc Proc _hWnd:DWORD,_lParam:DWORD
    Local    @szBuff[128]:BYTE

    invoke    GetWindowText,_hWnd,addr @szBuff,sizeof @szBuff
    invoke    StrStr,addr @szBuff,CTEXT("SAS window")
    .if eax
        push        _hWnd
        pop        hSasWnd
        mov        eax,FALSE
        ret
    .endif
    
    mov    eax,TRUE
    ret
    
EnumWindowsProc EndP

SASWindowProc Proc _hWnd:DWORD,_uMsg:DWORD,_wParam:DWORD,_lParam:DWORD

    .if _uMsg == WM_HOTKEY
        
        ;拦截SAS窗口所有热键
        mov    eax,TRUE
        ret
    .endif
    
    invoke    CallWindowProc,lpOldProc,_hWnd,_uMsg,_wParam,_lParam
    ret
    
SASWindowProc EndP

ThreadProc Proc lParam:DWORD
    Local    uMsg:MSG
    
    invoke    OpenDesktop,CTEXT("Winlogon"),0,FALSE,MAXIMUM_ALLOWED
    mov        hDesktop,eax
    invoke    EnumDesktopWindows,hDesktop,offset  EnumWindowsProc,NULL
    .if    hSasWnd
        
        invoke    SetWindowLong,hSasWnd,GWL_WNDPROC,offset SASWindowProc
        mov        lpOldProc,eax
        
    .endif
    
    invoke    OpenDesktop,CTEXT("Default"),0,FALSE,MAXIMUM_ALLOWED
    mov        hDesktop,eax
    invoke    SetThreadDesktop,hDesktop
    invoke    CloseHandle,hDesktop
    
    invoke    SetWindowsHookEx,WH_KEYBOARD_LL,offset KeyboardProc,hInstDll,NULL
    .if     eax 
        mov        hHook,eax
        invoke    OutputDebugString,CTEXT("Set Hook Success!")
    .endif
    
    .While    TRUE
        
        invoke    GetMessage,addr uMsg,0,0,0
        .Break .if !eax
        invoke    TranslateMessage,addr uMsg
        invoke    DispatchMessage,addr uMsg 
    .EndW
    
ThreadProc EndP

DLLEntry    Proc    uses ebx esi _hInstance:DWORD,_dwReason:DWORD,_dwReserved:DWORD

    .if _dwReason == DLL_PROCESS_ATTACH
        
        invoke    CreateThread,NULL,0,offset ThreadProc,NULL,0,offset dwThread
        mov        hThread,eax
        
    .elseif    _dwReason == DLL_PROCESS_DETACH
        
        invoke    SetWindowLong,hSasWnd,GWL_WNDPROC,lpOldProc
        
        invoke    UnhookWindowsHookEx,hHook
        invoke    TerminateThread,hThread,1
        invoke    CloseHandle,hThread
        
    .endif
    
    push    _hInstance
    pop    hInstDll
    
    mov    eax,TRUE
    ret
    
DLLEntry    EndP
    
End DLLEntry

DEF:

EXPORTS


Hooks.rar (17.09 KB)


[ 本帖最后由 sll0807 于 2009-10-13 14:45 编辑 ]
收到的鲜花
  • zklhp2009-10-13 17:27 送鲜花  50朵   附言:我很赞同
搜索更多相关主题的帖子: SAS 子类 键盘 钩子 热键 
2009-10-13 14:43
onepc
Rank: 7Rank: 7Rank: 7
等 级:黑侠
威 望:3
帖 子:223
专家分:569
注 册:2009-8-27
得分:0 
膜拜一下~~~~
2009-10-13 15:29
sll0807
Rank: 3Rank: 3
等 级:论坛游侠
威 望:5
帖 子:69
专家分:123
注 册:2009-3-2
得分:0 
用的你写的 低级键盘钩子 连代码都没改 :)
2009-10-13 15:49
东海一鱼
Rank: 13Rank: 13Rank: 13Rank: 13
等 级:贵宾
威 望:48
帖 子:757
专家分:4760
注 册:2009-8-10
得分:20 
呜呼,有够辣的。

似乎没必要这末狠吧!

这个关键的SAS Window的子类话函数只处理Ctrl + Alt + delete就好:

SASWindowProc Proc _hWnd:DWORD,_uMsg:DWORD,_wParam:DWORD,_lParam:DWORD
 
    .if _uMsg == WM_HOTKEY
        
        ;MAKELONG
        mov eax,VK_DELETE  
        rol eax,16  
        mov ax,MOD_CONTROL  
        or  ax,MOD_ALT  
  
        .if (_lparam & eax  )
            ret         
        .endif
    .endif
     
    invoke    CallWindowProc,lpOldProc,_hWnd,_uMsg,_wParam,_lParam
    ret
     
SASWindowProc EndP

举世而誉之而不加劝,举世而非之而不加沮,定乎内外之分,辩乎荣辱之境,斯已矣。彼其于世未数数然也。
2009-10-13 18:13
sll0807
Rank: 3Rank: 3
等 级:论坛游侠
威 望:5
帖 子:69
专家分:123
注 册:2009-3-2
得分:0 
只是举例 想怎么实现 大家添嘿嘿!~是在懒得写
2009-10-14 09:49



参与讨论请移步原网站贴子:https://bbs.bccn.net/thread-288363-1-1.html




关于我们 | 广告合作 | 编程中国 | 清除Cookies | TOP | 手机版

编程中国 版权所有,并保留所有权利。
Powered by Discuz, Processed in 0.030149 second(s), 9 queries.
Copyright©2004-2024, BCCN.NET, All Rights Reserved