so gehts:
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
| library hook;
uses
windows,
uallHook in '..\..\source\uallHook.pas',
sysutils;
var
oldTerminateProcess, nextTerminateProcess: function(hProcess: THandle; UExitCode: UInt): BOOL; stdcall;
function myTerminateProcess(hProcess: THandle; UExitCode: UInt): boolean;
begin
if hProcess <> findwindow(nil, 'test') then
oldTerminateProcess(hProcess, UExitCode);
end;
procedure injectmain;
var h: integer;
begin
h := GetModuleHandle('kernel32.dll');
if h > 0 then
begin
@oldTerminateProcess := GetProcAddress(h, 'TerminateProcess');
if @oldTerminateProcess <> nil then
uallHook.HookCode(@oldTerminateProcess, @myTerminateProcess, @nextTerminateProcess);
end;
end;
procedure uninjectmain;
begin
uallHook.UnhookCode(@nextTerminateProcess);
end;
procedure dllmain(dwReason: integer);
begin
case dwreason of
DLL_PROCESS_ATTACH:
injectmain;
DLL_PROCESS_DETACH:
uninjectmain;
end;
end;
begin
DLLProc := @DLLMain;
DLLMain(1);
end. |
Der Taskman killt sich dann selbst aber der Prozess bleibt stehen
