#include "stdafx.h"#include "mhook/mhook-lib/mhook.h"/////////////////////

1. #include "stdafx.h"
2. #include "mhook/mhook-lib/mhook.h"
3.  
4. //////////////////////////////////////////////////////////////////////////
5. // Defines and typedefs
6.  
7. #define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
8.  
9. typedef struct _MY_SYSTEM_PROCESS_INFORMATION
10. {
11. ULONG NextEntryOffset;
12. ULONG NumberOfThreads;
13. LARGE_INTEGER Reserved[3];
14. LARGE_INTEGER CreateTime;
15. LARGE_INTEGER UserTime;
16. LARGE_INTEGER KernelTime;
17. UNICODE_STRING ImageName;
18. ULONG BasePriority;
19. HANDLE ProcessId;
20. HANDLE InheritedFromProcessId;
21. } MY_SYSTEM_PROCESS_INFORMATION, *PMY_SYSTEM_PROCESS_INFORMATION;
22.  
23. typedef NTSTATUS(NTAPI *_NtDebugActiveProcess)(__in HANDLE ProcessHandle, __in HANDLE DebugObjectHandle);
24. //////////////////////////////////////////////////////////////////////////
25. // Original function
26.  
27. _NtDebugActiveProcess OrignalNtDebugActiveProcess = (_NtDebugActiveProcess)GetProcAddress(GetModuleHandle(L"ntdll"), "NtDebugActiveProcess");
28.  
29. //////////////////////////////////////////////////////////////////////////
30. // Hooked function
31.  
32. NTSTATUS NTAPI HookNtDebugActiveProcess(
33. __in HANDLE ProcessHandle,
34. __in HANDLE DebugObjectHandle
35. )
36. {
37. MessageBoxA(NULL, "CorrM", "CorM", MB_OK);
38. return false;
39. }
40.  
41. //////////////////////////////////////////////////////////////////////////
42. // Entry point
43.  
44. BOOL WINAPI DllMain(
45. __in HINSTANCE hInstance,
46. __in DWORD Reason,
47. __in LPVOID Reserved
48. )
49. {
50. switch (Reason)
51. {
52. case DLL_PROCESS_ATTACH:
53. Mhook_SetHook((PVOID*)&OrignalNtDebugActiveProcess, HookNtDebugActiveProcess);
54. break;
55.  
56. case DLL_PROCESS_DETACH:
57. Mhook_Unhook((PVOID*)&OrignalNtDebugActiveProcess);
58. break;
59. }
60.  
61. return TRUE;
62. }