#include <stdio.h>
#include <windows.h>
typedef enum _DEBUG_CONTROL_CODE {
SysDbgReadVirtualMemory = 8
} DEBUG_CONTROL_CODE, *PDEBUG_CONTROL_CODE;
typedef struct _MEMORY_CHUNKS {
ULONG Address;
PVOID Data;
ULONG Length;
} MEMORY_CHUNKS, *PMEMORY_CHUNKS;
typedef DWORD (WINAPI *ZWSYSTEMDEBUGCONTROL)(DWORD,PVOID,DWORD,PVOID,DWORD,PVOID);
ZWSYSTEMDEBUGCONTROL ZwSystemDebugControl;
typedef struct tagSERVERINFO
{
WORD wRIPFlags;
WORD wSRVIFlags;
WORD wRIPPID;
WORD wRIPError;
DWORD cHandleEntries; //句柄数目
}SERVERINFO,*PSERVERINFO;
typedef struct tagSHAREDINFO {
struct tagSERVERINFO *psi;
struct _HANDLEENTRY *aheList; // handle table pointer
struct tagDISPLAYINFO *pDispInfo; // global displayinfo
ULONG ulSharedDelta; // delta between client and kernel mapping of ...
LPWSTR pszDllList;
} SHAREDINFO, *PSHAREDINFO;
typedef struct
{
HANDLE hHandle; //钩子的句柄
DWORD Unknown1;
PVOID Win32Thread; //一个指向 win32k!_W32THREAD 结构体的指针
PVOID Unknown2;
PVOID SelfHook; //指向结构体的首地址
PVOID NextHook; //指向下一个钩子结构体
int iHookType; //钩子的类型, winuser.h 中有定义
DWORD OffPfn; //钩子函数的地址偏移,相对于所在模块的偏移
int iHookFlags;
int iMod; //钩子函数做在模块的索引号码,通过查询 WowProcess 结构可以得到模块的基地址。
PVOID Win32ThreadHooked; // ???被钩的线程的结构指针,不知道
} HOOK_INFO,*PHOOK_INFO;
typedef struct _HEAD
{
DWORD hObject;
DWORD cLockObj;
}HEAD,*PHEAD;
typedef struct _HANDLEENTRY {
PHOOK_INFO phead; /* pointer to the real object *///也就是下面的 HOOK_INFO 结构
PVOID pOwner; /* pointer to owning entity (pti or ppi) */
BYTE bType; /* type of object */
BYTE bFlags; /* flags - like destroy flag */
WORD wUniq; /* uniqueness count */
} HANDLEENTRY, *PHANDLE_ENTRY;
typedef struct _CLIENT_ID
{
DWORD PID;
DWORD TID;
3星 · 超过75%的资源 需积分: 15 89 浏览量
2010-12-20
16:58:55
上传
评论 1
收藏 5KB TXT 举报 
sitemaker2014-03-27可惜了,网上有的,而且在windows 2003 下编译运行出错,积分要的很多。╮(╯▽╰)╭,还是别下了
MOODSKY20022014-02-20有点点看不懂。。。。。
believe麦迪2017-11-23不够详细啊
