void WINAPI ServiceProc(DWORD argCnt, LPSTR *args) // this is the main function of our service, we do all the work here... { HANDLE event; CHAR evName [MAX_PATH]; // the first thing we shall do here is to register a service control handler statusHandle = RegisterServiceCtrlHandlerA(CServiceName, ServiceHandler); if (statusHandle) { UpdateStatus(SERVICE_START_PENDING); // InitializeMadCHook is needed only if you're using the static madCHook.lib InitializeMadCHook(); // now we create our ipc queue if (CreateIpcQueue(CServiceName, DllInjectIpcHandler)) { // create a shutdown event, which we need later lstrcpyA(evName, CServiceName); lstrcatA(evName, "ShutdownEvent"); event = CreateGlobalEvent(evName, true, false); // okay, initialization is done UpdateStatus(SERVICE_RUNNING); // here our service does the real work // our injection service does nothing but listen to our ipc queue // the ipc queue has its own thread, so we just wait for the shutdown event WaitForSingleObject(event, INFINITE); CloseHandle(event); } // FinalizeMadCHook is needed only if you're using the static madCHook.lib FinalizeMadCHook(); UpdateStatus(SERVICE_STOPPED); } }
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { // InitializeMadCHook is needed only if you're using the static madCHook.lib InitializeMadCHook(); ShowExplorerCmdLine(); // FinalizeMadCHook is needed only if you're using the static madCHook.lib FinalizeMadCHook(); return true; }
/// /// @brief api 후킹 해제 /// void EndHook() { UnhookAPI((PVOID*)&ZwResumeThreadNext); UnhookAPI((PVOID*)&GetOpenFileNameWNext); UnhookAPI((PVOID*)&GetOpenFileNameANext); UnhookAPI((PVOID*)&DragQueryFileWNext); UnhookAPI((PVOID*)&DragQueryFileANext); UnhookAPI((PVOID*)&sendNext); UnhookAPI((PVOID*)&WSASendNext); UnhookAPI((PVOID*)&InternetWriteFileNext); FinalizeMadCHook(); EjectDLLToControlProcess(); }