C++ (Cpp) NtQIP示例

编程语言: C++ (Cpp)

方法/功能: NtQIP

hotexamples.com的示例: 4

C++ (Cpp) NtQIP - 已找到4个示例。这些是从开源项目中提取的最受好评的NtQIP现实C++ (Cpp)示例。您可以评价示例，以帮助我们提高示例质量。

示例#1

显示文件

文件： DLLMain.cpp 项目： NtQuery/DebugDetector

__declspec(dllexport) DWORD __cdecl PluginDebugCheck(int iWinVer)
{
	typedef NTSTATUS (WINAPI *pNtQueryInformationProcess)(HANDLE ,UINT ,PVOID ,ULONG , PULONG); 

	DWORD NoDebugInherit = 0;
	NTSTATUS Status; 

	HMODULE hNTDLL = GetModuleHandle(L"ntdll.dll");
	if(hNTDLL == INVALID_HANDLE_VALUE)
	{
		sErrorMessage = TEXT("Failed to load ntdll");
		return -1;
	}

	pNtQueryInformationProcess NtQIP = (pNtQueryInformationProcess)GetProcAddress(hNTDLL,"NtQueryInformationProcess"); 
	if(NtQIP == NULL)
	{
		sErrorMessage = TEXT("Failed to load NtQueryInformationProcess");
		return -1;
	}

	Status = NtQIP(GetCurrentProcess(),0x1f,&NoDebugInherit,4,NULL); 
	if (Status != 0x00000000)
	{
		sErrorMessage = TEXT("Error in NtQueryInformationProcess");
		return -1; 
	}

	if(NoDebugInherit == FALSE)
		return 1;
	else
		return 0;
}

示例#2

显示文件

文件： main.cpp 项目： soyasoya5/TitanHide

bool CheckProcessDebugPort()
{
	// Much easier in ASM but C/C++ looks so much better
	typedef int (WINAPI* pNtQueryInformationProcess)
		(HANDLE, UINT, PVOID, ULONG, PULONG);

	DWORD_PTR DebugPort = 0;
	ULONG ReturnSize = 0;
	int Status;

	// Get NtQueryInformationProcess
	pNtQueryInformationProcess NtQIP = (pNtQueryInformationProcess)
		GetProcAddress(GetModuleHandle(TEXT("ntdll.dll")),
		"NtQueryInformationProcess");

	Status = NtQIP(GetCurrentProcess(),
		0x7, // ProcessDebugPort
		&DebugPort, sizeof(DebugPort), &ReturnSize);

	if (Status != 0x00000000)
	{
		printf("NtQueryInformationProcess failed with %X, %d\n", Status, ReturnSize);
		return false;
	}

	if (DebugPort)
		return true;
	else
		return false;
}

示例#3

显示文件

文件： main.cpp 项目： soyasoya5/TitanHide

bool CheckProcessDebugFlags()
{
	// Much easier in ASM but C/C++ looks so much better
	typedef int (WINAPI* pNtQueryInformationProcess)
		(HANDLE, UINT, PVOID, ULONG, PULONG);

	DWORD NoDebugInherit = 0;
	int Status;

	// Get NtQueryInformationProcess
	pNtQueryInformationProcess NtQIP = (pNtQueryInformationProcess)
		GetProcAddress(GetModuleHandle(TEXT("ntdll.dll")),
		"NtQueryInformationProcess");


	Status = NtQIP(GetCurrentProcess(),
		0x1f, // ProcessDebugFlags
		&NoDebugInherit, sizeof(NoDebugInherit), NULL);

	if (Status != 0x00000000)
	{
		printf("NtQueryInformationProcess failed with %X\n", Status);
		return false;
	}

	if (NoDebugInherit == FALSE)
		return true;
	else
		return false;
}

示例#4

显示文件

文件： main.cpp 项目： soyasoya5/TitanHide

bool CheckProcessDebugObjectHandle()
{
	// Much easier in ASM but C/C++ looks so much better
	typedef int (WINAPI* pNtQueryInformationProcess)
		(HANDLE, UINT, PVOID, ULONG, PULONG);

	DWORD_PTR DebugHandle = 0;
	int Status;
	ULONG ReturnSize = 0;

	// Get NtQueryInformationProcess
	pNtQueryInformationProcess NtQIP = (pNtQueryInformationProcess)
		GetProcAddress(GetModuleHandle(TEXT("ntdll.dll")),
		"NtQueryInformationProcess");

	Status = NtQIP(GetCurrentProcess(),
		30, // ProcessDebugHandle
		&DebugHandle, sizeof(DebugHandle), &ReturnSize);

	if (Status != 0x00000000)
	{
		if (Status != 0xC0000353) //STATUS_PORT_NOT_SET
			printf("NtQueryInformationProcess failed with %X, %d\n", Status, ReturnSize);
		return false;
	}


	if (DebugHandle)
	{
		CloseHandle((HANDLE)DebugHandle);
		return true;
	}

	else
		return false;
}