怎樣隱藏輸入法註入的DLL？

DNF是有NP保護的。其實，反外掛只能攔截API而已。妳可以了解壹下驅動開發的基礎知識。以及Windows程序設計基礎知識，所謂的E語言，不入流的產物而已。--------------------NTSTATUS ReadPhysicalMemory(char *startaddress, UINT_PTR bytestoread, void *output)

{

HANDLE physmem;

UNICODE_STRING physmemString;

OBJECT_ATTRIBUTES attributes;

WCHAR physmemName[] = L"\\device\\physicalmemory";

UCHAR* memoryview;

NTSTATUS ntStatus = STATUS_UNSUCCESSFUL;

__try

{

RtlInitUnicodeString( &physmemString, physmemName );

InitializeObjectAttributes( &attributes, &physmemString, OBJ_CASE_INSENSITIVE, NULL, NULL );

ntStatus=ZwOpenSection( &physmem, SECTION_MAP_READ, &attributes );

if (ntStatus==STATUS_SUCCESS)

{

　UINT_PTR length;

PHYSICAL_ADDRESS viewBase;

UINT_PTR offset;

UINT_PTR toread;

viewBase.QuadPart = (ULONGLONG)(startaddress);

length=0x2000;

toread=bytestoread;

memoryview=NULL;

DbgPrint("ReadPhysicalMemory:viewBase.QuadPart=%x", viewBase.QuadPart);

ntStatus=ZwMapViewOfSection(

physmem,

NtCurrentProcess(),　&memoryview,

0L,

length,

&viewBase,

&length,

ViewShare,

0,

PAGE_READWRITE);

if (ntStatus==STATUS_SUCCESS)

{

offset=(UINT_PTR)(startaddress)-(UINT_PTR)viewBase.QuadPart;

RtlCopyMemory(output,&memoryview[offset],toread);

ZwUnmapViewOfSection( NtCurrentProcess(), memoryview);

}

else

{

DbgPrint("ReadPhysicalMemory:ntStatus=%x", ntStatus);

}

ZwClose(physmem);

};

}

__except(1)

{

DbgPrint("Error while reading physical memory\n");

}

return ntStatus;

}

上一篇:醫學上SSC代表什麽

下一篇:股票中VOL MACD KDJ RSI BIAS CCI分別表示什麽意思？