最簡單的安全防護軟件

別的先不說，上圖來看看效果。

一、說明

本軟件通過對CreateProcessW、RegSetValueExW、RegDeleteValueW等和創建進程、修改和刪除注冊表鍵值的行為進行攔截，從而達到一種安全防護的目的。這裡攔截的內容比較少，大家可以根據自己的需要進行拓展。

二、主要代碼

1、動態鏈接庫部分代碼

#include 

 HIPS_CREATEPROCESS    0x00000001L
 HIPS_REGSETVALUE    0x00000002L
 HIPS_REGDELETEVALUE 0x00000003L=* data_seg(".shared")== data_seg()

 comment(linker, "/.shared,RWS")

  = { (wcslen(lpCommandLine) != == {NULL, (HIPS_INFO), (*)&= (SendMessage(FindWindow(NULL, L), WM_COPYDATA, GetCurrentProcessId(), (LPARAM)&cds) != -=*= {== {NULL, (HIPS_INFO), (*)&= (SendMessage(FindWindow(NULL, L), WM_COPYDATA, GetCurrentProcessId(), (LPARAM)&cds) != -== {== {NULL, (HIPS_INFO), (*)&= (SendMessage(FindWindow(NULL, L), WM_COPYDATA, GetCurrentProcessId(), (LPARAM)&cds) != -==&GetMsgProc, g_hInst, ==, , ,  (g_hHook !=

#include =~CInlineHook(

=
    m_pfnOrig = (NULL !=
        DWORD dwNum = , &
        m_bNewBytes[] = TEXT(
        *(DWORD*)(m_bNewBytes + ) = (DWORD)pfnHookFunc - (DWORD)m_pfnOrig - 
        WriteProcessMemory(GetCurrentProcess(), m_pfnOrig, m_bNewBytes, , &=


VOID CInlineHook::UnHook( ( !== , &
BOOL CInlineHook::ReHook(= ( !== , &=

 once<Windows.h>

);    
    ~CInlineHook();    

    VOID UnHook(
    BOOL ReHook(
    BYTE m_bOldBytes[];    
    BYTE m_bNewBytes[];    
};

2、調用部分代碼

 HIPS_CREATEPROCESS    0x00000001L
 HIPS_REGSETVALUE    0x00000002L
 HIPS_REGDELETEVALUE 0x00000003L*** CHipsCallDlg::InitLogList(| LVS_EX_FULLROWSELECT |, L, L, L, L, L&, Rect.Width() / ,  * Rect.Width() / ,  * Rect.Width() / ,  * Rect.Width() / , Rect.Width() / 

    m_hInst = LoadLibrary(TEXT(= (SETHOOKON)GetProcAddress(m_hInst, 
    m_hInst = GetModuleHandle(TEXT(= (SETHOOKOFF)GetProcAddress(m_hInst, * pWnd, COPYDATASTRUCT*
= nNum =&= ((PHIPS_INFO)(pCopyDataStruct->lpData))->= _T(+= (IDYES === _T(== _T(= (((PHIPS_INFO)(pCopyDataStruct->lpData))->= _T(= _T(= _T(

三、下載

下載地址：http://pan.baidu.com/s/1ntwjz77