Enhance Eyedefender [part II]

In order to auto lock pc after unlock screen. add more modification to eyedefender

add  lockworkstation
00418940 . 75 73 65 72 33 32 2E 64 6C 6C 00 ascii “user32.dll”,0
0041894B . 4C 6F 63 6B 57 6F 72 6B 53 74 61 74 69 6F 6E 00 ascii “LockWorkStation”,0
0041895B 55 push ebp
0041895C 8BEC mov ebp, esp
0041895E 68 4B894100 push EyeDefen.0041894B ; ASCII “LockWorkStation”
00418963 68 40894100 push EyeDefen.00418940 ; ASCII “user32.dll”
00418968 FF15 AC914100 call dword ptr [<&KERNEL32.GetModuleHandleA>] ; kernel32.GetModuleHandleA
0041896E 50 push eax
0041896F FF15 B4904100 call dword ptr [<&KERNEL32.GetProcAddress>] ; kernel32.GetProcAddress
00418975 85C0 test eax, eax
00418977 74 02 je short EyeDefen.0041897B
00418979 FFD0 call eax
0041897B 5D pop ebp
0041897C C3 retn

75 73 65 72 33 32 2E 64 6C 6C 00 4C 6F 63 6B 57 6F 72 6B 53 74 61 74 69 6F 6E 00 55 8B EC 68 4B
89 41 00 68 40 89 41 00 FF 15 AC 91 41 00 50 FF 15 B4 90 41 00 85 C0 74 02 FF D0 5D C3

inside of the procedure of WM_DESTROY
replace old call dword ptr [<&USER32.ShowCursor>]
0040E652 /E9 2AA30000 jmp EyeDefen.00418981
0040E657 |90 nop

and write down the code, write down the show cursor first,and then call our own lockworkstation, finally return
00418981 FF15 68924100 call dword ptr [<&USER32.ShowCursor>] ; USER32.ShowCursor
00418987 E8 CFFFFFFF call EyeDefen.0041895B
0041898C ^ E9 C75CFFFF jmp EyeDefen.0040E658

disallow Alt+F4 to background window

004093AC /$ 55 push ebp
004093AD |. 8BEC mov ebp, esp
004093AF |. 53 push ebx
004093B0 |. 8D46 20 lea eax, dword ptr [esi+20]
004093B3 |. 50 push eax
004093B4 |. BB 30D84100 mov ebx, EyeDefen.0041D830
004093B9 |. E8 55A7FFFF call EyeDefen.00403B13
004093BE |. 837D 14 00 cmp [arg.4], 0
004093C2 |. 75 07 jnz short EyeDefen.004093CB
004093C4 C745 14 0000CF06 mov dword ptr [ebp+14], 6CF0000 ; modify this to 0ECF0000
004093CB |> 837D 18 00 cmp [arg.5], 0
004093CF |. 75 07 jnz short EyeDefen.004093D8
004093D1 |. C745 18 00010400 mov [arg.5], 40100
004093D8 |> 8B4D 0C mov ecx, [arg.2]
004093DB |. 85C9 test ecx, ecx
004093DD |. 75 05 jnz short EyeDefen.004093E4
004093DF |. B9 18D84100 mov ecx, EyeDefen.0041D818
004093E4 |> FF75 20 push [arg.7]
004093E7 |. 8B55 1C mov edx, [arg.6]
004093EA |. 50 push eax
004093EB |. 51 push ecx
004093EC |. 8BC4 mov eax, esp
004093EE |. FF75 18 push [arg.5]
004093F1 |. 8910 mov dword ptr [eax], edx
004093F3 |. FF75 14 push [arg.4]
004093F6 |. 8BDE mov ebx, esi
004093F8 |. FF75 10 push [arg.3]
004093FB |. 51 push ecx
004093FC |. 8BC4 mov eax, esp
004093FE |. FF75 08 push [arg.1]
00409401 |. 8908 mov dword ptr [eax], ecx
00409403 |. E8 6F000000 call EyeDefen.00409477
00409408 |. 5B pop ebx
00409409 |. 5D pop ebp
0040940A \. C2 1C00 retn 1C

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s