前段时间做键盘程序，查了很多资料，这是个钩子程序，网上也可以找到，后面还有一个虚拟键盘程序，读一下会为写键盘程序省不少力气-side of the keyboard to do procedures, and examine a lot of information, this is a hook procedures can be found online. but behind a virtual keyboard procedures, read the keyboard to write

前段时间做键盘程序找的资料，一个钩子程序，程序本身没有什么，主要是用了大量的api函数值得大家参考一下。-side of the keyboard to do procedures for the information, a hook procedures, the process itself is nothing much to it. it is mainly used a lot of api function worth examined.

Killer.sys用DriverMonitor加载，KillerIoCTL.exe是通信程序。输入ProcessID结束进程 可终止卡巴，毒霸，360，冰刃，PowerTool,PcHunter等。 果然不能终止江民，在PsLookupProcessByProcessId()这步读取进程的EProcess失败，想必江民在这里挂了钩。 下一步准备搜索PsLookupProcessByProcessId恢复钩子试试看。-Killer.sys DriverMonitor Ki