- 积分
- 40156
- 好友
- 记录
- 主题
- 帖子
- 听众
- 收听
|
发表于 2013-10-6 14:59:26
|
显示全部楼层
这里说的只是在WINDOWS 任务管理器里隐藏,不是在进程里消失
例如我们要隐藏QQ进程,不在WINDOWS任务管理器里显示
使用方法
[code=c] private WindowsAPI.HideTaskmgrList _List = new WindowsAPI.HideTaskmgrList();
private void Form1_Load(object sender, EventArgs e)
{
_List.ProcessName = "QQ.exe";
_List.Star();
}
下面是全部的类
view plaincopy to clipboardprint?
namespace WindowsAPI
{
/// <summary>
/// 在WINDOWS任务管理器里 不显示进程
/// qq:116149
/// zgke@sina.copm
/// </summary>
public class HideTaskmgrList
{
private System.Timers.Timer m_Time = new System.Timers.Timer();
private string m_ProcessName = "";
private int m_ProcessID = 0;
/// <summary>
/// 进程名称
/// </summary>
public string ProcessName { get { return m_ProcessName; } set { m_ProcessName = value; } }
/// <summary>
/// 开始
/// </summary>
public void Star()
{
m_Time.Enabled = true;
}
/// <summary>
/// 停止
/// </summary>
public void Stop()
{
m_Time.Enabled = false;
}
public HideTaskmgrList()
{
m_Time.Interval = 1;
m_Time.Elapsed += new System.Timers.ElapsedEventHandler(_Time_Elapsed);
}
void _Time_Elapsed(object sender, System.Timers.ElapsedEventArgs e)
{
HideTaskmgrListOfName(m_ProcessName);
}
/// <summary>
/// 获取所有控件
/// </summary>
/// <param name="p_Handle"></param>
/// <param name="p_Param"></param>
/// <returns></returns>
private bool NetEnumControl(IntPtr p_Handle, int p_Param)
{
WindowsAPI.Win32API.STRINGBUFFER _TextString = new WindowsAPI.Win32API.STRINGBUFFER();
WindowsAPI.Win32API.GetWindowText(p_Handle, out _TextString, 256);
WindowsAPI.Win32API.STRINGBUFFER _ClassName = new WindowsAPI.Win32API.STRINGBUFFER();
WindowsAPI.Win32API.GetClassName(p_Handle, out _ClassName, 255);
if (_TextString.szText == "进程" && _ClassName.szText == "SysListView32")
{
Hide(p_Handle);
return false;
}
return true;
}
/// <summary>
/// 隐藏
/// </summary>
/// <param name="p_ListViewIntPtr"></param>
public void Hide(IntPtr p_ListViewIntPtr)
{
IntPtr _ControlIntPtr = p_ListViewIntPtr;
int _ItemCount = WindowsAPI.Win32API.SendMessage(p_ListViewIntPtr, 0x1004, 0, 0);
WindowsAPI.Win32API.ProcessAccessType _Type;
_Type = WindowsAPI.Win32API.ProcessAccessType.PROCESS_VM_OPERATION | WindowsAPI.Win32API.ProcessAccessType.PROCESS_VM_READ | WindowsAPI.Win32API.ProcessAccessType.PROCESS_VM_WRITE;
IntPtr _ProcessIntPtr = WindowsAPI.Win32API.OpenProcess(_Type, 1, (uint)m_ProcessID);
IntPtr _Out = IntPtr.Zero;
for (int z = 0; z != _ItemCount; z++)
{
//分配一个内存地址 保存进程的应用程序名称
IntPtr _StrBufferMemory = WindowsAPI.Win32API.VirtualAllocEx(_ProcessIntPtr, 0, 255, WindowsAPI.Win32API.MEM_COMMIT.MEM_COMMIT, WindowsAPI.Win32API.MEM_PAGE.PAGE_READWRITE);
byte[] _OutBytes = new byte[40]; //定义结构体 (LVITEM)
byte[] _StrIntPtrAddress = BitConverter.GetBytes(_StrBufferMemory.ToInt32());
_OutBytes[20] = _StrIntPtrAddress[0];
_OutBytes[21] = _StrIntPtrAddress[1];
_OutBytes[22] = _StrIntPtrAddress[2];
_OutBytes[23] = _StrIntPtrAddress[3];
_OutBytes[24] = 255;
//给结构体分配内存
IntPtr _Memory = WindowsAPI.Win32API.VirtualAllocEx(_ProcessIntPtr, 0, _OutBytes.Length, WindowsAPI.Win32API.MEM_COMMIT.MEM_COMMIT, WindowsAPI.Win32API.MEM_PAGE.PAGE_READWRITE);
//把数据传递给结构体 (LVITEM)
WindowsAPI.Win32API.WriteProcessMemory(_ProcessIntPtr, _Memory, _OutBytes, (uint)_OutBytes.Length, out _Out);
//发送消息获取结构体数据
WindowsAPI.Win32API.SendMessage(p_ListViewIntPtr, 0x102D, z, _Memory);
//获取结构体数据
WindowsAPI.Win32API.ReadProcessMemory(_ProcessIntPtr, _Memory, _OutBytes, (uint)_OutBytes.Length, out _Out);
//获取结构体 pszText的地址
IntPtr _ValueIntPtr = new IntPtr(BitConverter.ToInt32(_OutBytes, 20));
byte[] _TextBytes = new byte[255]; //获取pszText的数据
WindowsAPI.Win32API.ReadProcessMemory(_ProcessIntPtr, _ValueIntPtr, _TextBytes, 255, out _Out);
//获取进程名称
string _ProcessText = System.Text.Encoding.Default.GetString(_TextBytes).Trim(new Char[] { '\0' });
//释放内存
WindowsAPI.Win32API.VirtualFreeEx(_ProcessIntPtr, _StrBufferMemory, 0, WindowsAPI.Win32API.MEM_COMMIT.MEM_RELEASE);
WindowsAPI.Win32API.VirtualFreeEx(_ProcessIntPtr, _Memory, 0, WindowsAPI.Win32API.MEM_COMMIT.MEM_RELEASE);
if (_ProcessText == m_ProcessName)
{
WindowsAPI.Win32API.SendMessage(p_ListViewIntPtr, 0x1008, z, 0);
}
}
}
/// <summary>
/// 在WINDOWS任务管理器里隐藏一行 需要一直调用 会被任务管理器刷新出来
/// </summary>
/// <param name="p_Name">名称 如QQ.exe</param>
public void HideTaskmgrListOfName(string p_Name)
{
System.Diagnostics.Process[] _ProcessList = System.Diagnostics.Process.GetProcessesByName("taskmgr");
for (int i = 0; i != _ProcessList.Length; i++)
{
if (_ProcessList.MainWindowTitle == "Windows 任务管理器")
{
m_ProcessID = _ProcessList.Id;
WindowsAPI.Win32API.EnumWindowsProc _EunmControl = new WindowsAPI.Win32API.EnumWindowsProc(NetEnumControl);
WindowsAPI.Win32API.EnumChildWindows(_ProcessList.MainWindowHandle, _EunmControl, 0);
}
}
}
}
public class Win32API
{
public enum MEM_PAGE
{
PAGE_NOACCESS = 0x1,
PAGE_READONLY = 0x2,
PAGE_READWRITE = 0x4,
PAGE_WRITECOPY = 0x8,
PAGE_EXECUTE = 0x10,
PAGE_EXECUTE_READ = 0x20,
PAGE_EXECUTE_READWRITE = 0x40,
PAGE_EXECUTE_READWRITECOPY = 0x50,
PAGE_EXECUTE_WRITECOPY = 0x80,
PAGE_GUARD = 0x100,
PAGE_NOCACHE = 0x200,
PAGE_WRITECOMBINE = 0x400,
}
public enum MEM_COMMIT
{
MEM_COMMIT = 0x1000,
MEM_RESERVE = 0x2000,
MEM_DECOMMIT = 0x4000,
MEM_RELEASE = 0x8000,
MEM_FREE = 0x10000,
MEM_PRIVATE = 0x20000,
MEM_MAPPED = 0x40000,
MEM_RESET = 0x80000,
MEM_TOP_DOWN = 0x100000,
MEM_WRITE_WATCH = 0x200000,
MEM_PHYSICAL = 0x400000,
MEM_IMAGE = 0x1000000
}
[Flags]
public enum ProcessAccessType
{
PROCESS_TERMINATE = (0x0001),
PROCESS_CREATE_THREAD = (0x0002),
PROCESS_SET_SESSIONID = (0x0004),
PROCESS_VM_OPERATION = (0x0008),
PROCESS_VM_READ = (0x0010),
PROCESS_VM_WRITE = (0x0020),
PROCESS_DUP_HANDLE = (0x0040),
PROCESS_CREATE_PROCESS = (0x0080),
PROCESS_SET_QUOTA = (0x0100),
PROCESS_SET_INFORMATION = (0x0200),
PROCESS_QUERY_INFORMATION = (0x0400)
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct STRINGBUFFER
{
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = 512)]
public string szText;
}
public delegate bool EnumWindowsProc(IntPtr p_Handle, int p_Param);
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(ProcessAccessType dwDesiredAccess, int bInheritHandle, uint dwProcessId);
[DllImport("kernel32.dll")]
public static extern Int32 CloseHandle(IntPtr hObject);
[DllImport("kernel32.dll")]
public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesRead);
[DllImport("kernel32.dll")]
public static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesWritten);
[DllImport("kernel32.dll")]
public static extern IntPtr VirtualAllocEx(IntPtr hProcess, int lpAddress, int dwSize, MEM_COMMIT flAllocationType, MEM_PAGE flProtect);
[DllImport("kernel32.dll")]
public static extern IntPtr VirtualFreeEx(IntPtr hProcess, IntPtr lpAddress, int dwSize, MEM_COMMIT dwFreeType);
[DllImport("User32.dll", CharSet = CharSet.Auto)]
public static extern int GetWindowText(IntPtr hWnd, out STRINGBUFFER text, int nMaxCount);
[DllImport("User32.dll", CharSet = CharSet.Auto)]
public static extern int GetClassName(IntPtr hWnd, out STRINGBUFFER ClassName, int nMaxCount);
[DllImport("user32.dll", CharSet = CharSet.Auto)]
public static extern int SendMessage(IntPtr hWnd, int Msg, int wParam, int lParam);
[DllImport("user32.dll", CharSet = CharSet.Auto)]
public static extern int SendMessage(IntPtr hWnd, int Msg, int wParam, IntPtr lParam);
[DllImport("user32.dll")]
public static extern int EnumChildWindows(IntPtr hWndParent, EnumWindowsProc ewp, int lParam);
}
}[/code]
|
|
窥视卡
雷达卡
发表于 2013-10-5 20:26:21
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡
楼主