轉自百度空間:http://hi.baidu.com/175943462/item/657905e13b73b70b8d3ea8bb
一提到進程保護特別是在Windows下,沒有最安全,只有更安全。下面的代碼是在用戶層,截獲任務管理器的本進程名(Test.exe)被選中時的消息,以防止用任務管理器結束掉進程(當然你用其他進程工具當然可以結束掉咯!)。主要是要學習這里面的方法、熟悉幾個結構體、幾個API而矣:
1、LVITEM
Specifies or receives the attributes of a list-view item. This structure has been updated to support a new mask value (LVIF_INDENT) that enables item indenting. This structure supersedes the LV_ITEM structure.
(我這水平的英文也能湊合着看吧,相信你更沒問題!)
view plaincopy to clipboardprint?
typedef struct _LVITEM {
UINT mask;
int iItem;
int iSubItem;
UINT state;
UINT stateMask;
LPTSTR pszText;
int cchTextMax;
int iImage;
LPARAM lParam;
#if (_WIN32_IE >= 0x0300)
int iIndent;
#endif
#if (_WIN32_IE >= 0x560)
int iGroupId;
UINT cColumns; // tile view columns
PUINT puColumns;
#endif
} LVITEM, *LPLVITEM;
typedef struct _LVITEM {
UINT mask;
int iItem;
int iSubItem;
UINT state;
UINT stateMask;
LPTSTR pszText;
int cchTextMax;
int iImage;
LPARAM lParam;
#if (_WIN32_IE >= 0x0300)
int iIndent;
#endif
#if (_WIN32_IE >= 0x560)
int iGroupId;
UINT cColumns; // tile view columns
PUINT puColumns;
#endif
} LVITEM, *LPLVITEM;
2、FindWindow與FindWindowEx
view plaincopy to clipboardprint?
// 查找任務管理器ListView窗口句柄
HWND hwnd;
hwnd=FindWindow("#32770",_T("Windows 任務管理器"));
hwnd=FindWindowEx(hwnd,0,"#32770",0);
hwnd=FindWindowEx(hwnd,0,"SysListView32",0);
// Windows任務管理器尚未啟動則返回
if (!hwnd)
return;
// 查找任務管理器ListView窗口句柄
HWND hwnd;
hwnd=FindWindow("#32770",_T("Windows 任務管理器"));
hwnd=FindWindowEx(hwnd,0,"#32770",0);
hwnd=FindWindowEx(hwnd,0,"SysListView32",0);
// Windows任務管理器尚未啟動則返回
if (!hwnd)
return;
3、上面的結構體與API熟悉后,再看看這個函數吧!
view plaincopy to clipboardprint?
/************************************************************************/
/* 函數說明:禁止在任務管理器中結束本進程
/* 參 數:無
/* 返 回 值:void
/* By:Koma 2009.07.27 23:50
/************************************************************************/
void FuckWindowsManager()
{
HWND hwnd;
int iItem=0;
LVITEM lvitem, *plvitem;
char ItemBuf[512],*pItem;
DWORD PID;
HANDLE hProcess;
// 查找任務管理器ListView窗口句柄
hwnd=FindWindow("#32770",_T("Windows 任務管理器"));
hwnd=FindWindowEx(hwnd,0,"#32770",0);
hwnd=FindWindowEx(hwnd,0,"SysListView32",0);
// Windows任務管理器尚未啟動則返回
if (!hwnd)
return;
else
{
// 沒有指定目標進程則返回
iItem=SendMessage(hwnd,LVM_GETNEXTITEM,-1,LVNI_SELECTED);
if (iItem==-1)
return;
else
{
GetWindowThreadProcessId(hwnd, &PID);
// 獲取進程句柄操作失敗則返回
hProcess=OpenProcess(PROCESS_ALL_ACCESS,false,PID);
if (!hProcess)
return;
else
{
plvitem=(LVITEM*)VirtualAllocEx(hProcess, NULL, sizeof(LVITEM), MEM_COMMIT, PAGE_READWRITE);
pItem=(char*)VirtualAllocEx(hProcess, NULL, 512, MEM_COMMIT, PAGE_READWRITE);
// 無法分配內存則返回
if ((!plvitem)||(!pItem))
return;
else
{
lvitem.cchTextMax=512;
//lvitem.iSubItem=1;//PID
lvitem.iSubItem=0; //ProcessName
lvitem.pszText=pItem;
WriteProcessMemory(hProcess, plvitem, &lvitem, sizeof(LVITEM), NULL);
SendMessage(hwnd, LVM_GETITEMTEXT, (WPARAM)iItem, (LPARAM)plvitem);
ReadProcessMemory(hProcess, pItem, ItemBuf, 512, NULL);
// 比較字符串,將Test.exe改成你的進程映像名即可
CString str = (CString)ItemBuf;
if(str.CompareNoCase(_T("Test.exe")) == 0)
{
HWND hWnd=FindWindow(NULL,_T("Windows 任務管理器"));
SendMessage(hWnd,WM_DESTROY,0,0);
Sleep(10);
MessageBox(NULL,_T("禁止關閉系統關鍵進程!"),_T("提示"),MB_ICONERROR | MB_OK);
}
}
}
}
}
//釋放內存
CloseHandle(hwnd);
CloseHandle(hProcess);
VirtualFreeEx(hProcess, plvitem, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, pItem, 0, MEM_RELEASE);
}
/************************************************************************/
/* 函數說明:禁止在任務管理器中結束本進程
/* 參 數:無
/* 返 回 值:void
/* By:Koma 2009.07.27 23:50
/************************************************************************/
void FuckWindowsManager()
{
HWND hwnd;
int iItem=0;
LVITEM lvitem, *plvitem;
char ItemBuf[512],*pItem;
DWORD PID;
HANDLE hProcess;
// 查找任務管理器ListView窗口句柄
hwnd=FindWindow("#32770",_T("Windows 任務管理器"));
hwnd=FindWindowEx(hwnd,0,"#32770",0);
hwnd=FindWindowEx(hwnd,0,"SysListView32",0);
// Windows任務管理器尚未啟動則返回
if (!hwnd)
return;
else
{
// 沒有指定目標進程則返回
iItem=SendMessage(hwnd,LVM_GETNEXTITEM,-1,LVNI_SELECTED);
if (iItem==-1)
return;
else
{
GetWindowThreadProcessId(hwnd, &PID);
// 獲取進程句柄操作失敗則返回
hProcess=OpenProcess(PROCESS_ALL_ACCESS,false,PID);
if (!hProcess)
return;
else
{
plvitem=(LVITEM*)VirtualAllocEx(hProcess, NULL, sizeof(LVITEM), MEM_COMMIT, PAGE_READWRITE);
pItem=(char*)VirtualAllocEx(hProcess, NULL, 512, MEM_COMMIT, PAGE_READWRITE);
// 無法分配內存則返回
if ((!plvitem)||(!pItem))
return;
else
{
lvitem.cchTextMax=512;
//lvitem.iSubItem=1;//PID
lvitem.iSubItem=0; //ProcessName
lvitem.pszText=pItem;
WriteProcessMemory(hProcess, plvitem, &lvitem, sizeof(LVITEM), NULL);
SendMessage(hwnd, LVM_GETITEMTEXT, (WPARAM)iItem, (LPARAM)plvitem);
ReadProcessMemory(hProcess, pItem, ItemBuf, 512, NULL);
// 比較字符串,將Test.exe改成你的進程映像名即可
CString str = (CString)ItemBuf;
if(str.CompareNoCase(_T("Test.exe")) == 0)
{
HWND hWnd=FindWindow(NULL,_T("Windows 任務管理器"));
SendMessage(hWnd,WM_DESTROY,0,0);
Sleep(10);
MessageBox(NULL,_T("禁止關閉系統關鍵進程!"),_T("提示"),MB_ICONERROR | MB_OK);
}
}
}
}
}
//釋放內存
CloseHandle(hwnd);
CloseHandle(hProcess);
VirtualFreeEx(hProcess, plvitem, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, pItem, 0, MEM_RELEASE);
}
4、VC源代碼工程
下載地址1:http://www.rayfile.com/files/31bedea3-7b13-11de-9d03-0014221b798a/
下載地址2:http://download.csdn.net/source/1524075
http://blog.csdn.net/dingxz105090/article/details/27367937