VC禁止在任务管理器中结束本进程

//选中其他进程的listview并发送双击消息,//输入参数1,其他进程的listview句柄,2,第几个条目BOOLdouble_click_listview(HWNDhwnd,longiItem){DWORDPID;HANDLEhProcess;LVITEMmyItem,*plvItem;NMHDRmyNMHDR,*pNMHDR;GetWindowThreadProcessId(hwnd,PID);//得到进程IDhProcess=OpenProcess(PROCESS_ALL_ACCESS,false,PID);//打开进程myItem.state=LVIS_SELECTED|LVIS_FOCUSED|LVIS_ACTIVATING;myItem.stateMask=LVIS_SELECTED;plvItem=(LVITEM*)VirtualAllocEx(hProcess,NULL,sizeof(LVITEM),MEM_COMMIT,PAGE_READWRITE);WriteProcessMemory(hProcess,plvItem,myItem,sizeof(myItem),NULL);//’写入内存SendMessage(hwnd,LVM_SETITEMSTATE,(WPARAM)iItem,(LPARAM)plvItem);//(WPARAM)iItem,(LPARAM)plvitem);//以上实现了选中指定行DWORDdwOldProtect;pNMHDR=(NMHDR*)VirtualAllocEx(hProcess,NULL,sizeof(NMHDR),MEM_COMMIT,PAGE_READWRITE);//’分配内存myNMHDR.code=NM_DBLCLK;myNMHDR.hwndFrom=hwnd;myNMHDR.idFrom=GetWindowLong(hwnd,GWL_ID);VirtualProtectEx(hProcess,pNMHDR,sizeof(NMHDR),PAGE_READWRITE,dwOldProtect);//此语句可以省略?WriteProcessMemory(hProcess,pNMHDR,myNMHDR,sizeof(myNMHDR),NULL);//’写入内存VirtualProtectEx(hProcess,pNMHDR,sizeof(NMHDR),dwOldProtect,dwOldProtect);/此语句可以省略?HWNDP_hwnd=NULL;P_hwnd=::GetParent(hwnd);BOOLretval;retval=::PostMessage(P_hwnd,WM_NOTIFY,(WPARAM)myNMHDR.idFrom,(LPARAM)pNMHDR);//此句返回失败CloseHandle(hProcess);VirtualFreeEx(hProcess,plvItem,0,MEM_RELEASE);VirtualFreeEx(hProcess,pNMHDR,0,MEM_RELEASE);returnTRUE;}参考了以下两篇文章

转自百度空间:

 

 

一提到进程保护特别是在Windows下,没有最安全,只有更安全。下面的代码是在用户层,截获任务管理器的本进程名(Test.exe)被选中时的消息,以防止用任务管理器结束掉进程(当然你用其他进程工具当然可以结束掉咯!)。主要是要学习这里面的方法、熟悉几个结构体、几个API而矣:

1、LVITEM

      Specifies or receives the attributes of a list-view item. This
structure has been updated to support a new mask value (LVIF_INDENT)
that enables item indenting. This structure supersedes the LV_ITEM
structure.

      (我这水平的英文也能凑合着看吧,相信你更没问题!)

view plaincopy to clipboardprint?
typedef struct _LVITEM {    
    UINT mask;    
    int iItem;    
    int iSubItem;    
    UINT state;    
    UINT stateMask;    
    LPTSTR pszText;    
    int cchTextMax;    
    int iImage;    
    LPARAM lParam;   
#if (_WIN32_IE >= 0x0300)   
    int iIndent;   
#endif   
#if (_WIN32_IE >= 0x560)   
    int iGroupId;   
    UINT cColumns; // tile view columns   
    PUINT puColumns;   
#endif   
} LVITEM, *澳门贵宾会娱乐官网,LPLVITEM;   
typedef struct _LVITEM { 
    UINT mask; 
    int iItem; 
    int iSubItem; 
    UINT state; 
    UINT stateMask; 
    LPTSTR pszText; 
    int cchTextMax; 
    int iImage; 
    LPARAM lParam;
#if (_WIN32_IE >= 0x0300)
    int iIndent;
#endif
#if (_WIN32_IE >= 0x560)
    int iGroupId;
    UINT cColumns; // tile view columns
    PUINT puColumns;
#endif
} LVITEM, *LPLVITEM; 

2、FindWindow与FindWindowEx

view plaincopy to clipboardprint?
// 查找任务管理器ListView窗口句柄   
HWND    hwnd;   
hwnd=FindWindow(“#32770”,_T(“Windows 任务管理器”));   
hwnd=FindWindowEx(hwnd,0,”#32770″,0);   
hwnd=FindWindowEx(hwnd,0,”SysListView32″,0);   

// Windows任务管理器尚未启动则返回   
if (!hwnd)     
    return; 
// 查找任务管理器ListView窗口句柄
HWND hwnd;
hwnd=FindWindow(“#32770”,_T(“Windows 任务管理器”));
hwnd=FindWindowEx(hwnd,0,”#32770″,0);
hwnd=FindWindowEx(hwnd,0,”SysListView32″,0);

// Windows任务管理器尚未启动则返回
if (!hwnd) 
   return;

3、上面的结构体与API熟悉后,再看看这个函数吧!

view plaincopy to clipboardprint?
/************************************************************************/     
/*
函数说明:禁止在任务管理器中结束本进程                                         
/* 参    数:无                                     
/* 返 回 值:void      
/* By:Koma   2009.07.27 23:50                                  
/************************************************************************/ 
void FuckWindowsManager()   
{   
    HWND    hwnd;   
    int     iItem=0;   
    LVITEM lvitem, *plvitem;   
    char    ItemBuf[512],*pItem;   
    DWORD   PID;   
    HANDLE hProcess;   
       
    // 查找任务管理器ListView窗口句柄   
    hwnd=FindWindow(“#32770”,_T(“Windows 任务管理器”));   
    hwnd=FindWindowEx(hwnd,0,”#32770″,0);   
    hwnd=FindWindowEx(hwnd,0,”SysListView32″,0);   

    // Windows任务管理器尚未启动则返回   
    if (!hwnd)     
        return;   
    else 
    {   
        // 没有指定目标进程则返回   
        iItem=SendMessage(hwnd,LVM_GETNEXTITEM,-1,LVNI_SELECTED);   
        if (iItem==-1)     
            return;   
        else 
        {   
            GetWindowThreadProcessId(hwnd, &PID);   

            // 获取进程句柄操作失败则返回   
            hProcess=OpenProcess(PROCESS_ALL_ACCESS,false,PID);   
            if (!hProcess)   
                return;            
            else 
            {   
                plvitem=(LVITEM*)VirtualAllocEx(hProcess, NULL,
sizeof(LVITEM), MEM_COMMIT, PAGE_READWRITE);   
                pItem=(char*)VirtualAllocEx(hProcess, NULL, 512,
MEM_COMMIT, PAGE_READWRITE);   

                // 无法分配内存则返回   
                if ((!plvitem)||(!pItem))   
                    return;                
                else 
                {   
                    lvitem.cchTextMax=512;   
                    //lvitem.iSubItem=1;//PID   
                    lvitem.iSubItem=0; //ProcessName   
                    lvitem.pszText=pItem;   
                    WriteProcessMemory(hProcess, plvitem, &lvitem,
sizeof(LVITEM), NULL);   
                    SendMessage(hwnd, LVM_GETITEMTEXT, (WPARAM)iItem,
(LPARAM)plvitem);   
                    ReadProcessMemory(hProcess, pItem, ItemBuf, 512,
NULL);   
                       
                    // 比较字符串,将Test.exe改成你的进程映像名即可   
                    CString str = (CString)ItemBuf;   
                    if(str.CompareNoCase(_T(“Test.exe”)) == 0)   
                    {   
                        HWND hWnd=FindWindow(NULL,_T(“Windows
任务管理器”));   
                        SendMessage(hWnd,WM_DESTROY,0,0);   
                        Sleep(10);   
                       
MessageBox(NULL,_T(“禁止关闭系统关键进程!”),_T(“提示”),MB_ICONERROR
| MB_OK);   
                    }   
                }   
            }   
        }   
    }   
       
    //释放内存   
    CloseHandle(hwnd);   
    CloseHandle(hProcess);   
    VirtualFreeEx(hProcess, plvitem, 0, MEM_RELEASE);   
    VirtualFreeEx(hProcess, pItem, 0, MEM_RELEASE);   

/************************************************************************/ 
/*
函数说明:禁止在任务管理器中结束本进程                                       
/* 参    数:无                                   
/* 返 回 值:void    
/* By:Koma   2009.07.27 23:50                                
/************************************************************************/
void FuckWindowsManager()
{
HWND hwnd;
int   iItem=0;
LVITEM lvitem, *plvitem;
char ItemBuf[512],*pItem;
DWORD PID;
HANDLE hProcess;

// 查找任务管理器ListView窗口句柄
hwnd=FindWindow(“#32770”,_T(“Windows 任务管理器”));
hwnd=FindWindowEx(hwnd,0,”#32770″,0);
hwnd=FindWindowEx(hwnd,0,”SysListView32″,0);

// Windows任务管理器尚未启动则返回
if (!hwnd) 
   return;
else
{
   // 没有指定目标进程则返回
   iItem=SendMessage(hwnd,LVM_GETNEXTITEM,-1,LVNI_SELECTED);
   if (iItem==-1) 
    return;
   else
   {
    GetWindowThreadProcessId(hwnd, &PID);

    // 获取进程句柄操作失败则返回
    hProcess=OpenProcess(PROCESS_ALL_ACCESS,false,PID);
    if (!hProcess)
     return;   
    else
    {
     plvitem=(LVITEM*)VirtualAllocEx(hProcess, NULL, sizeof(LVITEM),
MEM_COMMIT, PAGE_READWRITE);
     pItem=(char*)VirtualAllocEx(hProcess, NULL, 512, MEM_COMMIT,
PAGE_READWRITE);

     // 无法分配内存则返回
     if ((!plvitem)||(!pItem))
      return;    
     else
     {
      lvitem.cchTextMax=512;
      //lvitem.iSubItem=1;//PID
      lvitem.iSubItem=0; //ProcessName
      lvitem.pszText=pItem;
      WriteProcessMemory(hProcess, plvitem, &lvitem, sizeof(LVITEM),
NULL);
      SendMessage(hwnd, LVM_GETITEMTEXT, (WPARAM)iItem,
(LPARAM)plvitem);
      ReadProcessMemory(hProcess, pItem, ItemBuf, 512, NULL);
     
      // 比较字符串,将Test.exe改成你的进程映像名即可
      CString str = (CString)ItemBuf;
      if(str.CompareNoCase(_T(“Test.exe”)) == 0)
      {
       HWND hWnd=FindWindow(NULL,_T(“Windows 任务管理器”));
       SendMessage(hWnd,WM_DESTROY,0,0);
       Sleep(10);
      
MessageBox(NULL,_T(“禁止关闭系统关键进程!”),_T(“提示”),MB_ICONERROR
| MB_OK);
      }
     }
    }
   }
}

//释放内存
CloseHandle(hwnd);
CloseHandle(hProcess);
VirtualFreeEx(hProcess, plvitem, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, pItem, 0, MEM_RELEASE);
}

4、VC源代码工程

   
下载地址1:

    下载地址2:

发表评论

电子邮件地址不会被公开。 必填项已用*标注