转自百度空间:http://hi.baidu.com/175943462/item/657905e13b73b70b8d3ea8bb
一提到进程保护特别是在Windows下,没有最安全,只有更安全。下面的代码是在用户层,截获任务管理器的本进程名(Test.exe)被选中时的消息,以防止用任务管理器结束掉进程(当然你用其他进程工具当然可以结束掉咯!)。主要是要学习这里面的方法、熟悉几个结构体、几个API而矣:
1、LVITEM
Specifies or receives the attributes of a list-view item. This structure has been updated to support a new mask value (LVIF_INDENT) that enables item indenting. This structure supersedes the LV_ITEM structure.
(我这水平的英文也能凑合着看吧,相信你更没问题!)
view plaincopy to clipboardprint?
typedef struct _LVITEM {
UINT mask;
int iItem;
int iSubItem;
UINT state;
UINT stateMask;
LPTSTR pszText;
int cchTextMax;
int iImage;
LPARAM lParam;
#if (_WIN32_IE >= 0x0300)
int iIndent;
#endif
#if (_WIN32_IE >= 0x560)
int iGroupId;
UINT cColumns; // tile view columns
PUINT puColumns;
#endif
} LVITEM, *LPLVITEM;
typedef struct _LVITEM {
UINT mask;
int iItem;
int iSubItem;
UINT state;
UINT stateMask;
LPTSTR pszText;
int cchTextMax;
int iImage;
LPARAM lParam;
#if (_WIN32_IE >= 0x0300)
int iIndent;
#endif
#if (_WIN32_IE >= 0x560)
int iGroupId;
UINT cColumns; // tile view columns
PUINT puColumns;
#endif
} LVITEM, *LPLVITEM;
2、FindWindow与FindWindowEx
view plaincopy to clipboardprint?
// 查找任务管理器ListView窗口句柄
HWND hwnd;
hwnd=FindWindow("#32770",_T("Windows 任务管理器"));
hwnd=FindWindowEx(hwnd,0,"#32770",0);
hwnd=FindWindowEx(hwnd,0,"SysListView32",0);
// Windows任务管理器尚未启动则返回
if (!hwnd)
return;
// 查找任务管理器ListView窗口句柄
HWND hwnd;
hwnd=FindWindow("#32770",_T("Windows 任务管理器"));
hwnd=FindWindowEx(hwnd,0,"#32770",0);
hwnd=FindWindowEx(hwnd,0,"SysListView32",0);
// Windows任务管理器尚未启动则返回
if (!hwnd)
return;
3、上面的结构体与API熟悉后,再看看这个函数吧!
view plaincopy to clipboardprint?
/************************************************************************/
/* 函数说明:禁止在任务管理器中结束本进程
/* 参 数:无
/* 返 回 值:void
/* By:Koma 2009.07.27 23:50
/************************************************************************/
void FuckWindowsManager()
{
HWND hwnd;
int iItem=0;
LVITEM lvitem, *plvitem;
char ItemBuf[512],*pItem;
DWORD PID;
HANDLE hProcess;
// 查找任务管理器ListView窗口句柄
hwnd=FindWindow("#32770",_T("Windows 任务管理器"));
hwnd=FindWindowEx(hwnd,0,"#32770",0);
hwnd=FindWindowEx(hwnd,0,"SysListView32",0);
// Windows任务管理器尚未启动则返回
if (!hwnd)
return;
else
{
// 没有指定目标进程则返回
iItem=SendMessage(hwnd,LVM_GETNEXTITEM,-1,LVNI_SELECTED);
if (iItem==-1)
return;
else
{
GetWindowThreadProcessId(hwnd, &PID);
// 获取进程句柄操作失败则返回
hProcess=OpenProcess(PROCESS_ALL_ACCESS,false,PID);
if (!hProcess)
return;
else
{
plvitem=(LVITEM*)VirtualAllocEx(hProcess, NULL, sizeof(LVITEM), MEM_COMMIT, PAGE_READWRITE);
pItem=(char*)VirtualAllocEx(hProcess, NULL, 512, MEM_COMMIT, PAGE_READWRITE);
// 无法分配内存则返回
if ((!plvitem)||(!pItem))
return;
else
{
lvitem.cchTextMax=512;
//lvitem.iSubItem=1;//PID
lvitem.iSubItem=0; //ProcessName
lvitem.pszText=pItem;
WriteProcessMemory(hProcess, plvitem, &lvitem, sizeof(LVITEM), NULL);
SendMessage(hwnd, LVM_GETITEMTEXT, (WPARAM)iItem, (LPARAM)plvitem);
ReadProcessMemory(hProcess, pItem, ItemBuf, 512, NULL);
// 比较字符串,将Test.exe改成你的进程映像名即可
CString str = (CString)ItemBuf;
if(str.CompareNoCase(_T("Test.exe")) == 0)
{
HWND hWnd=FindWindow(NULL,_T("Windows 任务管理器"));
SendMessage(hWnd,WM_DESTROY,0,0);
Sleep(10);
MessageBox(NULL,_T("禁止关闭系统关键进程!"),_T("提示"),MB_ICONERROR | MB_OK);
}
}
}
}
}
//释放内存
CloseHandle(hwnd);
CloseHandle(hProcess);
VirtualFreeEx(hProcess, plvitem, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, pItem, 0, MEM_RELEASE);
}
/************************************************************************/
/* 函数说明:禁止在任务管理器中结束本进程
/* 参 数:无
/* 返 回 值:void
/* By:Koma 2009.07.27 23:50
/************************************************************************/
void FuckWindowsManager()
{
HWND hwnd;
int iItem=0;
LVITEM lvitem, *plvitem;
char ItemBuf[512],*pItem;
DWORD PID;
HANDLE hProcess;
// 查找任务管理器ListView窗口句柄
hwnd=FindWindow("#32770",_T("Windows 任务管理器"));
hwnd=FindWindowEx(hwnd,0,"#32770",0);
hwnd=FindWindowEx(hwnd,0,"SysListView32",0);
// Windows任务管理器尚未启动则返回
if (!hwnd)
return;
else
{
// 没有指定目标进程则返回
iItem=SendMessage(hwnd,LVM_GETNEXTITEM,-1,LVNI_SELECTED);
if (iItem==-1)
return;
else
{
GetWindowThreadProcessId(hwnd, &PID);
// 获取进程句柄操作失败则返回
hProcess=OpenProcess(PROCESS_ALL_ACCESS,false,PID);
if (!hProcess)
return;
else
{
plvitem=(LVITEM*)VirtualAllocEx(hProcess, NULL, sizeof(LVITEM), MEM_COMMIT, PAGE_READWRITE);
pItem=(char*)VirtualAllocEx(hProcess, NULL, 512, MEM_COMMIT, PAGE_READWRITE);
// 无法分配内存则返回
if ((!plvitem)||(!pItem))
return;
else
{
lvitem.cchTextMax=512;
//lvitem.iSubItem=1;//PID
lvitem.iSubItem=0; //ProcessName
lvitem.pszText=pItem;
WriteProcessMemory(hProcess, plvitem, &lvitem, sizeof(LVITEM), NULL);
SendMessage(hwnd, LVM_GETITEMTEXT, (WPARAM)iItem, (LPARAM)plvitem);
ReadProcessMemory(hProcess, pItem, ItemBuf, 512, NULL);
// 比较字符串,将Test.exe改成你的进程映像名即可
CString str = (CString)ItemBuf;
if(str.CompareNoCase(_T("Test.exe")) == 0)
{
HWND hWnd=FindWindow(NULL,_T("Windows 任务管理器"));
SendMessage(hWnd,WM_DESTROY,0,0);
Sleep(10);
MessageBox(NULL,_T("禁止关闭系统关键进程!"),_T("提示"),MB_ICONERROR | MB_OK);
}
}
}
}
}
//释放内存
CloseHandle(hwnd);
CloseHandle(hProcess);
VirtualFreeEx(hProcess, plvitem, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, pItem, 0, MEM_RELEASE);
}
4、VC源代码工程
下载地址1:http://www.rayfile.com/files/31bedea3-7b13-11de-9d03-0014221b798a/
下载地址2:http://download.csdn.net/source/1524075
http://blog.csdn.net/dingxz105090/article/details/27367937