razavi_university
سه شنبه 19 آذر 1387, 03:25 صبح
سلام خدمت دوستان عزیز
کد زیر باید یک پروسه را از لیست پروسه های قابل مشاهده در Task Manager حذف کند:
#region Use DLL
struct bkh
{
public long flag;
public long psz;
public long lParam;
public long pt;
public long vkDirection;
}
[DllImport("kernel32.dll")]
private static extern int VirtualAllocEx(int hProcess, int lpAddress, int dwSize, int flAllocationType, int flProtect);
[DllImport("kernel32.dll")]
private static extern int OpenProcess(int dwDesiredAccess, int bInheritHandle, int dwProcessId);
[DllImport("user32.dll")]
private static extern int GetWindowThreadProcessId(int hwnd, int lpdwProcessId);
[DllImport("kernel32.dll")]
private static extern int WriteProcessMemory(int hProcess, int lpBaseAddress, int lpBuffer, int nSize, int lpNumberOfBytesWritten);
[DllImport("kernel32.dll")]
private static extern int VirtualFreeEx(int hProcess, int lpAddress, int dwSize, int dwFreeType);
[DllImport("user32.dll", EntryPoint = "SendMessageA")]
private static extern int SendMessage(int hwnd, int wMsg, int wParam, int lParam);
[DllImport("kernel32.dll")]
private static extern int GetCurrentProcessId();
[DllImport("user32.dll")]
private static extern int KillTimer(int hwnd, int nIDEvent);
[DllImport("user32.dll", EntryPoint = "FindWindowA")]
private static extern int FindWindow(string lpClassName, string lpWindowName);
[DllImport("user32.dll", EntryPoint = "FindWindowExA")]
private static extern int FindWindowEx(int hWnd1, int hWnd2, string lpsz1, string lpsz2);
[DllImport("kernel32.dll")]
private static extern int CloseHandle(int hObject);
#endregion
private void Hide_Process(string Name)
{
int pName;
int pType;
int l=0;
int Tid;
int hTid=0;
int Pid=0;
int h;
int i;
int hProcess;
bkh f = new bkh();
string s = "";
byte[] bkh;
h = FindWindow(null, "Windows Task Manager");
KillTimer(h, 0);
h = FindWindowEx(h, 0, "#32770", null);
h = FindWindowEx(h, 0, "SysListView32", null);
if (h==0) return;
f.flag = 8 | 0x20;
Pid = GetWindowThreadProcessId(h, Pid);
hProcess = OpenProcess(1082, 0, Pid);
//bkh = StrConv(Name, VBtoConverter.vbFromUnicode);
bkh = System.Text.Encoding.Unicode.GetBytes(Name);
pName = VirtualAllocEx(hProcess, 0, Name.Length+1, 0x1000, 4);
WriteProcessMemory(hProcess, pName, VarPtr(bkh[0]), Name.Length, l);
f.psz = pName;
pType = VirtualAllocEx(hProcess, 0, System.Runtime.InteropServices.Marshal.SizeOf(f), 0x1000, 4);
WriteProcessMemory(hProcess, pType, VarPtr(f.flag), System.Runtime.InteropServices.Marshal.SizeOf(f), l);
i = SendMessage(h, 0x1000+13, 0, pType);
if (i!=-1) SendMessage(h, 0x1000+8, i, 0);
VirtualFreeEx(hProcess, pType, System.Runtime.InteropServices.Marshal.SizeOf(f), 0x8000);
VirtualFreeEx(hProcess, pName, Name.Length+1, 0x8000);
CloseHandle(hTid);
}
int VarPtr(object e)
{
GCHandle GCH = GCHandle.Alloc(e, GCHandleType.Pinned);
int GC2 = GCH.AddrOfPinnedObject().ToInt32();
GCH.Free();
return GC2;
کد مشابه آن در VB به خوبی عمل می کند ولی متاسفانه در اینجا پروسه را مخفی نمی کند، مشکل آن کجاست؟
کد زیر باید یک پروسه را از لیست پروسه های قابل مشاهده در Task Manager حذف کند:
#region Use DLL
struct bkh
{
public long flag;
public long psz;
public long lParam;
public long pt;
public long vkDirection;
}
[DllImport("kernel32.dll")]
private static extern int VirtualAllocEx(int hProcess, int lpAddress, int dwSize, int flAllocationType, int flProtect);
[DllImport("kernel32.dll")]
private static extern int OpenProcess(int dwDesiredAccess, int bInheritHandle, int dwProcessId);
[DllImport("user32.dll")]
private static extern int GetWindowThreadProcessId(int hwnd, int lpdwProcessId);
[DllImport("kernel32.dll")]
private static extern int WriteProcessMemory(int hProcess, int lpBaseAddress, int lpBuffer, int nSize, int lpNumberOfBytesWritten);
[DllImport("kernel32.dll")]
private static extern int VirtualFreeEx(int hProcess, int lpAddress, int dwSize, int dwFreeType);
[DllImport("user32.dll", EntryPoint = "SendMessageA")]
private static extern int SendMessage(int hwnd, int wMsg, int wParam, int lParam);
[DllImport("kernel32.dll")]
private static extern int GetCurrentProcessId();
[DllImport("user32.dll")]
private static extern int KillTimer(int hwnd, int nIDEvent);
[DllImport("user32.dll", EntryPoint = "FindWindowA")]
private static extern int FindWindow(string lpClassName, string lpWindowName);
[DllImport("user32.dll", EntryPoint = "FindWindowExA")]
private static extern int FindWindowEx(int hWnd1, int hWnd2, string lpsz1, string lpsz2);
[DllImport("kernel32.dll")]
private static extern int CloseHandle(int hObject);
#endregion
private void Hide_Process(string Name)
{
int pName;
int pType;
int l=0;
int Tid;
int hTid=0;
int Pid=0;
int h;
int i;
int hProcess;
bkh f = new bkh();
string s = "";
byte[] bkh;
h = FindWindow(null, "Windows Task Manager");
KillTimer(h, 0);
h = FindWindowEx(h, 0, "#32770", null);
h = FindWindowEx(h, 0, "SysListView32", null);
if (h==0) return;
f.flag = 8 | 0x20;
Pid = GetWindowThreadProcessId(h, Pid);
hProcess = OpenProcess(1082, 0, Pid);
//bkh = StrConv(Name, VBtoConverter.vbFromUnicode);
bkh = System.Text.Encoding.Unicode.GetBytes(Name);
pName = VirtualAllocEx(hProcess, 0, Name.Length+1, 0x1000, 4);
WriteProcessMemory(hProcess, pName, VarPtr(bkh[0]), Name.Length, l);
f.psz = pName;
pType = VirtualAllocEx(hProcess, 0, System.Runtime.InteropServices.Marshal.SizeOf(f), 0x1000, 4);
WriteProcessMemory(hProcess, pType, VarPtr(f.flag), System.Runtime.InteropServices.Marshal.SizeOf(f), l);
i = SendMessage(h, 0x1000+13, 0, pType);
if (i!=-1) SendMessage(h, 0x1000+8, i, 0);
VirtualFreeEx(hProcess, pType, System.Runtime.InteropServices.Marshal.SizeOf(f), 0x8000);
VirtualFreeEx(hProcess, pName, Name.Length+1, 0x8000);
CloseHandle(hTid);
}
int VarPtr(object e)
{
GCHandle GCH = GCHandle.Alloc(e, GCHandleType.Pinned);
int GC2 = GCH.AddrOfPinnedObject().ToInt32();
GCH.Free();
return GC2;
کد مشابه آن در VB به خوبی عمل می کند ولی متاسفانه در اینجا پروسه را مخفی نمی کند، مشکل آن کجاست؟