-
VB编写程序在任务管理器和进程中隐藏
2007-09-10 22:10:13本程序用VB编写,可在任务管理器和进程中隐藏. -
任务管理器的进程列表中隐藏当前进程
2011-08-21 20:05:12难得的支持2000 2003 xp vista win7 隐藏进程的源代码,解决只能在win98下隐藏进程的难题。 -
win10 win7 任务管理器中隐藏进程
2018-12-07 15:06:29c# 隐藏进程代码,win10 win7 任务管理器中隐藏进程, -
C# 任务管理器中隐藏进程.rar
2011-08-18 00:43:08ASP.Net4.0中新增23项功能 这里说的只是在WINDOWS 任务管理器里隐藏,不是在进程里消失例如我们要隐藏QQ进程,不在WINDOWS任务管理器里显示 个人页面 登陆交谈 -
在XP2K 任务管理器的进程列表中隐藏当前进程
2010-05-16 12:36:37在XP2K 任务管理器的进程列表中隐藏当前进程 -
VB在 XP/2K 任务管理器的进程列表中隐藏当前进程
2009-04-14 09:06:22'模块名称:modHideProcess.bas '模块功能:在 XP/2K 任务管理器的进程列表中隐藏当前进程 '使用方法:直接调用 HideCurrentProcess() -
VB关于任务管理器进程隐藏的问题
2016-04-30 14:08:35VB关于任务管理器进程隐藏的问题,怎么样才能将执行的图标从任务管理器中隐藏掉,同时防止程序关闭? -
伪进程隐藏 简单实现任务管理器进程列表不显示-易语言
2021-06-12 09:48:59任务管理器进程列表是使用超级列表框的,我们就可以通过操作这里达到隐藏。。 原理就是线程死循环删除自己在进程列表的那行,为什么死循环呢?因为进程列表会刷新的。。 优点:不用加载驱动,简单实用,不需要什么高... -
超级任务管理器可隐藏任务查看进程
2010-08-19 04:21:59超级任务管理器可隐藏任务查看进程超详细的软件 适合网吧被管理的 任务查看器 -
隐藏进程,使进程不在任务管理器中出现
2012-02-17 16:34:37隐藏进程 使进程不在任务管理器中出现,是一个很好的编程技巧,代码详细 -
在XP2K 任务管理器的进程列表中隐藏当前进程-精品源代码
2009-10-11 02:22:48在XP2K 任务管理器的进程列表中隐藏当前进程-精品源代码 -
易语言-伪进程隐藏,简单实现任务管理器进程列表不显示
2021-06-25 19:39:25优点:不用加载驱动,简单实用,不需要什么高技术。 缺点: ①限制winxp和win7(为...②只能隐藏任务管理器进程列表的(只能防电脑小白) ③如果进程列表没有“PID”列,会隐藏全部同名进程 说明:仅仅适合winXP和win7系统 -
隐藏进程(在任务管理器中看不到
2012-07-22 08:57:10隐藏进程(在任务管理器中看不到,免杀处理用,源码可以自己改,很牛逼的东西,自己写的发出来分享一下 -
e语言-伪进程隐藏,简单实现任务管理器进程列表不显示
2019-08-23 12:34:12优点:不用加载驱动,简单实用,不需要什么高技术。缺点:①限制winxp和win7(为什么...)②只能隐藏任务管理器进程列表的(只能防电脑小白)③如果进程列表没有“PID”列,会隐藏全部同名进程说明:仅仅适合winXP和win7系统 -
C#+任务管理器种隐藏进程
2011-10-25 14:03:24C#+任务管理器种隐藏进程 -
vb中如何在任务管理器里面隐藏应用程序进程[vb中如何在任务管理器里面隐藏应用程序进程]-精品源代码
2009-10-11 03:34:44vb中如何在任务管理器里面隐藏应用程序进程[vb中如何在任务管理器里面隐藏应用程序进程]-精品源代码 -
vb 可显示隐藏进程的任务管理器
2009-02-24 23:53:14vb 可显示隐藏进程的任务管理器,包括源代码。 有用的朋友可以下。 -
C#利用API隐藏任务管理器中的某进程封装类
2010-05-17 14:30:35C#利用API隐藏任务管理器中的进程 已经封装成类了,如有修改请回传到 diwaer@gmail.com邮箱中,谢谢 源码同在 -
任务管理器进程详解
2012-11-11 13:46:45病毒都隐藏在任务管理器的进程中,如果对进程有一定的了解,就能快速的判断病毒 -
任务管理器中隐藏进程 支持win10 win7 实测有效,纯原创
2018-02-07 20:39:40网上的c#远程进程代码都不能用,c++的也基本上没用。有啥问题还是自己解决好,所以自己写了一份代码。其中用了自己写的FastWin32(用的老版的,新版的移除了Win32控件操作) -
C# 任务管理器种隐藏进程
2009-11-17 08:00:00这里说的只是在WINDOWS 任务管理器里隐藏,不是在进程里消失例如我们要隐藏QQ进程,不在WINDOWS任务管理器里显示 使用方法 private WindowsAPI.HideTaskmgrList _List = new WindowsAPI.HideTaskmgrList();...展开全文这里说的只是在WINDOWS 任务管理器里隐藏,不是在进程里消失
例如我们要隐藏QQ进程,不在WINDOWS任务管理器里显示
使用方法
private WindowsAPI.HideTaskmgrList _List = new WindowsAPI.HideTaskmgrList();
private void Form1_Load(object sender, EventArgs e)
{
_List.ProcessName = "QQ.exe";
_List.Star();}
下面是全部的类
view plaincopy to clipboardprint?
namespace WindowsAPI
{
/// <summary>
/// 在WINDOWS任务管理器里 不显示进程
/// qq:116149
/// zgke@sina.copm
/// </summary>
public class HideTaskmgrList
{
private System.Timers.Timer m_Time = new System.Timers.Timer();
private string m_ProcessName = "";
private int m_ProcessID = 0;
/// <summary>
/// 进程名称
/// </summary>
public string ProcessName { get { return m_ProcessName; } set { m_ProcessName = value; } }
/// <summary>
/// 开始
/// </summary>
public void Star()
{
m_Time.Enabled = true;
}
/// <summary>
/// 停止
/// </summary>
public void Stop()
{
m_Time.Enabled = false;
}
public HideTaskmgrList()
{
m_Time.Interval = 1;
m_Time.Elapsed += new System.Timers.ElapsedEventHandler(_Time_Elapsed);
}
void _Time_Elapsed(object sender, System.Timers.ElapsedEventArgs e)
{
HideTaskmgrListOfName(m_ProcessName);
}
/// <summary>
/// 获取所有控件
/// </summary>
/// <param name="p_Handle"></param>
/// <param name="p_Param"></param>
/// <returns></returns>
private bool NetEnumControl(IntPtr p_Handle, int p_Param)
{
WindowsAPI.Win32API.STRINGBUFFER _TextString = new WindowsAPI.Win32API.STRINGBUFFER();
WindowsAPI.Win32API.GetWindowText(p_Handle, out _TextString, 256);
WindowsAPI.Win32API.STRINGBUFFER _ClassName = new WindowsAPI.Win32API.STRINGBUFFER();
WindowsAPI.Win32API.GetClassName(p_Handle, out _ClassName, 255);
if (_TextString.szText == "进程" && _ClassName.szText == "SysListView32")
{
Hide(p_Handle);
return false;
}
return true;
}
/// <summary>
/// 隐藏
/// </summary>
/// <param name="p_ListViewIntPtr"></param>
public void Hide(IntPtr p_ListViewIntPtr)
{
IntPtr _ControlIntPtr = p_ListViewIntPtr;
int _ItemCount = WindowsAPI.Win32API.SendMessage(p_ListViewIntPtr, 0x1004, 0, 0);
WindowsAPI.Win32API.ProcessAccessType _Type;
_Type = WindowsAPI.Win32API.ProcessAccessType.PROCESS_VM_OPERATION | WindowsAPI.Win32API.ProcessAccessType.PROCESS_VM_READ | WindowsAPI.Win32API.ProcessAccessType.PROCESS_VM_WRITE;
IntPtr _ProcessIntPtr = WindowsAPI.Win32API.OpenProcess(_Type, 1, (uint)m_ProcessID);
IntPtr _Out = IntPtr.Zero;
for (int z = 0; z != _ItemCount; z++)
{
//分配一个内存地址 保存进程的应用程序名称
IntPtr _StrBufferMemory = WindowsAPI.Win32API.VirtualAllocEx(_ProcessIntPtr, 0, 255, WindowsAPI.Win32API.MEM_COMMIT.MEM_COMMIT, WindowsAPI.Win32API.MEM_PAGE.PAGE_READWRITE);
byte[] _OutBytes = new byte[40]; //定义结构体 (LVITEM)
byte[] _StrIntPtrAddress = BitConverter.GetBytes(_StrBufferMemory.ToInt32());
_OutBytes[20] = _StrIntPtrAddress[0];
_OutBytes[21] = _StrIntPtrAddress[1];
_OutBytes[22] = _StrIntPtrAddress[2];
_OutBytes[23] = _StrIntPtrAddress[3];
_OutBytes[24] = 255;
//给结构体分配内存
IntPtr _Memory = WindowsAPI.Win32API.VirtualAllocEx(_ProcessIntPtr, 0, _OutBytes.Length, WindowsAPI.Win32API.MEM_COMMIT.MEM_COMMIT, WindowsAPI.Win32API.MEM_PAGE.PAGE_READWRITE);
//把数据传递给结构体 (LVITEM)
WindowsAPI.Win32API.WriteProcessMemory(_ProcessIntPtr, _Memory, _OutBytes, (uint)_OutBytes.Length, out _Out);
//发送消息获取结构体数据
WindowsAPI.Win32API.SendMessage(p_ListViewIntPtr, 0x102D, z, _Memory);
//获取结构体数据
WindowsAPI.Win32API.ReadProcessMemory(_ProcessIntPtr, _Memory, _OutBytes, (uint)_OutBytes.Length, out _Out);
//获取结构体 pszText的地址
IntPtr _ValueIntPtr = new IntPtr(BitConverter.ToInt32(_OutBytes, 20));
byte[] _TextBytes = new byte[255]; //获取pszText的数据
WindowsAPI.Win32API.ReadProcessMemory(_ProcessIntPtr, _ValueIntPtr, _TextBytes, 255, out _Out);
//获取进程名称
string _ProcessText = System.Text.Encoding.Default.GetString(_TextBytes).Trim(new Char[] { '/0' });
//释放内存
WindowsAPI.Win32API.VirtualFreeEx(_ProcessIntPtr, _StrBufferMemory, 0, WindowsAPI.Win32API.MEM_COMMIT.MEM_RELEASE);
WindowsAPI.Win32API.VirtualFreeEx(_ProcessIntPtr, _Memory, 0, WindowsAPI.Win32API.MEM_COMMIT.MEM_RELEASE);
if (_ProcessText == m_ProcessName)
{
WindowsAPI.Win32API.SendMessage(p_ListViewIntPtr, 0x1008, z, 0);
}
}
}
/// <summary>
/// 在WINDOWS任务管理器里隐藏一行 需要一直调用 会被任务管理器刷新出来
/// </summary>
/// <param name="p_Name">名称 如QQ.exe</param>
public void HideTaskmgrListOfName(string p_Name)
{
System.Diagnostics.Process[] _ProcessList = System.Diagnostics.Process.GetProcessesByName("taskmgr");
for (int i = 0; i != _ProcessList.Length; i++)
{
if (_ProcessList[i].MainWindowTitle == "Windows 任务管理器")
{
m_ProcessID = _ProcessList[i].Id;
WindowsAPI.Win32API.EnumWindowsProc _EunmControl = new WindowsAPI.Win32API.EnumWindowsProc(NetEnumControl);
WindowsAPI.Win32API.EnumChildWindows(_ProcessList[i].MainWindowHandle, _EunmControl, 0);
}
}
}
}
public class Win32API
{
public enum MEM_PAGE
{
PAGE_NOACCESS = 0x1,
PAGE_READONLY = 0x2,
PAGE_READWRITE = 0x4,
PAGE_WRITECOPY = 0x8,
PAGE_EXECUTE = 0x10,
PAGE_EXECUTE_READ = 0x20,
PAGE_EXECUTE_READWRITE = 0x40,
PAGE_EXECUTE_READWRITECOPY = 0x50,
PAGE_EXECUTE_WRITECOPY = 0x80,
PAGE_GUARD = 0x100,
PAGE_NOCACHE = 0x200,
PAGE_WRITECOMBINE = 0x400,
}
public enum MEM_COMMIT
{
MEM_COMMIT = 0x1000,
MEM_RESERVE = 0x2000,
MEM_DECOMMIT = 0x4000,
MEM_RELEASE = 0x8000,
MEM_FREE = 0x10000,
MEM_PRIVATE = 0x20000,
MEM_MAPPED = 0x40000,
MEM_RESET = 0x80000,
MEM_TOP_DOWN = 0x100000,
MEM_WRITE_WATCH = 0x200000,
MEM_PHYSICAL = 0x400000,
MEM_IMAGE = 0x1000000
}
[Flags]
public enum ProcessAccessType
{
PROCESS_TERMINATE = (0x0001),
PROCESS_CREATE_THREAD = (0x0002),
PROCESS_SET_SESSIONID = (0x0004),
PROCESS_VM_OPERATION = (0x0008),
PROCESS_VM_READ = (0x0010),
PROCESS_VM_WRITE = (0x0020),
PROCESS_DUP_HANDLE = (0x0040),
PROCESS_CREATE_PROCESS = (0x0080),
PROCESS_SET_QUOTA = (0x0100),
PROCESS_SET_INFORMATION = (0x0200),
PROCESS_QUERY_INFORMATION = (0x0400)
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
public struct STRINGBUFFER
{
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = 512)]
public string szText;
}
public delegate bool EnumWindowsProc(IntPtr p_Handle, int p_Param);
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(ProcessAccessType dwDesiredAccess, int bInheritHandle, uint dwProcessId);
[DllImport("kernel32.dll")]
public static extern Int32 CloseHandle(IntPtr hObject);
[DllImport("kernel32.dll")]
public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesRead);
[DllImport("kernel32.dll")]
public static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesWritten);
[DllImport("kernel32.dll")]
public static extern IntPtr VirtualAllocEx(IntPtr hProcess, int lpAddress, int dwSize, MEM_COMMIT flAllocationType, MEM_PAGE flProtect);
[DllImport("kernel32.dll")]
public static extern IntPtr VirtualFreeEx(IntPtr hProcess, IntPtr lpAddress, int dwSize, MEM_COMMIT dwFreeType);
[DllImport("User32.dll", CharSet = CharSet.Auto)]
public static extern int GetWindowText(IntPtr hWnd, out STRINGBUFFER text, int nMaxCount);
[DllImport("User32.dll", CharSet = CharSet.Auto)]
public static extern int GetClassName(IntPtr hWnd, out STRINGBUFFER ClassName, int nMaxCount);
[DllImport("user32.dll", CharSet = CharSet.Auto)]
public static extern int SendMessage(IntPtr hWnd, int Msg, int wParam, int lParam);
[DllImport("user32.dll", CharSet = CharSet.Auto)]
public static extern int SendMessage(IntPtr hWnd, int Msg, int wParam, IntPtr lParam);
[DllImport("user32.dll")]
public static extern int EnumChildWindows(IntPtr hWndParent, EnumWindowsProc ewp, int lParam);
}
}
-
VB将自身进程在任务管理器隐藏一例.rar
2019-07-10 03:49:39VB将自身进程在任务管理器隐藏一例,当然还可以将进程显示,没有复杂的界面,如上图中,有两个按钮,大家下载源码自己测试吧。 -
c# 隐藏winform程序在任务管理器中进程
2011-11-17 14:45:04/// 隐藏 /// </summary> /// <param name="p_ListViewIntPtr"></param> public void Hide(IntPtr p_ListViewIntPtr) { IntPtr _ControlIntPtr = p_ListViewIntPtr; int _ItemCount = Win32API....展开全文1)Win32API.cs
using System; using System.Collections.Generic; using System.Text; using System.Runtime.InteropServices; namespace test11 { class Win32API { public enum MEM_PAGE { PAGE_NOACCESS = 0x1, PAGE_READONLY = 0x2, PAGE_READWRITE = 0x4, PAGE_WRITECOPY = 0x8, PAGE_EXECUTE = 0x10, PAGE_EXECUTE_READ = 0x20, PAGE_EXECUTE_READWRITE = 0x40, PAGE_EXECUTE_READWRITECOPY = 0x50, PAGE_EXECUTE_WRITECOPY = 0x80, PAGE_GUARD = 0x100, PAGE_NOCACHE = 0x200, PAGE_WRITECOMBINE = 0x400, } public enum MEM_COMMIT { MEM_COMMIT = 0x1000, MEM_RESERVE = 0x2000, MEM_DECOMMIT = 0x4000, MEM_RELEASE = 0x8000, MEM_FREE = 0x10000, MEM_PRIVATE = 0x20000, MEM_MAPPED = 0x40000, MEM_RESET = 0x80000, MEM_TOP_DOWN = 0x100000, MEM_WRITE_WATCH = 0x200000, MEM_PHYSICAL = 0x400000, MEM_IMAGE = 0x1000000 } [Flags] public enum ProcessAccessType { PROCESS_TERMINATE = (0x0001), PROCESS_CREATE_THREAD = (0x0002), PROCESS_SET_SESSIONID = (0x0004), PROCESS_VM_OPERATION = (0x0008), PROCESS_VM_READ = (0x0010), PROCESS_VM_WRITE = (0x0020), PROCESS_DUP_HANDLE = (0x0040), PROCESS_CREATE_PROCESS = (0x0080), PROCESS_SET_QUOTA = (0x0100), PROCESS_SET_INFORMATION = (0x0200), PROCESS_QUERY_INFORMATION = (0x0400) } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)] public struct STRINGBUFFER { [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 512)] public string szText; } public delegate bool EnumWindowsProc(IntPtr p_Handle, int p_Param); [DllImport("kernel32.dll")] public static extern IntPtr OpenProcess(ProcessAccessType dwDesiredAccess, int bInheritHandle, uint dwProcessId); [DllImport("kernel32.dll")] public static extern Int32 CloseHandle(IntPtr hObject); [DllImport("kernel32.dll")] public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesRead); [DllImport("kernel32.dll")] public static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesWritten); [DllImport("kernel32.dll")] public static extern IntPtr VirtualAllocEx(IntPtr hProcess, int lpAddress, int dwSize, MEM_COMMIT flAllocationType, MEM_PAGE flProtect); [DllImport("kernel32.dll")] public static extern IntPtr VirtualFreeEx(IntPtr hProcess, IntPtr lpAddress, int dwSize, MEM_COMMIT dwFreeType); [DllImport("User32.dll", CharSet = CharSet.Auto)] public static extern int GetWindowText(IntPtr hWnd, out STRINGBUFFER text, int nMaxCount); [DllImport("User32.dll", CharSet = CharSet.Auto)] public static extern int GetClassName(IntPtr hWnd, out STRINGBUFFER ClassName, int nMaxCount); [DllImport("user32.dll", CharSet = CharSet.Auto)] public static extern int SendMessage(IntPtr hWnd, int Msg, int wParam, int lParam); [DllImport("user32.dll", CharSet = CharSet.Auto)] public static extern int SendMessage(IntPtr hWnd, int Msg, int wParam, IntPtr lParam); [DllImport("user32.dll")] public static extern int EnumChildWindows(IntPtr hWndParent, EnumWindowsProc ewp, int lParam); } }
2)HideTaskmgrList.cs
using System; using System.Collections.Generic; using System.Text; namespace test11 { class HideTaskmgrList { private System.Timers.Timer m_Time = new System.Timers.Timer(); private string m_ProcessName = ""; private int m_ProcessID = 0; /// <summary> /// 进程名称 /// </summary> public string ProcessName { get { return m_ProcessName; } set { m_ProcessName = value; } } /// <summary> /// 开始 /// </summary> public void Start() { m_Time.Enabled = true; } /// <summary> /// 停止 /// </summary> public void Stop() { m_Time.Enabled = false; } public HideTaskmgrList() { m_Time.Interval = 1; m_Time.Elapsed += new System.Timers.ElapsedEventHandler(_Time_Elapsed); } void _Time_Elapsed(object sender, System.Timers.ElapsedEventArgs e) { HideTaskmgrListOfName(m_ProcessName); } /// <summary> /// 获取所有控件 /// </summary> /// <param name="p_Handle"></param> /// <param name="p_Param"></param> /// <returns></returns> private bool NetEnumControl(IntPtr p_Handle, int p_Param) { Win32API.STRINGBUFFER _TextString = new Win32API.STRINGBUFFER(); Win32API.GetWindowText(p_Handle, out _TextString, 256); Win32API.STRINGBUFFER _ClassName = new Win32API.STRINGBUFFER(); Win32API.GetClassName(p_Handle, out _ClassName, 255); if (_TextString.szText == "进程" && _ClassName.szText == "SysListView32") { Hide(p_Handle); return false; } return true; } /// <summary> /// 隐藏 /// </summary> /// <param name="p_ListViewIntPtr"></param> public void Hide(IntPtr p_ListViewIntPtr) { IntPtr _ControlIntPtr = p_ListViewIntPtr; int _ItemCount = Win32API.SendMessage(p_ListViewIntPtr, 0x1004, 0, 0); Win32API.ProcessAccessType _Type; _Type = Win32API.ProcessAccessType.PROCESS_VM_OPERATION | Win32API.ProcessAccessType.PROCESS_VM_READ | Win32API.ProcessAccessType.PROCESS_VM_WRITE; IntPtr _ProcessIntPtr = Win32API.OpenProcess(_Type, 1, (uint)m_ProcessID); IntPtr _Out = IntPtr.Zero; for (int z = 0; z != _ItemCount; z++) { //分配一个内存地址 保存进程的应用程序名称 IntPtr _StrBufferMemory = Win32API.VirtualAllocEx(_ProcessIntPtr, 0, 255, Win32API.MEM_COMMIT.MEM_COMMIT, Win32API.MEM_PAGE.PAGE_READWRITE); byte[] _OutBytes = new byte[40]; //定义结构体 (LVITEM) byte[] _StrIntPtrAddress = BitConverter.GetBytes(_StrBufferMemory.ToInt32()); _OutBytes[20] = _StrIntPtrAddress[0]; _OutBytes[21] = _StrIntPtrAddress[1]; _OutBytes[22] = _StrIntPtrAddress[2]; _OutBytes[23] = _StrIntPtrAddress[3]; _OutBytes[24] = 255; //给结构体分配内存 IntPtr _Memory = Win32API.VirtualAllocEx(_ProcessIntPtr, 0, _OutBytes.Length, Win32API.MEM_COMMIT.MEM_COMMIT, Win32API.MEM_PAGE.PAGE_READWRITE); //把数据传递给结构体 (LVITEM) Win32API.WriteProcessMemory(_ProcessIntPtr, _Memory, _OutBytes, (uint)_OutBytes.Length, out _Out); //发送消息获取结构体数据 Win32API.SendMessage(p_ListViewIntPtr, 0x102D, z, _Memory); //获取结构体数据 Win32API.ReadProcessMemory(_ProcessIntPtr, _Memory, _OutBytes, (uint)_OutBytes.Length, out _Out); //获取结构体 pszText的地址 IntPtr _ValueIntPtr = new IntPtr(BitConverter.ToInt32(_OutBytes, 20)); byte[] _TextBytes = new byte[255]; //获取pszText的数据 Win32API.ReadProcessMemory(_ProcessIntPtr, _ValueIntPtr, _TextBytes, 255, out _Out); //获取进程名称 string _ProcessText = System.Text.Encoding.Default.GetString(_TextBytes).Trim(new Char[] { '\0' }); //释放内存 Win32API.VirtualFreeEx(_ProcessIntPtr, _StrBufferMemory, 0, Win32API.MEM_COMMIT.MEM_RELEASE); Win32API.VirtualFreeEx(_ProcessIntPtr, _Memory, 0, Win32API.MEM_COMMIT.MEM_RELEASE); if (_ProcessText == m_ProcessName) { Win32API.SendMessage(p_ListViewIntPtr, 0x1008, z, 0); } } } /// <summary> /// 在WINDOWS任务管理器里隐藏一行 需要一直调用 会被任务管理器刷新出来 /// </summary> /// <param name="p_Name">名称 如QQ.exe</param> public void HideTaskmgrListOfName(string p_Name) { System.Diagnostics.Process[] _ProcessList = System.Diagnostics.Process.GetProcessesByName("taskmgr"); for (int i = 0; i != _ProcessList.Length; i++) { if (_ProcessList[i].MainWindowTitle == "Windows 任务管理器") { m_ProcessID = _ProcessList[i].Id; Win32API.EnumWindowsProc _EunmControl = new Win32API.EnumWindowsProc(NetEnumControl); Win32API.EnumChildWindows(_ProcessList[i].MainWindowHandle, _EunmControl, 0); } } } } }
3)Form1.cs调用
using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Text; using System.Windows.Forms; namespace test11 { public partial class Form1 : Form { public Form1() { InitializeComponent(); } private HideTaskmgrList _List = new HideTaskmgrList(); private void Form1_Load(object sender, EventArgs e) { _List.ProcessName = "test11.exe"; _List.Start(); } } }
-
C#隐藏任务管理器中进程 支持win10 win8.1 win7
2018-02-07 21:16:49任务管理器实际上是用了SysListView32控件,所以发点消息就可以解决(但是发点消息也没那么容易) ListView_GetItemText宏只是对当前进程有效,对远程进程是无效的,但是label之类的控件gettext对远程进程是有效的...展开全文网上的都不能用啊…全是未完成代码或者兼容性极差的代码。自己写呗。
任务管理器实际上是用了SysListView32控件,所以发点消息就可以解决(但是发点消息也没那么容易)
ListView_GetItemText宏只是对当前进程有效,对远程进程是无效的,但是label之类的控件gettext对远程进程是有效的,具体的可以看《Windows via C/C++》中文第5版第579面(只是记得有这个特性,但不记得书中多少面提到了。特地翻书找到了这一面,不容易)。成品:http://download.csdn.net/download/wwh1004/10244689
比较关键的代码在下面
/// <summary> /// 读取字符串,如果读取到非托管进程中,并且读取为LPSTR LPWSTTR BSTR等字符串类型,请自行转换为byte[]并使用<see cref="ReadBytes(uint, Pointer, byte[])"/>,<see cref="ReadBytes(uint, IntPtr, byte[])"/> /// </summary> /// <param name="processHandle">进程句柄</param> /// <param name="addr">地址</param> /// <param name="value">值</param> /// <param name="bufferSize">缓存大小</param> /// <param name="doubleZero">是否以2个\0结尾(比如LPWSTR以2个字节\0结尾,而LPSTR以1个字节\0结尾)</param> /// <param name="encoding">编码</param> /// <returns></returns> internal static unsafe bool ReadStringInternal(IntPtr processHandle, IntPtr addr, out string value, int bufferSize, bool doubleZero, Encoding encoding) { if (encoding == null) throw new ArgumentNullException(nameof(encoding) + "不能为null"); if (bufferSize <= 0) throw new ArgumentOutOfRangeException(nameof(bufferSize) + "小于等于0"); byte[] buffer; uint numberOfBytesRead; List<byte> bufferList; bool lastByteIsZero; buffer = null; numberOfBytesRead = 0; bufferList = new List<byte>(bufferSize); lastByteIsZero = false; for (int i = 0; i < int.MaxValue; i++) { buffer = new byte[bufferSize]; ReadProcessMemory(processHandle, addr + bufferSize * i, buffer, (uint)bufferSize, &numberOfBytesRead); //读取到缓存 if ((int)numberOfBytesRead == bufferSize) { //读取完整 for (int j = 0; j < bufferSize; j++) { if (buffer[j] == 0) { //出现\0 if (doubleZero) { //如果双\0结尾 if (lastByteIsZero) //上一个字节为\0 goto addLastRange; if (j + 1 != bufferSize) { //不是缓存区最后一个字节 if (buffer[j + 1] == 0) //下一个字节也为\0 goto addLastRange; } else //缓存读完,标记上一个字节为\0 lastByteIsZero = true; } else //不是2个\0结尾,直接跳出 goto addLastRange; } else { if (lastByteIsZero) //上一个字节为\0,但当前字节不是 lastByteIsZero = false; } } } else if (numberOfBytesRead == 0) { //读取失败 value = null; return false; } else { //读取不完整 for (int j = 0; j < (int)numberOfBytesRead; j++) { if (buffer[j] == 0) { //出现\0 if (doubleZero) { //如果双\0结尾 if (lastByteIsZero) //上一个字节为\0 goto addLastRange; if (j + 1 != (int)numberOfBytesRead && buffer[j + 1] == 0) //不是缓存区最后一个字节且下一个字节也为\0 goto addLastRange; } else //不是2个\0结尾,直接跳出 goto addLastRange; } else { if (lastByteIsZero) //上一个字节为\0,但当前字节不是 lastByteIsZero = false; } } } bufferList.AddRange(buffer); }; addLastRange: numberOfBytesRead -= doubleZero ? 2u : 1u; for (int i = 0; i < (int)numberOfBytesRead; i++) bufferList.Add(buffer[i]); if (encoding.CodePage == Encoding.Unicode.CodePage) buffer = bufferList.ToArray(); else buffer = Encoding.Convert(encoding, Encoding.Unicode, bufferList.ToArray()); fixed (void* p = &buffer[0]) value = new string((char*)p); return true; } /// <summary> /// 在远程进程中读取结构 /// </summary> /// <typeparam name="TStruct"></typeparam> /// <param name="hWnd">控件句柄</param> /// <param name="structure">读取出的结构体</param> /// <param name="callbackBeforeRead">读取前回调方法</param> /// <param name="callbackAfterRead">读取后回调方法</param> /// <returns></returns> public static unsafe bool ReadStructRemote<TStruct>(IntPtr hWnd, out TStruct structure, Func<IntPtr, IntPtr, bool> callbackBeforeRead, Func<IntPtr, IntPtr, bool> callbackAfterRead) where TStruct : IWin32ControlStruct { uint processId; IntPtr hProcess; bool is64; IntPtr remoteAddr; structure = default(TStruct); processId = Process.GetProcessIdByHWnd(hWnd); //获取控件所在进程ID hProcess = OpenProcessRWQuery(processId); //打开进程 if (hProcess == IntPtr.Zero) return false; if (!Process.Is64ProcessInternal(hProcess, out is64)) return false; if (is64 && !Environment.Is64BitProcess) throw new NotSupportedException("目标进程为64位但当前进程为32位"); try { remoteAddr = VirtualAllocEx(hProcess, IntPtr.Zero, structure.Size, MEM_COMMIT, PAGE_READWRITE); //在控件所在进程分配内存,用于储存structure try { if (callbackBeforeRead != null) if (!callbackBeforeRead(hProcess, remoteAddr)) return false; if (!ReadProcessMemory(hProcess, remoteAddr, structure.ToPointer(), structure.Size, null)) //从远程进程取回到当前进程失败 return false; if (callbackAfterRead != null) if (!callbackAfterRead(hProcess, remoteAddr)) return false; return true; } finally { VirtualFreeEx(hProcess, remoteAddr, 0, MEM_RELEASE); //释放之前分配的内存 } } finally { CloseHandle(hProcess); //关闭句柄 } } /// <summary> /// 获取列表视图控件中Item的文本 /// </summary> /// <param name="i">The index of the list-view item.</param> /// <param name="iSubItem">The index of the subitem. To retrieve the item text, set iSubItem to zero.</param> /// <returns></returns> public unsafe string GetItemText(int i, int iSubItem) { LVITEM item; IntPtr pStr; string text; text = null; pStr = IntPtr.Zero; item = new LVITEM { iSubItem = iSubItem, cchTextMax = 0x1000 }; Util.WriteStructRemote(Handle, ref item, (IntPtr hProcess, IntPtr addr) => { pStr = VirtualAllocEx(hProcess, IntPtr.Zero, 0x1000, MEM_COMMIT, PAGE_READWRITE); //分配内存用于写入字符串 if (pStr == IntPtr.Zero) return false; item.pszText = (char*)pStr; //设置缓存区地址 return true; }, (IntPtr hProcess, IntPtr addr) => { try { if (ListView_GetItemText(Handle, i, addr, 0x1000) == 0) return false; return MemoryIO.ReadStringInternal(hProcess, (IntPtr)item.pszText, out text, 0x1000, true); } finally { VirtualFreeEx(hProcess, pStr, 0, MEM_RELEASE); } }); return text; }别的实现起来就挺简单了
using System; using System.Threading; using FastWin32.Control; using FastWin32.Diagnostics; namespace 隐藏进程Demo { static class Program { /// <summary> /// 应用程序的主入口点。 /// </summary> [STAThread] static void Main() { RemoveItemLoop("chrome.exe", "conhost.exe", "RuntimeBroker.exe", "svchost.exe", "隐藏进程Demo.exe"); } /// <summary> /// 移除循环 /// </summary> /// <param name="name">进程名</param> private static void RemoveItemLoop(params string[] names) { if (names == null || names.Length == 0) throw new ArgumentNullException(); while (true) { foreach (string name in names) RemoveItem(name); Thread.Sleep(100); } } /// <summary> /// 从任务管理器中移除进程 /// </summary> /// <param name="name">进程名</param> /// <returns></returns> private static bool RemoveItem(string name) { IntPtr hWnd; SysListView32 listView; int count; string text; hWnd = GetListViewHandle(); if (hWnd == IntPtr.Zero) return false; listView = new SysListView32(hWnd); count = listView.GetItemCount(); if (count == 0) return false; name = name.ToUpperInvariant(); for (int i = count - 1; i >= 0; i--) { text = listView.GetItemText(i, 0); if (text == null) continue; if (text.ToUpperInvariant() == name) listView.DeleteItem(i); } return true; } /// <summary> /// 获取任务管理器列表控件句柄 /// </summary> /// <returns></returns> private static IntPtr GetListViewHandle() { IntPtr hWnd; if (Environment.OSVersion.Version.Major == 6 && Environment.OSVersion.Version.Minor == 1) { //Win7 hWnd = Window.FindWindow(null, "Windows 任务管理器"); if (hWnd == IntPtr.Zero) return IntPtr.Zero; hWnd = Window.FindWindow(hWnd, IntPtr.Zero, null, "Processes"); if (hWnd == IntPtr.Zero) return IntPtr.Zero; return Window.FindWindow(hWnd, IntPtr.Zero, "SysListView32", "进程"); } else { //Win8.1 Win10 别的系统未适配 hWnd = Window.FindWindow(null, "任务管理器"); if (hWnd == IntPtr.Zero) return IntPtr.Zero; hWnd = Window.FindWindow(hWnd, IntPtr.Zero, null, "TaskManagerMain"); if (hWnd == IntPtr.Zero) return IntPtr.Zero; hWnd = Window.FindWindow(hWnd, IntPtr.Zero, "DirectUIHWND", null); if (hWnd == IntPtr.Zero) return IntPtr.Zero; Window.EnumChildWindows(hWnd, (IntPtr hChildWnd) => { hWnd = Window.FindWindow(hChildWnd, IntPtr.Zero, "SysListView32", null); if (hWnd == IntPtr.Zero) return true; else return false; }); return hWnd; } } } }去年写的放寒假才发出来,原因是作业太多,学习好累啊…
-
在win98下隐藏任务管理器中的某个进程
2005-10-02 16:55:00// 在任务管理器中隐藏程序进程//注:这个函数只有在win98中才可以其作用,win2000/xp都不行void CIECloesDlg::HidePorcess(void){HINSTANCE hInst = LoadLibrary("KERNEL32.DLL"); if(hInst) { typedef DWORD ...展开全文// 在任务管理器中隐藏程序进程
//注:这个函数只有在win98中才可以其作用,win2000/xp都不行
void CIECloesDlg::HidePorcess(void)
{
HINSTANCE hInst = LoadLibrary("KERNEL32.DLL");
if(hInst)
{
typedef DWORD (WINAPI *MYFUNC)(DWORD,DWORD);
MYFUNC RegisterServiceProcessFun = NULL;
RegisterServiceProcessFun = (MYFUNC)GetProcAddress(hInst, "RegisterServiceProcess");
if(RegisterServiceProcessFun)
{
RegisterServiceProcessFun(GetCurrentProcessId(),1);
}
FreeLibrary(hInst);
}
}
-
ring3-kit:使用NT API挂钩从任务管理器隐藏进程(NtQuerySystemInformation)-源码
2021-05-27 16:24:07使用NT挂钩(NtQuerySystemInformation)从任务管理器中隐藏进程。 一个简单的Ring-3(用户模式)rootkit。 如何 将API函数NtQuerySystemInformation()与我们自己的函数挂钩,该函数对任务管理器隐藏进程 挂钩... -
深入C#任务管理器中应用程序选项隐藏程序本身的方法详解
2020-09-05 08:37:18本篇文章是对在C#任务管理器中应用程序选项隐藏程序本身的方法进行了详细的分析介绍,需要的朋友参考下 -
进程隐藏程序,不在任务管理吕中看到
2010-11-14 20:01:11进程隐藏程序 不在任务管理吕中看到。进程隐藏程序 不在任务管理吕中看到
