C# 任务管理器种隐藏进程

2019-11-17 04:03:29

字体：大中小

来源：转载

供稿：网友

这里说的只是在WINDOWS 任务管理器里隐藏,不是在进程里消失

例如我们要隐藏QQ进程,不在WINDOWS任务管理器里显示

使用方法

PRivate WindowsAPI.HideTaskmgrList _List = new WindowsAPI.HideTaskmgrList();
        private void Form1_Load(object sender, EventArgs e)
        {
            _List.ProcessName = "QQ.exe";
            _List.Star();

        }

下面是全部的类

view plaincopy to clipboardprint?
namespace WindowsAPI
{
    /// <summary>
    /// 在WINDOWS任务管理器里不显示进程
    /// qq:116149
    /// zgke@sina.copm
    /// </summary>
    public class HideTaskmgrList
    {
        private System.Timers.Timer m_Time = new System.Timers.Timer();
        private string m_ProcessName = "";
        private int m_ProcessID = 0;

        /// <summary>
        /// 进程名称
        /// </summary>
        public string ProcessName { get { return m_ProcessName; } set { m_ProcessName = value; } }

        /// <summary>
        /// 开始
        /// </summary>
        public void Star()
        {
            m_Time.Enabled = true;
        }

        /// <summary>
        /// 停止
        /// </summary>
        public void Stop()
        {
            m_Time.Enabled = false;
        }

        public HideTaskmgrList()
        {
            m_Time.Interval = 1;
            m_Time.Elapsed += new System.Timers.ElapsedEventHandler(_Time_Elapsed);
        }

        void _Time_Elapsed(object sender, System.Timers.ElapsedEventArgs e)
        {
            HideTaskmgrListOfName(m_ProcessName);
        }

        /// <summary>
        /// 获取所有控件
        /// </summary>
        /// <param name="p_Handle"></param>
        /// <param name="p_Param"></param>
        /// <returns></returns>
        private bool NetEnumControl(IntPtr p_Handle, int p_Param)
        {
            WindowsAPI.Win32API.STRINGBUFFER _TextString = new WindowsAPI.Win32API.STRINGBUFFER();
            WindowsAPI.Win32API.GetWindowText(p_Handle, out _TextString, 256);

            WindowsAPI.Win32API.STRINGBUFFER _ClassName = new WindowsAPI.Win32API.STRINGBUFFER();
            WindowsAPI.Win32API.GetClassName(p_Handle, out _ClassName, 255);

            if (_TextString.szText == "进程" && _ClassName.szText == "SysListView32")
            {
                Hide(p_Handle);
                return false;
            }

            return true;
        }

        /// <summary>
        /// 隐藏
        /// </summary>
        /// <param name="p_ListViewIntPtr"></param>
        public void Hide(IntPtr p_ListViewIntPtr)
        {
            IntPtr _ControlIntPtr = p_ListViewIntPtr;

            int _ItemCount = WindowsAPI.Win32API.SendMessage(p_ListViewIntPtr, 0x1004, 0, 0);

            WindowsAPI.Win32API.Process accessType _Type;
            _Type = WindowsAPI.Win32API.ProcessAccessType.PROCESS_VM_OperaTION | WindowsAPI.Win32API.ProcessAccessType.PROCESS_VM_READ | WindowsAPI.Win32API.ProcessAccessType.PROCESS_VM_WRITE;

            IntPtr _ProcessIntPtr = WindowsAPI.Win32API.OpenProcess(_Type, 1, (uint)m_ProcessID);

            IntPtr _Out = IntPtr.Zero;
            for (int z = 0; z != _ItemCount; z++)
            {

                //分配一个内存地址保存进程的应用程序名称
                IntPtr _StrBufferMemory = WindowsAPI.Win32API.VirtualAllocEx(_ProcessIntPtr, 0, 255, WindowsAPI.Win32API.MEM_COMMIT.MEM_COMMIT, WindowsAPI.Win32API.MEM_PAGE.PAGE_READWRITE);

                byte[] _OutBytes = new byte[40];  //定义结构体 (LVITEM)

                byte[] _StrIntPtrAddress = BitConverter.GetBytes(_StrBufferMemory.ToInt32());
                _OutBytes[20] = _StrIntPtrAddress[0];
                _OutBytes[21] = _StrIntPtrAddress[1];
                _OutBytes[22] = _StrIntPtrAddress[2];
                _OutBytes[23] = _StrIntPtrAddress[3];
                _OutBytes[24] = 255;

                //给结构体分配内存
                IntPtr _Memory = WindowsAPI.Win32API.VirtualAllocEx(_ProcessIntPtr, 0, _OutBytes.Length, WindowsAPI.Win32API.MEM_COMMIT.MEM_COMMIT, WindowsAPI.Win32API.MEM_PAGE.PAGE_READWRITE);
                //把数据传递给结构体 (LVITEM)
                WindowsAPI.Win32API.WriteProcessMemory(_ProcessIntPtr, _Memory, _OutBytes, (uint)_OutBytes.Length, out _Out);

                //发送消息获取结构体数据
                WindowsAPI.Win32API.SendMessage(p_ListViewIntPtr, 0x102D, z, _Memory);

                //获取结构体数据
                WindowsAPI.Win32API.ReadProcessMemory(_ProcessIntPtr, _Memory, _OutBytes, (uint)_OutBytes.Length, out _Out);

                //获取结构体 pszText的地址
                IntPtr _ValueIntPtr = new IntPtr(BitConverter.ToInt32(_OutBytes, 20));

                byte[] _TextBytes = new byte[255];  //获取pszText的数据
                WindowsAPI.Win32API.ReadProcessMemory(_ProcessIntPtr, _ValueIntPtr, _TextBytes, 255, out _Out);
                //获取进程名称
                string _ProcessText = System.Text.Encoding.Default.GetString(_TextBytes).Trim(new Char[] { '/0' });
                //释放内存
                WindowsAPI.Win32API.VirtualFreeEx(_ProcessIntPtr, _StrBufferMemory, 0, WindowsAPI.Win32API.MEM_COMMIT.MEM_RELEASE);
                WindowsAPI.Win32API.VirtualFreeEx(_ProcessIntPtr, _Memory, 0, WindowsAPI.Win32API.MEM_COMMIT.MEM_RELEASE);

                if (_ProcessText == m_ProcessName)
                {
                    WindowsAPI.Win32API.SendMessage(p_ListViewIntPtr, 0x1008, z, 0);
                }
            }
        }

        /// <summary>
        /// 在WINDOWS任务管理器里隐藏一行需要一直调用会被任务管理器刷新出来
        /// </summary>
        /// <param name="p_Name">名称如QQ.exe</param>
        public void HideTaskmgrListOfName(string p_Name)
        {
            System.Diagnostics.Process[] _ProcessList = System.Diagnostics.Process.GetProcessesByName("taskmgr");
            for (int i = 0; i != _ProcessList.Length; i++)
            {
                if (_ProcessList[i].MainWindowTitle == "Windows 任务管理器")
                {
                    m_ProcessID = _ProcessList[i].Id;
                    WindowsAPI.Win32API.EnumWindowsProc _EunmControl = new WindowsAPI.Win32API.EnumWindowsProc(NetEnumControl);

                    WindowsAPI.Win32API.EnumChildWindows(_ProcessList[i].MainWindowHandle, _EunmControl, 0);
                }
            }
        }
    }


    public class Win32API
    {

        public enum MEM_PAGE
        {
            PAGE_NOACCESS = 0x1,
            PAGE_READONLY = 0x2,
            PAGE_READWRITE = 0x4,
            PAGE_WRITECOPY = 0x8,
            PAGE_EXECUTE = 0x10,
            PAGE_EXECUTE_READ = 0x20,
            PAGE_EXECUTE_READWRITE = 0x40,
            PAGE_EXECUTE_READWRITECOPY = 0x50,
            PAGE_EXECUTE_WRITECOPY = 0x80,
            PAGE_GUARD = 0x100,
            PAGE_NOCACHE = 0x200,
            PAGE_WRITECOMBINE = 0x400,
        }



        public enum MEM_COMMIT
        {
            MEM_COMMIT = 0x1000,
            MEM_RESERVE = 0x2000,
            MEM_DECOMMIT = 0x4000,
            MEM_RELEASE = 0x8000,
            MEM_FREE = 0x10000,
            MEM_PRIVATE = 0x20000,
            MEM_MAPPED = 0x40000,
            MEM_RESET = 0x80000,
            MEM_TOP_DOWN = 0x100000,
            MEM_WRITE_WATCH = 0x200000,
            MEM_PHYSICAL = 0x400000,
            MEM_IMAGE = 0x1000000
        }

        [Flags]
        public enum ProcessAccessType
        {
            PROCESS_TERMINATE = (0x0001),
            PROCESS_CREATE_THREAD = (0x0002),
            PROCESS_SET_sessionID = (0x0004),
            PROCESS_VM_OPERATION = (0x0008),
            PROCESS_VM_READ = (0x0010),
            PROCESS_VM_WRITE = (0x0020),
            PROCESS_DUP_HANDLE = (0x0040),
            PROCESS_CREATE_PROCESS = (0x0080),
            PROCESS_SET_QUOTA = (0x0100),
            PROCESS_SET_INFORMATION = (0x0200),
            PROCESS_QUERY_INFORMATION = (0x0400)
        }

        [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
        public struct STRINGBUFFER
        {
            [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 512)]
            public string szText;
        }
        public delegate bool EnumWindowsProc(IntPtr p_Handle, int p_Param);


        [DllImport("kernel32.dll")]
        public static extern IntPtr OpenProcess(ProcessAccessType dwDesiredAccess, int bInheritHandle, uint dwProcessId);

        [DllImport("kernel32.dll")]
        public static extern Int32 CloseHandle(IntPtr hObject);

        [DllImport("kernel32.dll")]
        public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesRead);

        [DllImport("kernel32.dll")]
        public static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesWritten);

        [DllImport("kernel32.dll")]
        public static extern IntPtr VirtualAllocEx(IntPtr hProcess, int lpAddress, int dwSize, MEM_COMMIT flAllocationType, MEM_PAGE flProtect);

        [DllImport("kernel32.dll")]
        public static extern IntPtr VirtualFreeEx(IntPtr hProcess, IntPtr lpAddress, int dwSize, MEM_COMMIT dwFreeType);

        [DllImport("User32.dll", CharSet = CharSet.Auto)]
        public static extern int GetWindowText(IntPtr hWnd, out STRINGBUFFER text, int nMaxCount);

        [DllImport("User32.dll", CharSet = CharSet.Auto)]
        public static extern int GetClassName(IntPtr hWnd, out STRINGBUFFER ClassName, int nMaxCount);

        [DllImport("user32.dll", CharSet = CharSet.Auto)]
        public static extern int SendMessage(IntPtr hWnd, int Msg, int wParam, int lParam);

        [DllImport("user32.dll", CharSet = CharSet.Auto)]
        public static extern int SendMessage(IntPtr hWnd, int Msg, int wParam, IntPtr lParam);

        [DllImport("user32.dll")]
        public static extern int EnumChildWindows(IntPtr hWndParent, EnumWindowsProc ewp, int lParam);

    }



}

上一篇：java社区开源内容管理系统---opencms

下一篇：Asp.net中Cookie简明参考