private class SetPID
{
public delegate void SETPID(uint iPID);
[DllImport("kernel32", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)]
public static extern SETPID GetProcAddress(IntPtr hModule, string procName);
}
[DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern uint GetCurrentProcessId();
private delegate int HookProc(int nCode, Int32 wParam, IntPtr lParam);
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true, ExactSpelling = true)]
private static extern HookProc GetProcAddress(IntPtr hModule, string procName);
[DllImport("kernel32.dll", CallingConvention = CallingConvention.StdCall)]
private static extern IntPtr LoadLibrary(string sComName);
[DllImport("user32.dll", CallingConvention = CallingConvention.StdCall)]
private static extern IntPtr SetWindowsHookEx(int idHook, HookProc lpfn, IntPtr pInstance, int threadId);
[DllImport("user32.dll", CallingConvention = CallingConvention.StdCall)]
private static extern bool UnhookWindowsHookEx(IntPtr pHookHandle);
private const string NKCore = "NKCore.dll";
private const int WH_GETMESSAGE = 3;
public static bool ProtectProcess(uint processID, out IntPtr iHookProcedure)
{
//创建VC++核心动态库
string path = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, NKCore);
if (!File.Exists(path))
{
AppRuntime.CreateFileFromResource(false, "Rocky.Resources.NKCore.dll", path);
}
IntPtr pInstance = LoadLibrary(NKCore);
SetPID.SETPID pGPA = SetPID.GetProcAddress(pInstance, "SetPID");
if (pGPA == null)
{
iHookProcedure = IntPtr.Zero;
return false;
}
pGPA(processID);
HookProc HookProcedure = GetProcAddress(pInstance, "MsgProc");
iHookProcedure = SetWindowsHookEx(WH_GETMESSAGE, HookProcedure, pInstance, 0);
return iHookProcedure != IntPtr.Zero;
}
public static bool UnprotectProcess(ref IntPtr iHookProcedure)
{
return UnhookWindowsHookEx(iHookProcedure);
}
