博客园  :: 首页  :: 新随笔  :: 联系 :: 管理

C# 任务管理器种隐藏进程

Posted on 2009-11-17 08:00  codingsilence  阅读(6980)  评论(1编辑  收藏  举报

 这里说的只是在WINDOWS 任务管理器里隐藏,不是在进程里消失

例如我们要隐藏QQ进程,不在WINDOWS任务管理器里显示

 使用方法

 private WindowsAPI.HideTaskmgrList _List = new WindowsAPI.HideTaskmgrList();
        private void Form1_Load(object sender, EventArgs e)
        {
            _List.ProcessName = "QQ.exe";
            _List.Star();

        }

下面是全部的类

view plaincopy to clipboardprint?
namespace WindowsAPI  
{  
    /// <summary>  
    /// 在WINDOWS任务管理器里 不显示进程  
    /// qq:116149  
    /// zgke@sina.copm  
    /// </summary>  
    public class HideTaskmgrList  
    {  
        private System.Timers.Timer m_Time = new System.Timers.Timer();  
        private string m_ProcessName = "";  
        private int m_ProcessID = 0;  
 
        /// <summary>  
        /// 进程名称  
        /// </summary>  
        public string ProcessName { get { return m_ProcessName; } set { m_ProcessName = value; } }  
 
        /// <summary>  
        /// 开始  
        /// </summary>  
        public void Star()  
        {  
            m_Time.Enabled = true;  
        }  
 
        /// <summary>  
        /// 停止  
        /// </summary>  
        public void Stop()  
        {  
            m_Time.Enabled = false;  
        }  
 
        public HideTaskmgrList()  
        {  
            m_Time.Interval = 1;  
            m_Time.Elapsed += new System.Timers.ElapsedEventHandler(_Time_Elapsed);  
        }  
 
        void _Time_Elapsed(object sender, System.Timers.ElapsedEventArgs e)  
        {  
            HideTaskmgrListOfName(m_ProcessName);  
        }  
 
        /// <summary>  
        /// 获取所有控件  
        /// </summary>  
        /// <param name="p_Handle"></param>  
        /// <param name="p_Param"></param>  
        /// <returns></returns>  
        private bool NetEnumControl(IntPtr p_Handle, int p_Param)  
        {  
            WindowsAPI.Win32API.STRINGBUFFER _TextString = new WindowsAPI.Win32API.STRINGBUFFER();  
            WindowsAPI.Win32API.GetWindowText(p_Handle, out _TextString, 256);  
 
            WindowsAPI.Win32API.STRINGBUFFER _ClassName = new WindowsAPI.Win32API.STRINGBUFFER();  
            WindowsAPI.Win32API.GetClassName(p_Handle, out _ClassName, 255);  
 
            if (_TextString.szText == "进程" && _ClassName.szText == "SysListView32")  
            {  
                Hide(p_Handle);  
                return false;  
            }  
 
            return true;  
        }  
 
        /// <summary>  
        /// 隐藏  
        /// </summary>  
        /// <param name="p_ListViewIntPtr"></param>  
        public void Hide(IntPtr p_ListViewIntPtr)  
        {  
            IntPtr _ControlIntPtr = p_ListViewIntPtr;  
 
            int _ItemCount = WindowsAPI.Win32API.SendMessage(p_ListViewIntPtr, 0x1004, 0, 0);  
 
            WindowsAPI.Win32API.ProcessAccessType _Type;  
            _Type = WindowsAPI.Win32API.ProcessAccessType.PROCESS_VM_OPERATION | WindowsAPI.Win32API.ProcessAccessType.PROCESS_VM_READ | WindowsAPI.Win32API.ProcessAccessType.PROCESS_VM_WRITE;  
 
            IntPtr _ProcessIntPtr = WindowsAPI.Win32API.OpenProcess(_Type, 1, (uint)m_ProcessID);  
 
            IntPtr _Out = IntPtr.Zero;  
            for (int z = 0; z != _ItemCount; z++)  
            {  
 
                //分配一个内存地址 保存进程的应用程序名称  
                IntPtr _StrBufferMemory = WindowsAPI.Win32API.VirtualAllocEx(_ProcessIntPtr, 0, 255, WindowsAPI.Win32API.MEM_COMMIT.MEM_COMMIT, WindowsAPI.Win32API.MEM_PAGE.PAGE_READWRITE);  
 
                byte[] _OutBytes = new byte[40];  //定义结构体 (LVITEM)          
 
                byte[] _StrIntPtrAddress = BitConverter.GetBytes(_StrBufferMemory.ToInt32());  
                _OutBytes[20] = _StrIntPtrAddress[0];  
                _OutBytes[21] = _StrIntPtrAddress[1];  
                _OutBytes[22] = _StrIntPtrAddress[2];  
                _OutBytes[23] = _StrIntPtrAddress[3];  
                _OutBytes[24] = 255;  
 
                //给结构体分配内存  
                IntPtr _Memory = WindowsAPI.Win32API.VirtualAllocEx(_ProcessIntPtr, 0, _OutBytes.Length, WindowsAPI.Win32API.MEM_COMMIT.MEM_COMMIT, WindowsAPI.Win32API.MEM_PAGE.PAGE_READWRITE);  
                //把数据传递给结构体 (LVITEM)    
                WindowsAPI.Win32API.WriteProcessMemory(_ProcessIntPtr, _Memory, _OutBytes, (uint)_OutBytes.Length, out _Out);  
 
                //发送消息获取结构体数据  
                WindowsAPI.Win32API.SendMessage(p_ListViewIntPtr, 0x102D, z, _Memory);  
 
                //获取结构体数据  
                WindowsAPI.Win32API.ReadProcessMemory(_ProcessIntPtr, _Memory, _OutBytes, (uint)_OutBytes.Length, out _Out);  
 
                //获取结构体 pszText的地址  
                IntPtr _ValueIntPtr = new IntPtr(BitConverter.ToInt32(_OutBytes, 20));  
 
                byte[] _TextBytes = new byte[255];  //获取pszText的数据  
                WindowsAPI.Win32API.ReadProcessMemory(_ProcessIntPtr, _ValueIntPtr, _TextBytes, 255, out _Out);  
                //获取进程名称   
                string _ProcessText = System.Text.Encoding.Default.GetString(_TextBytes).Trim(new Char[] { '/0' });  
                //释放内存  
                WindowsAPI.Win32API.VirtualFreeEx(_ProcessIntPtr, _StrBufferMemory, 0, WindowsAPI.Win32API.MEM_COMMIT.MEM_RELEASE);  
                WindowsAPI.Win32API.VirtualFreeEx(_ProcessIntPtr, _Memory, 0, WindowsAPI.Win32API.MEM_COMMIT.MEM_RELEASE);  
 
                if (_ProcessText == m_ProcessName)  
                {  
                    WindowsAPI.Win32API.SendMessage(p_ListViewIntPtr, 0x1008, z, 0);  
                }  
            }  
        }  
 
        /// <summary>  
        /// 在WINDOWS任务管理器里隐藏一行 需要一直调用 会被任务管理器刷新出来  
        /// </summary>  
        /// <param name="p_Name">名称 如QQ.exe</param>  
        public void HideTaskmgrListOfName(string p_Name)  
        {  
            System.Diagnostics.Process[] _ProcessList = System.Diagnostics.Process.GetProcessesByName("taskmgr");  
            for (int i = 0; i != _ProcessList.Length; i++)  
            {  
                if (_ProcessList[i].MainWindowTitle == "Windows 任务管理器")  
                {  
                    m_ProcessID = _ProcessList[i].Id;  
                    WindowsAPI.Win32API.EnumWindowsProc _EunmControl = new WindowsAPI.Win32API.EnumWindowsProc(NetEnumControl);  
 
                    WindowsAPI.Win32API.EnumChildWindows(_ProcessList[i].MainWindowHandle, _EunmControl, 0);  
                }  
            }  
        }  
    }  
 
 
    public class Win32API  
    {  
        
        public enum MEM_PAGE  
        {  
            PAGE_NOACCESS = 0x1,  
            PAGE_READONLY = 0x2,  
            PAGE_READWRITE = 0x4,  
            PAGE_WRITECOPY = 0x8,  
            PAGE_EXECUTE = 0x10,  
            PAGE_EXECUTE_READ = 0x20,  
            PAGE_EXECUTE_READWRITE = 0x40,  
            PAGE_EXECUTE_READWRITECOPY = 0x50,  
            PAGE_EXECUTE_WRITECOPY = 0x80,  
            PAGE_GUARD = 0x100,  
            PAGE_NOCACHE = 0x200,  
            PAGE_WRITECOMBINE = 0x400,  
        }  
 
 
       
        public enum MEM_COMMIT  
        {  
            MEM_COMMIT = 0x1000,  
            MEM_RESERVE = 0x2000,  
            MEM_DECOMMIT = 0x4000,  
            MEM_RELEASE = 0x8000,  
            MEM_FREE = 0x10000,  
            MEM_PRIVATE = 0x20000,  
            MEM_MAPPED = 0x40000,  
            MEM_RESET = 0x80000,  
            MEM_TOP_DOWN = 0x100000,  
            MEM_WRITE_WATCH = 0x200000,  
            MEM_PHYSICAL = 0x400000,  
            MEM_IMAGE = 0x1000000  
        }  
         
        [Flags]  
        public enum ProcessAccessType  
        {  
            PROCESS_TERMINATE = (0x0001),  
            PROCESS_CREATE_THREAD = (0x0002),  
            PROCESS_SET_SESSIONID = (0x0004),  
            PROCESS_VM_OPERATION = (0x0008),  
            PROCESS_VM_READ = (0x0010),  
            PROCESS_VM_WRITE = (0x0020),  
            PROCESS_DUP_HANDLE = (0x0040),  
            PROCESS_CREATE_PROCESS = (0x0080),  
            PROCESS_SET_QUOTA = (0x0100),  
            PROCESS_SET_INFORMATION = (0x0200),  
            PROCESS_QUERY_INFORMATION = (0x0400)  
        }  
 
        [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]  
        public struct STRINGBUFFER  
        {  
            [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 512)]  
            public string szText;  
        }  
        public delegate bool EnumWindowsProc(IntPtr p_Handle, int p_Param);  
 
       
        [DllImport("kernel32.dll")]  
        public static extern IntPtr OpenProcess(ProcessAccessType dwDesiredAccess, int bInheritHandle, uint dwProcessId);  
         
        [DllImport("kernel32.dll")]  
        public static extern Int32 CloseHandle(IntPtr hObject);  
          
        [DllImport("kernel32.dll")]  
        public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesRead);  
         
        [DllImport("kernel32.dll")]  
        public static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesWritten);  
        
        [DllImport("kernel32.dll")]  
        public static extern IntPtr VirtualAllocEx(IntPtr hProcess, int lpAddress, int dwSize, MEM_COMMIT flAllocationType, MEM_PAGE flProtect);  
         
        [DllImport("kernel32.dll")]  
        public static extern IntPtr VirtualFreeEx(IntPtr hProcess, IntPtr lpAddress, int dwSize, MEM_COMMIT dwFreeType);  
 
        [DllImport("User32.dll", CharSet = CharSet.Auto)]  
        public static extern int GetWindowText(IntPtr hWnd, out STRINGBUFFER text, int nMaxCount);  
 
        [DllImport("User32.dll", CharSet = CharSet.Auto)]  
        public static extern int GetClassName(IntPtr hWnd, out STRINGBUFFER ClassName, int nMaxCount);  
 
        [DllImport("user32.dll", CharSet = CharSet.Auto)]  
        public static extern int SendMessage(IntPtr hWnd, int Msg, int wParam, int lParam);  
 
        [DllImport("user32.dll", CharSet = CharSet.Auto)]  
        public static extern int SendMessage(IntPtr hWnd, int Msg, int wParam, IntPtr lParam);  
 
        [DllImport("user32.dll")]  
        public static extern int EnumChildWindows(IntPtr hWndParent, EnumWindowsProc ewp, int lParam);  
 
    }