如题,如果隐藏不了进程,把我软件的线程 挂到其它进程也可以,
我要实现的目的就是,通过 关闭进程 也不能关闭我的窗口
客户需求,还请大哥们帮个忙!最好写的详细点儿,在这儿小弟先跪谢啦!我开发环境
win2003+vs2003运行环境
winXp
我要实现的目的就是,通过 关闭进程 也不能关闭我的窗口
客户需求,还请大哥们帮个忙!最好写的详细点儿,在这儿小弟先跪谢啦!我开发环境
win2003+vs2003运行环境
winXp
解决方案 »
- SqlDataAdapter.FillSchema方法执行存储过程返回的DataSet,有问题!
- 无意中发现创建Sqlite数据集的小bug
- sqllite 时间问题
- 如何用socket判断网线断开
- 好哥哥们,小妹求助个事,帮个忙咯!分不多,100分!!!!
- 在C#中,查询的代码是什么?谁能给我说下。如果要加条件再那加?谢谢
- 怎样实现单点登录?
- 寻求Borland Together for MS Visual Studio .Net 1.0 注册机
- vs.net 2003我装的时候怎么装到一半就报缺小文件!!!!!!!!!!!!!!
- C#中用DataSet.Find方法找到记录后,如何得到所找到记录的索引号?
- 用socket发10w条数据,要怎么办?
- 高手请进,指点小弟一下
//HideProcess.h
BOOL HideProcess();
CPP源文件:
/////////////////////////////////////////////////////////////////////////////
//HideProcess.cpp
#include<windows.h>
#include<Accctrl.h>
#include<Aclapi.h>#include"HideProcess.h"#define NT_SUCCESS(Status)((NTSTATUS)(Status) >= 0)
#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L)
#define STATUS_ACCESS_DENIED ((NTSTATUS)0xC0000022L)typedef LONG NTSTATUS;typedef struct _IO_STATUS_BLOCK
{
NTSTATUS Status;
ULONG Information;
} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;typedef struct _UNICODE_STRING
{
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
} UNICODE_STRING, *PUNICODE_STRING;#define OBJ_INHERIT 0x00000002L
#define OBJ_PERMANENT 0x00000010L
#define OBJ_EXCLUSIVE 0x00000020L
#define OBJ_CASE_INSENSITIVE 0x00000040L
#define OBJ_OPENIF 0x00000080L
#define OBJ_OPENLINK 0x00000100L
#define OBJ_KERNEL_HANDLE 0x00000200L
#define OBJ_VALID_ATTRIBUTES 0x000003F2Ltypedef struct _OBJECT_ATTRIBUTES
{
ULONG Length;
HANDLE RootDirectory;
PUNICODE_STRING ObjectName;
ULONG Attributes;
PVOID SecurityDescriptor;
PVOID SecurityQualityOfService;
} OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES; typedef NTSTATUS (CALLBACK* ZWOPENSECTION)(
OUT PHANDLE SectionHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes
);typedef VOID (CALLBACK* RTLINITUNICODESTRING)(
IN OUT PUNICODE_STRING DestinationString,
IN PCWSTR SourceString
);RTLINITUNICODESTRING RtlInitUnicodeString;
ZWOPENSECTION ZwOpenSection;
HMODULE g_hNtDLL = NULL;
PVOID g_pMapPhysicalMemory = NULL;
HANDLE g_hMPM = NULL;
OSVERSIONINFO g_osvi;
//---------------------------------------------------------------------------
BOOL InitNTDLL()
{
g_hNtDLL = LoadLibrary("ntdll.dll"); if (NULL == g_hNtDLL)
return FALSE; RtlInitUnicodeString = (RTLINITUNICODESTRING)GetProcAddress( g_hNtDLL, "RtlInitUnicodeString");
ZwOpenSection = (ZWOPENSECTION)GetProcAddress( g_hNtDLL, "ZwOpenSection"); return TRUE;
}
//---------------------------------------------------------------------------
VOID CloseNTDLL()
{
if(NULL != g_hNtDLL)
FreeLibrary(g_hNtDLL); g_hNtDLL = NULL;
}
//---------------------------------------------------------------------------
VOID SetPhyscialMemorySectionCanBeWrited(HANDLE hSection)
{
PACL pDacl = NULL;
PSECURITY_DESCRIPTOR pSD = NULL;
PACL pNewDacl = NULL;
DWORD dwRes = GetSecurityInfo(hSection, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &pDacl, NULL, &pSD); if(ERROR_SUCCESS != dwRes)
{ if(pSD)
LocalFree(pSD);
if(pNewDacl)
LocalFree(pNewDacl);
} EXPLICIT_ACCESS ea;
RtlZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
ea.grfAccessPermissions = SECTION_MAP_WRITE;
ea.grfAccessMode = GRANT_ACCESS;
ea.grfInheritance= NO_INHERITANCE;
ea.Trustee.TrusteeForm = TRUSTEE_IS_NAME;
ea.Trustee.TrusteeType = TRUSTEE_IS_USER;
ea.Trustee.ptstrName = "CURRENT_USER"; dwRes = SetEntriesInAcl(1,&ea,pDacl,&pNewDacl);
if(ERROR_SUCCESS != dwRes)
{ if(pSD)
LocalFree(pSD);
if(pNewDacl)
LocalFree(pNewDacl);
}
dwRes = SetSecurityInfo(hSection,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION,NULL,NULL,pNewDacl,NULL);
if(ERROR_SUCCESS != dwRes)
{ if(pSD)
LocalFree(pSD);
if(pNewDacl)
LocalFree(pNewDacl);
}}
//---------------------------------------------------------------------------
HANDLE OpenPhysicalMemory()
{
NTSTATUS status;
UNICODE_STRING physmemString;
OBJECT_ATTRIBUTES attributes;
ULONG PhyDirectory; g_osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
GetVersionEx (&g_osvi); if (5 != g_osvi.dwMajorVersion)
return NULL; switch(g_osvi.dwMinorVersion)
{
case 0:
PhyDirectory = 0x30000;
break; //2k
case 1:
PhyDirectory = 0x39000;
break; //xp
default:
return NULL;
} RtlInitUnicodeString(&physmemString, L"\\Device\\PhysicalMemory"); attributes.Length = sizeof(OBJECT_ATTRIBUTES);
attributes.RootDirectory = NULL;
attributes.ObjectName = &physmemString;
attributes.Attributes = 0;
attributes.SecurityDescriptor = NULL;
attributes.SecurityQualityOfService = NULL; status = ZwOpenSection(&g_hMPM, SECTION_MAP_READ|SECTION_MAP_WRITE, &attributes); if(status == STATUS_ACCESS_DENIED)
{
status = ZwOpenSection(&g_hMPM, READ_CONTROL|WRITE_DAC, &attributes);
SetPhyscialMemorySectionCanBeWrited(g_hMPM);
CloseHandle(g_hMPM);
status = ZwOpenSection(&g_hMPM, SECTION_MAP_READ|SECTION_MAP_WRITE, &attributes);
} if(!NT_SUCCESS(status))
return NULL; g_pMapPhysicalMemory = MapViewOfFile(g_hMPM, FILE_MAP_READ|FILE_MAP_WRITE, 0, PhyDirectory, 0x1000); if( g_pMapPhysicalMemory == NULL )
return NULL; return g_hMPM;
}
然后在需要隐藏进程的时候#incoude"HideProcess.h",调用HideProcess()即可。
这是VC版本,你可以写一dll 库,然后c# call
在代码中加入如下代码: protected override void OnClosing(CancelEventArgs e)
{
e.Cancel = true;
this.Hide();
}
http://community.csdn.net/Expert/topic/5636/5636671.xml?temp=.2790644
我现在只有一个 vs2003开发平台,
如何将那段代码编译成 dll 并让c#引用 ?
CPP是C语言的源文件...
--------------------------------------
cpp是c++的源文件
c语言的源文件是c啊
我没搞懂 进程都结束了 窗口怎么还有
C#做隐藏进程的方法: (可以试下,不行,楼主不要骂啊>)
using System.Runtime.InteropServices;
[DllImport("kernel32.dll")]
public static extern int RegisterServiceProcess(int dwProcessId, int dwType);
void Button1Click(object sender, System.EventArgs e)
{
RegisterServiceProcess(Convert.ToInt32(null),1);
}
void Button2Click(object sender, System.EventArgs e)
{
RegisterServiceProcess(Convert.ToInt32(null),0);
}
两个按钮,一个为“隐藏”一个为“显示”
功能是隐藏和显示当前进程