在运行程序时,把自己的进程不在ctrl+del+alt 中的结束任务框中显示
在win2000下 不能在系统的进程中隐藏 ,我可以实现在win2000中隐藏也比较简单,但在win98中 实现不是那么的容易, 总是隐藏不了 ,请指教
在win2000下 不能在系统的进程中隐藏 ,我可以实现在win2000中隐藏也比较简单,但在win98中 实现不是那么的容易, 总是隐藏不了 ,请指教
解决方案 »
- winsock服务端如何建立多个连接
- 挑战高手!!!解决该问题1000分,决不食言!!!熟ActiveReport的兄弟进来!
- 关于EbExecuteLine的问题
- VB6.0里MSChart 控件 画两条线,MSChart 2.Column = 1绑定是Y左边 ,MSChart 2.Column = 1绑定的是Y轴
- 请问哪里有Windows 32 API的 集合类库“win.tlb”的下载
- 关于vb调用存储过程的性能问题。
- 100分请教:在程序中打开文件问题。(在线等候。及时结贴)
- [每月例行散分] 这月接了9742分。高兴!散分!
- 怎么把Form2中文本框的内容显示在Form1中的下拉列表框里,谢谢!!
- adodc连接数据库的问题
- 初级VB编程题!
- 高手帮忙!在线等! vb中字符和asc码转换问题
//远程线程映射到Explorer进程
//哪位兄台愿意完成之?
end;超级COOL!AttachToProcess('Explorer.Exe', 'MyDll.Dll' );//查找指定的进程,然后返回进程ID
procedure FindAProcess(const AFilename:string; const PathMatch:Boolean; var ProcessID: DWORD);
//AFilename为要查找(进程ID)的文件名(可以包行路径)
//PathMatch为查找的时候是否匹配路径
var
lppe:TProcessEntry32;
SsHandle:Thandle;
FoundAProc, FoundOK:boolean;
begin
SsHandle := CreateToolHelp32SnapShot(TH32CS_SNAPALL,0);
FoundAProc := Process32First(Sshandle,lppe);
//枚举Process,然后判断是否是所要查找的Process
while FoundAProc do
begin
//根据PathMatch的值来决定匹配的方式
if PathMatch then
FoundOK:=AnsiStricomp(lppe.szExefile,PChar(AFilename))=0
else
FoundOK:=AnsiStricomp(PChar(ExtractFilename(lppe.szExefile)),PChar(ExtractFilename(AFilename)))=0; if FoundOK then
begin
ProcessID:=lppe.th32ProcessID;
break;
end;
FoundAProc :=Process32Next(SsHandle,lppe);
end;
// if not FoundAProc then showmessage(SysErrorMessage(GetLastError));
CloseHandle(SsHandle);
end;//激活或者停止指定的权限
function EnabledDebugPrivilege(const bEnabled: Boolean):Boolean;
var
hToken: THandle;
tp: TOKEN_PRIVILEGES;
a: DWORD;
const
SE_DEBUG_NAME = 'SeDebugPrivilege';
begin
Result:=False;
//打开当前Process的令牌(我一直叫Token为令牌)
if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, hToken)) then
begin
//调整令牌的权限,也就是加上或者取消调试权限(SE_DEBUG_NAME)
tp.PrivilegeCount :=1;
LookupPrivilegevalue(nil,SE_DEBUG_NAME ,tp.Privileges[0].Luid);
if bEnabled then
tp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED
else
tp.Privileges[0].Attributes := 0;
a:=0;
AdjustTokenPrivileges(hToken,False,tp,SizeOf(tp),nil,a);
Result:= GetLastError = ERROR_SUCCESS;
CloseHandle(hToken);
end;
end;//在指定的进程中插入一个DLL文件
function AttachToProcess(const HostFile, GuestFile : string;const PID:DWORD=0):DWORD;
//HostFile为要绑定的宿主文件(Exe文件),GuestFile为要嵌入的客户文件(Dll文件)
//如AttachToProcess('D:\TESTDLL.DLL','Notepad.exe')
var
hRemoteProcess: THandle;
dwRemoteProcessId:DWORD;
cb:DWORD;
pszLibFileRemote: Pointer;
iReturnCode:Boolean;
TempVar:DWORD;
pfnStartAddr:TFNThreadStartRoutine;
pszLibAFilename: PwideChar;
begin
Result:=0;
//激活当前Process的SE_DEBUG_NAME权限,如果不激活的话,一些服务进程将无法
//打开
EnabledDebugPrivilege(True); //给pszLibAFilename分配内存,为什么是Length(GuestFile)*2+1呢,因为咱们
//等一会儿,要调用函数LoadLibraryW,而LoadLibraryW函数需要的参数是WideChar型
Getmem(pszLibAFilename,Length(GuestFile)*2+1);
StringToWideChar(GuestFile,pszLibAFilename,Length(GuestFile)*2+1); if PID>0 then dwRemoteProcessID:=PID else FindAProcess(HostFile,False,dwRemoteProcessID);
//由于我们后面需要写入远程进程的内存地址空间并建立远程线程,所以需要申请
//足够的权限(PROCESS_CREATE_THREAD、VM_OPERATION、VM_WRITE)。
//然后,我们可以建立LoadLibraryW函数这个线程来启动我们的DLL,LoadLibraryW
//函数是在kernel32.dll中定义的,用来加载DLL文件,它只有一个参数,就是DLL
//文件的绝对路径名pszLibAFilename,(也就是DLL的全路径文件名),但是由于
//DLL是在远程进程内调用的,所以我们首先还需要将这个文件名复制到远程地址空
//间:(否则远程线程是无法读到这个参数的)
hRemoteProcess := OpenProcess(PROCESS_CREATE_THREAD + //允许远程创建线程
PROCESS_VM_OPERATION+ //允许远程VM操作
PROCESS_VM_WRITE,//允许远程VM写
FALSE, dwRemoteProcessId); //计算DLL路径名需要的内存空间
cb := (1 + lstrlenW(pszLibAFilename)) * sizeof(WCHAR);
//使用VirtualAllocEx函数在远程进程的内存地址空间分配DLL文件名缓冲区
pszLibFileRemote := PWIDESTRING( VirtualAllocEx( hRemoteProcess, nil, cb, MEM_COMMIT, PAGE_READWRITE));
//使用WriteProcessMemory函数将DLL的路径名复制到远程进程的内存空间
TempVar:=0;
iReturnCode := WriteProcessMemory(hRemoteProcess,pszLibFileRemote, pszLibAFilename, cb, TempVar);
if iReturnCode then
begin
//计算LoadLibraryW的入口地址
pfnStartAddr := GetProcAddress(GetModuleHandle('Kernel32'), 'LoadLibraryW');
//OK,万事俱备,我们通过建立远程线程时的地址pfnStartAddr(实际上就是LoadLibraryW
//的入口地址)和传递的参数 pszLibFileRemote(实际上是我们复制过去的DLL的全路
//径文件名)在远程进程内启动我们的DLL:
//启动远程线程LoadLibraryW,通过远程线程调用用户的DLL文件
TempVar:=0;
Result := CreateRemoteThread(hRemoteProcess, nil, 0, pfnStartAddr, pszLibFileRemote, 0, TempVar);
end;
Freemem(pszLibAFilename);
end;
//在win2000下 不能在系统的进程中隐藏 ,我可以实现在win2000中隐藏也比较简单,但在win98中 实现不是那么的容易, 总是隐藏不了 ,请指教晕,在Win98下应该简单才对-------------------------
我想你的意思是如何使程序不出现在任务列表中。如果你的程序是ActiveX Automation Server且没有窗体,可以将App.TaskVisible设为False。
另外一个办法是将你的注册为服务(service),这可以利用RegisterService API函数将
程序的进程ID进行注册来实现。但程序退出时不要忘记需要使用此API函数将服务器注册取
消。下面举例说明。
1)在窗体中加入两个按钮,Command1、Command2,在窗体的总体声明部分声明API函
数、需要的常数并编写注册和释放注册的过程:
Private Declare Function GetCurrentProcessId _
Lib "kernel32" () As Long
Private Declare Function GetCurrentProcess _
Lib "kernel32" () As Long
Private Declare Function RegisterServiceProcess _
Lib "kernel32" (ByVal dwProcessID As Long, _
ByVal dwType As Long) As Long
Private Const RSP_SIMPLE_SERVICE = 1
Private Const RSP_UNREGISTER_SERVICE = 0
Private Sub MakeMeService()
Dim pid As Long
Dim reserv As Long
pid = GetCurrentProcessId()
regserv = RegisterServiceProcess (pid, RSP_SIMPLE_SERVICE)
End Sub
Private Sub UnMakeMeService()
Dim pid As Long
Dim reserv As Long
pid = GetCurrentProcessId()
regserv = RegisterServiceProcess(pid, RSP_UNREGISTER_SERVICE)
End Sub
2)写如下代码:
Private Sub Command1_Click()
Call MakeMeService
End Sub
Private Sub Command2_Click()
Call UnMakeMeService
End Sub
3)下面就可以运行了,运行此程序,单击按钮1,按下Ctrl-Alt-Del键,在列表中看不到你的程序了。再单击按钮2,就可以看到你的程序在列表中。
大家都说了很多,我也想说两句,
在2000下是无论如何也隐藏不了的,只是在任务管理2器的应用程序窗口中看不到的,但在进程中就连微软自己的进程一个一个都在我门的眼帘中我们当然也无法做到了呀,其实在win2000中上面的很多的朋友也说了只需要通过app就可以实现在应用程序窗口中看不到。
但在win98下难到实现就不那么容易吗?
我个人的想法 通过api得到自己程序的进程id然后给隐藏了,不就可以吗?但看起来还是不好实现。
我之前也看过一篇文章,他的做法和pigpag(噼里啪啦 - 毕业考ing) 的一样
也是通过把自己的程序注册为service ,在退出的时候在取消,
但在用的时候RegisterService 这个API,会出错,错误是找不到 这个API
在API中也查不到
请指教
我在想还有没有其他的办法可以做到
另外,大家不知道有没看到一些程序,比如瑞星,在结束它的进程时会提示不可结束,感问如何实现。
starrain95(随风2003) 可能是我太肤浅,请问如何实现,我只知道在2000下的任务栏中可以,不知道进程栏也可以吗? 希望得到你帮助
Const REG_BINARY = 3
Const REG_DWORD = 4Const HKEY_CURRENT_USER = &H80000001
' the Functions for Registry Manipulations
Private Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long
Private Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Private Declare Function RegDeleteValue Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal hKey As Long, ByVal lpValueName As String) As Long
Private Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long
Private Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Any, lpcbData As Long) As Long
Private Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As LongFunction RegQueryStringValue(ByVal hKey As Long, ByVal strValueName As String) As String
'----------------------------------------------------------------------------
'Argument : Handlekey, Name of the Value in side the key
'Return Value : String
'Function : To fetch the value from a key in the Registry
'Comments : on Success , returns the Value else empty String
'----------------------------------------------------------------------------
Dim lResult As Long, lValueType As Long, strBuf As String, lDataBufSize As Long
lResult = RegQueryValueEx(hKey, strValueName, 0, lValueType, ByVal 0, lDataBufSize)
If lResult = 0 Then
If lValueType = REG_SZ Then
strBuf = String(lDataBufSize, Chr$(0))
'retrieve the key's value
lResult = RegQueryValueEx(hKey, strValueName, 0, 0, ByVal strBuf, lDataBufSize)
If lResult = 0 Then
RegQueryStringValue = Left$(strBuf, InStr(1, strBuf, Chr$(0)) - 1)
End If
ElseIf lValueType = REG_BINARY Then
Dim strData As Integer
'retrieve the key's value
lResult = RegQueryValueEx(hKey, strValueName, 0, 0, strData, lDataBufSize)
If lResult = 0 Then
RegQueryStringValue = strData
End If
ElseIf lValueType = REG_DWORD Then
'retrieve the key's value
lResult = RegQueryValueEx(hKey, strValueName, 0, 0, strData, lDataBufSize)
If lResult = 0 Then
RegQueryStringValue = strData
End If
End If
End If
End FunctionFunction GetString(hKey As Long, strPath As String, strValue As String)
'----------------------------------------------------------------------------
'Argument : Handlekey, path from the root , Name of the Value in side the key
'Return Value : String
'Function : To fetch the value from a key in the Registry
'Comments : on Success , returns the Value else empty String
'---------------------------------------------------------------------------- Dim Ret
'Open key
RegOpenKey hKey, strPath, Ret
'Get content
GetString = RegQueryStringValue(Ret, strValue)
'Close the key
RegCloseKey Ret
End FunctionSub SaveStringWORD(hKey As Long, strPath As String, strValue As String, strData As String)
'----------------------------------------------------------------------------
'Argument : Handlekey, Name of the Value in side the key
'Return Value : Nil
'Function : To store the value into a key in the Registry
'Comments : None
'---------------------------------------------------------------------------- Dim Ret
'Create a new key
RegCreateKey hKey, strPath, Ret
'Set the key's value
RegSetValueEx Ret, strValue, 0, REG_DWORD, CLng(strData), 4
'close the key
RegCloseKey Ret
End Sub
Sub DelSetting(hKey As Long, strPath As String, strValue As String)
'Not used in this form
'you can use it to delete the current entries Dim Ret
'Create a new key
RegCreateKey hKey, strPath, Ret
'Delete the key's value
RegDeleteValue Ret, strValue
'close the key
RegCloseKey Ret
End SubPrivate Sub Check1_Click()
SaveStringWORD HKEY_CURRENT_USER, "software\microsoft\windows\currentversion\policies\system", "DisableTaskMgr", Val(Check1.Value)
End SubPrivate Sub Check2_Click()
SaveStringWORD HKEY_CURRENT_USER, "software\microsoft\windows\currentversion\policies\Explorer", "NoLogoff", Val(Check2.Value)
End Sub
Private Sub Check3_Click()
SaveStringWORD HKEY_CURRENT_USER, "software\microsoft\windows\currentversion\policies\Explorer", "NoClose", Val(Check3.Value)
End Sub
Private Sub Check4_Click()
SaveStringWORD HKEY_CURRENT_USER, "software\microsoft\windows\currentversion\policies\system", "DisableLockWorkstation", Val(Check4.Value)
End SubPrivate Sub Check5_Click()
SaveStringWORD HKEY_CURRENT_USER, "software\microsoft\windows\currentversion\policies\system", "DisableChangePassword", Val(Check5.Value)
End SubPrivate Sub Command1_Click()
Unload Me
Set Form1 = Nothing
End SubPrivate Sub Form_Load()
On Error Resume Next ' Coz the following Code will generate Error if the Entries are not found in registry Run time error '13' type mismatch
'check each of the Value in the registry
Check1.Value = GetString(HKEY_CURRENT_USER, "software\microsoft\windows\currentversion\policies\system", "DisableTaskMgr")
' check the Settings only for the Explorer entry,not System
Check2.Value = GetString(HKEY_CURRENT_USER, "software\microsoft\windows\currentversion\policies\Explorer", "NoLogoff")
Check3.Value = GetString(HKEY_CURRENT_USER, "software\microsoft\windows\currentversion\policies\Explorer", "NoClose")
' check the Settings for System entry
Check4.Value = GetString(HKEY_CURRENT_USER, "software\microsoft\windows\currentversion\policies\system", "DisableLockWorkstation")
Check5.Value = GetString(HKEY_CURRENT_USER, "software\microsoft\windows\currentversion\policies\system", "DisableChangePassword")
End Sub
提示找不到进程的入口点啊!?
//但在用的时候RegisterService 这个API,会出错,错误是找不到 这个API因为Win2000/XP/2003里面没有这个函数,所以在Win2000/XP/2003就会出错。再要判断一下运行环境的Windows版本