关闭

禁止任务管理器Kill Process

56人阅读 评论(0) 收藏 举报
分类:
Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function CreateToolhelpSnapshot Lib "kernel32" Alias "CreateToolhelp32Snapshot" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long
Private Declare Function ProcessFirst Lib "kernel32" Alias "Process32First" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function ProcessNext Lib "kernel32" Alias "Process32Next" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
'Private Declare Function ShowWindow Lib "user32" (ByVal hwnd As Long, ByVal nCmdShow As Long) As Long
Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Private Const TH32CS_SNAPPROCESS = &H2
Private Const TH32CS_SNAPheaplist = &H1
Private Const TH32CS_SNAPthread = &H4
Private Const TH32CS_SNAPmodule = &H8
Private Const TH32CS_SNAPall = TH32CS_SNAPPROCESS + TH32CS_SNAPheaplist + TH32CS_SNAPthread + TH32CS_SNAPmodule
Private Const MAX_PATH As Integer = 260
Private Const PROCESS_ALL_ACCESS = &H100000 + &HF0000 + &HFFF
 
Private Type PROCESSENTRY32
   dwSize As Long
   cntUseage As Long
   th32ProcessID As Long
   th32DefaultHeapID As Long
   th32ModuleID As Long
   cntThreads As Long
   th32ParentProcessID As Long
   pcPriClassBase As Long
   swFlags As Long
   szExeFile As String * 1024
End Type


Public RunKill As Boolean
 
Public Sub AntiKill()
  On Error Resume Next
 
    Dim MySnapHandle As Long
    Dim hProcess As Long
    Dim ProcessInfo As PROCESSENTRY32
    Dim Addr As Long, hMod As Long
    Dim ASM(0) As Byte
    Dim sProcess As String
    
    RunKill = False
    ASM(0) = &HC3
    'retn
    hMod = GetModuleHandle("kernel32")
    Addr = GetProcAddress(hMod, "TerminateProcess")
    'Debug.Print Hex(Addr)
    MySnapHandle = CreateToolhelpSnapshot(TH32CS_SNAPPROCESS, 0)
    ProcessInfo.dwSize = Len(ProcessInfo)
    If ProcessFirst(MySnapHandle, ProcessInfo) <> 0 Then
       Do
          DoEvents
          sProcess = Left(LCase(ProcessInfo.szExeFile), InStr(ProcessInfo.szExeFile, ".") + 3)
          If sProcess = "taskmgr.exe" Then
            hProcess = OpenProcess(PROCESS_ALL_ACCESS, False, ProcessInfo.th32ProcessID)
            'Debug.Print hProcess
            WriteProcessMemory hProcess, ByVal Addr, ByVal VarPtr(ASM(0)), 1, 0&
            'Debug.Print Err.LastDllError
            CloseHandle hProcess
            RunKill = True
          End If
       Loop While ProcessNext(MySnapHandle, ProcessInfo) <> 0
    End If
    
    CloseHandle MySnapHandle
    Err.Clear
 End Sub
0
0

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    个人资料
    • 访问:3031次
    • 积分:112
    • 等级:
    • 排名:千里之外
    • 原创:7篇
    • 转载:10篇
    • 译文:0篇
    • 评论:0条
    文章分类