禁止任务管理器Kill Process

原创 2016年08月30日 22:58:47
Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function CreateToolhelpSnapshot Lib "kernel32" Alias "CreateToolhelp32Snapshot" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long
Private Declare Function ProcessFirst Lib "kernel32" Alias "Process32First" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function ProcessNext Lib "kernel32" Alias "Process32Next" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
'Private Declare Function ShowWindow Lib "user32" (ByVal hwnd As Long, ByVal nCmdShow As Long) As Long
Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Private Const TH32CS_SNAPPROCESS = &H2
Private Const TH32CS_SNAPheaplist = &H1
Private Const TH32CS_SNAPthread = &H4
Private Const TH32CS_SNAPmodule = &H8
Private Const TH32CS_SNAPall = TH32CS_SNAPPROCESS + TH32CS_SNAPheaplist + TH32CS_SNAPthread + TH32CS_SNAPmodule
Private Const MAX_PATH As Integer = 260
Private Const PROCESS_ALL_ACCESS = &H100000 + &HF0000 + &HFFF
 
Private Type PROCESSENTRY32
   dwSize As Long
   cntUseage As Long
   th32ProcessID As Long
   th32DefaultHeapID As Long
   th32ModuleID As Long
   cntThreads As Long
   th32ParentProcessID As Long
   pcPriClassBase As Long
   swFlags As Long
   szExeFile As String * 1024
End Type


Public RunKill As Boolean
 
Public Sub AntiKill()
  On Error Resume Next
 
    Dim MySnapHandle As Long
    Dim hProcess As Long
    Dim ProcessInfo As PROCESSENTRY32
    Dim Addr As Long, hMod As Long
    Dim ASM(0) As Byte
    Dim sProcess As String
    
    RunKill = False
    ASM(0) = &HC3
    'retn
    hMod = GetModuleHandle("kernel32")
    Addr = GetProcAddress(hMod, "TerminateProcess")
    'Debug.Print Hex(Addr)
    MySnapHandle = CreateToolhelpSnapshot(TH32CS_SNAPPROCESS, 0)
    ProcessInfo.dwSize = Len(ProcessInfo)
    If ProcessFirst(MySnapHandle, ProcessInfo) <> 0 Then
       Do
          DoEvents
          sProcess = Left(LCase(ProcessInfo.szExeFile), InStr(ProcessInfo.szExeFile, ".") + 3)
          If sProcess = "taskmgr.exe" Then
            hProcess = OpenProcess(PROCESS_ALL_ACCESS, False, ProcessInfo.th32ProcessID)
            'Debug.Print hProcess
            WriteProcessMemory hProcess, ByVal Addr, ByVal VarPtr(ASM(0)), 1, 0&
            'Debug.Print Err.LastDllError
            CloseHandle hProcess
            RunKill = True
          End If
       Loop While ProcessNext(MySnapHandle, ProcessInfo) <> 0
    End If
    
    CloseHandle MySnapHandle
    Err.Clear
 End Sub
版权声明:本文为博主原创文章,未经博主允许不得转载。

相关文章推荐

用C# 屏蔽系统热键(包括禁止使用任务管理器)

一般来说会用到hook(钩子),即获取系统的按键或者鼠标动作,然后在系统响应之前执行自定义动作,或者直接截断这个消息, 这就是屏蔽系统热键的原理了。 首先要调用操作系统的dll文件,先引入命名...

C++ 禁止任务管理器的另一种方法

禁止任务管理器有改注册表,有以独占方式打开C:\Windows\System32\taskmgr.exe,但是此方法 貌似在win7不管用,我要说的是是另一种 这种方法我也是从网上一篇任务管理器多...

windows下面hook系统api实现禁止任务管理器关闭程序

为了保护我们的进程不被人随便强制关闭,我们需要一种机制来实现,网上大概有几种方式:1.写一个驱动程序,在驱动程序里面hook系统的api来实现,例如ssdt方式,等等。2.就是在应用层挂钩系统api,...

任务管理器取消禁止

  • 2017-07-25 16:08
  • 139B
  • 下载

任务管理器禁止与解锁

c#禁止任务管理器关闭任务

禁止别人用任务管理器,结束自己的程序进程(.NET程序)。带着这个问题,我开始Google,开始baidu,又开始编程了。和原来的搜索结果一样,什么东西都是一筹莫展,得到的答案永远是:C#没有办法自己...

隐藏进程(在任务管理器中看不到),vc6.0

////////////////////////////////////////////////////////////////////////////////////////////////////...

剖析Windows任务管理器开发原理与实现(转)

原文地址: http://www.vckbase.com/document/viewdoc/?id=809    Windows2000/XP内含的任务管理器(Taskmgr)相信大家都熟...

android的手机任务管理器,关键功能实现方法总结

转自:http://blog.csdn.net/kay_wyong/article/details/6722552    4.4.1 获取正在运行的程序:     Activit...
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:深度学习:神经网络中的前向传播和反向传播算法推导
举报原因:
原因补充:

(最多只允许输入30个字)