防止从任务管理器中结束进程
[DllImport("kernel32")]
private static extern IntPtr TerminateProcess(IntPtr hProcess, int uExitCode);
[DllImport("kernel32")]
private static extern IntPtr OpenProcess(Single dwDesiredAccess, bool bInheritHandle, int dwProcessId);
[DllImport("kernel32")]
private static extern IntPtr CloseHandle(IntPtr hObject);
[DllImport("kernel32")]
private static extern IntPtr WriteProcessMemory(IntPtr hProcess, int lpBaseAddress, ref byte lpBuffer, int nSize, int lpNumberOfBytesWritten);
[DllImport("kernel32")]
private static extern IntPtr CreateToolhelp32Snapshot(short lFlags, int lProcessID);
[DllImport("kernel32")]
private static extern bool Process32First(IntPtr hSnapShot, ref PROCESSENTRY32 uProcess);
[DllImport("kernel32")]
private static extern bool Process32Next(IntPtr hSnapShot, ref PROCESSENTRY32 uProcess);
[DllImport("kernel32")]
private static extern int ShowWindow(int hwnd, int nCmdShow);
[DllImport("kernel32")]
private static extern int GetModuleHandle(string lpModuleName);
[DllImport("kernel32")]
private static extern int GetProcAddress(int hModule, string lpProcName);
private const short TH32CS_SNAPPROCESS = 0x2;
private const short TH32CS_SNAPheaplist = 0x1;
private const short TH32CS_SNAPthread = 0x4;
private const short TH32CS_SNAPmodule = 0x8;
private const short TH32CS_SNAPall = TH32CS_SNAPPROCESS | TH32CS_SNAPheaplist | TH32CS_SNAPthread | TH32CS_SNAPmodule;
private const short MAX_PATH = 260;
private const Single PROCESS_ALL_ACCESS = 0x100000 + 0xF0000 + 0xFFF;
private struct PROCESSENTRY32
{
public int dwSize;//结构大小,以字节为单位
public int cntUseage;//进程的引用计数
public int th32ProcessID;//进程的PID
public int th32DefaultHeapID;//进程的默认堆ID,为0
public int th32ModuleID;//进程的模块ID,为0
public int cntThreads;//此进程开启的线程计数
public int th32ParentProcessID;//父进程ID
public int pcPriClassBase;//优先级别
public int swFlags;
//UPGRADE_WARNING: Fixed-length string size must fit in the buffer. Click for more: 'ms-help://MS.VSCC.v80/dv_commoner/local/redirect.htm?keyword="3C1E4426-0B80-443E-B943-0627CD55D48B"'
//[VBFixedString(1024), System.Runtime.InteropServices.MarshalAs(System.Runtime.InteropServices.UnmanagedType.ByValArray, SizeConst:=1024)] Public szExeFile() As Char
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 1024)]
public char[] szExeFile;//进程全名
}
/// <summary>
/// 防止从任务管理器中结束进程
/// </summary>
/// <param name="processName">进程名</param>
public void AntiKill(string processName)
{
IntPtr MySnapHandle;
IntPtr hProcess;
PROCESSENTRY32 ProcessInfo = new PROCESSENTRY32();
int Addr, hMod;
byte[] ASM = new byte[1];
string sProcess;
ASM[0] = 0xc3;
hMod = GetModuleHandle("kernel32");
Addr = GetProcAddress(hMod, "TerminateProcess");
MySnapHandle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
ProcessInfo.dwSize = System.Runtime.InteropServices.Marshal.SizeOf(ProcessInfo);
if (Process32First(MySnapHandle, ref ProcessInfo))
{
do
{
sProcess = new string(ProcessInfo.szExeFile);
if (sProcess.ToLower() .IndexOf(processName)>-1)
{
hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, ProcessInfo.th32ProcessID);
WriteProcessMemory(hProcess, Addr, ref ASM[0], 1, 0);
CloseHandle(hProcess);
}
}
while (Process32Next(MySnapHandle,ref ProcessInfo));
}
CloseHandle(MySnapHandle);
}
浙公网安备 33010602011771号