-
-
[原创]从任务管理器中删除自己(非hook)
-
发表于:
2009-9-18 13:30
7752
-
HWND m_hWnd=FindWindow("#32770","windows 任务管理器");
if (m_hWnd)
{
HWND hwnd=GetWindow(m_hWnd,GW_CHILD);
while(hwnd!=NULL)
{
HWND hwnd_s1=GetWindow(hwnd,GW_CHILD);
while(hwnd_s1!=NULL)
{
TCHAR wndtext[MAX_PATH]={0};
GetWindowText(hwnd_s1, wndtext,MAX_PATH);
if(lstrcmp(wndtext,"进程")==0)
{
//已经找到了任务管理器的进程列表框,直接搞不行,远程申请内存再搞
DWORD PID;
GetWindowThreadProcessId(m_hWnd, &PID);
HANDLE hProcess=OpenProcess(PROCESS_ALL_ACCESS,false,PID);
if(!hProcess) return false;
LVITEM lvitem, *plvitem;
char ItemBuf[512],*pItem;
plvitem=(LVITEM*)VirtualAllocEx(hProcess, NULL, sizeof(LVITEM),
MEM_COMMIT, PAGE_READWRITE);
pItem=(char*)VirtualAllocEx(hProcess, NULL,512, MEM_COMMIT, PAGE_READWRITE);
if ((!plvitem)||(!pItem)) return false;
lvitem.cchTextMax=512;
lvitem.iSubItem=0;
lvitem.pszText=pItem;
WriteProcessMemory(hProcess, plvitem, &lvitem, sizeof(LVITEM), NULL);
for (int i=0;i<=ListView_GetItemCount(hwnd_s1);i++)
{
SendMessage(hwnd_s1, LVM_GETITEMTEXT, (WPARAM)i,(LPARAM)plvitem);
ReadProcessMemory(hProcess, pItem, ItemBuf, 512, NULL);
if (strstr(ItemBuf,"win32对话框")>0)
{
ListView_DeleteItem(hwnd_s1,i);
}
}
}
hwnd_s1=GetWindow(hwnd_s1,GW_HWNDNEXT);
}
hwnd=GetWindow(hwnd,GW_HWNDNEXT);
}
}
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
....让一切HOOK变的简单...改任务管理器....
