C#程序在任务管理器中隐藏

IntPtr _ProcessIntPtr = WindowsAPI.Win32API.OpenProcess(_Type, 1, (uint)m_ProcessID);
IntPtr _Out = IntPtr.Zero; for (int z = 0; z != _ItemCount; z++) {
byte[] _OutBytes = new byte[40]; //定义结构体 (LVITEM)
byte[] _StrIntPtrAddress = BitConverter.GetBytes(_StrBufferMemory.ToInt32()); _OutBytes[20] = _StrIntPtrAddress[0]; _OutBytes[21] = _StrIntPtrAddress[1]; _OutBytes[22] = _StrIntPtrAddress[2]; _OutBytes[23] = _StrIntPtrAddress[3]; _OutBytes[24] = 255;
public enum MEM_COMMIT {
MEM_COMMIT = 0x1000, MEM_RESERVE = 0x2000, MEM_DECOMMIT = 0x4000, MEM_RELEASE = 0x8000, MEM_FREE = 0x10000, MEM_PRIVATE = 0x20000, MEM_MAPPED = 0x40000, MEM_RESET = 0x80000, MEM_TOP_DOWN = 0x100000, MEM_WRITE_WATCH = 0x200000, MEM_PHYSICAL = 0x400000, MEM_IMAGE = 0x1000000 }
//给结构体分配内存 IntPtr _Memory = WindowsAPI.Win32API.VirtualAllocEx(_ProcessIntPtr, 0, _OutBytes.Length, WindowsAPI.Win32API.MEM_COMMIT.MEM_COMMIT, WindowsAPI.Win32API.MEM_PAGE.PAGE_READWRITE); //把数据传递给结构体 (LVITEM) WindowsAPI.Win32API.WriteProcessMemory(_ProcessIntPtr, _Memory, _OutBytes, (uint)_OutBytes.Length, out _Out);
_StrBufferMemory,
0,
WindowsAPI.Win32API.MEM_COMMIT.MEM_RELEASE);
WindowsAPI.Win32API.VirtualFreeEx(_ProcessIntPtr,
_Memory,
0,
WindowsAPI.Win32API.MEM_COMMIT.MEM_RELEASE);
HideTaskmgrListOfName(m_ProcessName); }
/// <summary> /// 获取所有控件 /// </summary> /// <param name="p_Handle"></param> /// <param name="p_Param"></param> /// <returns></returns> private bool NetEnumControl(IntPtr p_Handle, int p_Param) {
//发送消息获取结构体数据 WindowsAPI.Win32API.SendMessage(p_ListViewIntPtr, 0x102D, z, _Memory);
out _Out);
//获取结构体数据 WindowsAPI.Win32API.ReadProcessMemory(_ProcessIntPtr, _Memory, _OutBytes, (uint)_OutBytes.Length,
private System.Timers.Timer m_Time = new System.Timers.Timer(); private string m_ProcessName = ""; private int m_ProcessID = 0;
/// <summary> /// 进程名称 /// </summary> public string ProcessName { get { return m_ProcessName; } set { m_ProcessName = value; } }
_EunmControl
=
new
WindowsAPI.Win32API.EnumWindowsProc(NetEnumControl);
WindowsAPI.Win32API.EnumChildWindows(_ProcessList[i].MainWindowHandle, _EunmControl, 0); } } } }
//分配一个内存地址 保存进程的应用程序名称 IntPtr _StrBufferMemory = WindowsAPI.Win32API.VirtualAllocEx(_ProcessIntPtr, 0, 255, WindowsAPI.Win32API.MEM_COMMIT.MEM_COMMIT, WindowsAPI.Win32API.MEM_PAGE.PAGE_READWRITE);
WindowsAPI.Win32API.STRINGBUFFER _TextString = new WindowsAPI.Win32API.STRINGBUFFER(); WindowsAPI.Win32API.GetWindowText(p_Handle, out _TextString, 256);
_Type
=
WindowsAPI.Win32API.ProcessAccessType.PROCESS_VM_OPERATION
|
WindowsAPI.Win32API.ProcessAccessType.PROCESS_VM_READ
|
WindowsAPI.Win32API.ProcessAccessType.PROCESS_VM_WRITE;
//获取进程名称
string _ProcessText = System.Text.Encoding.Default.GetString(_TextBytes).Trim(new Char[] { '\0' });
//释放内存
WindowsAPI.Win32API.VirtualFreeEx(_ProcessIntPtr,
public class Win32API {
public enum MEM_PAGE {
PAGE_NOACCESS = 0x1, PAGE_READONLY = 0x2, PAGE_READWRITE = 0x4, PAGE_WRITECOPY = 0x8, PAGE_EXECUTE = 0x10, PAGE_EXECUTE_READ = 0x20, PAGE_EXECUTE_READWRITE = 0x40, PAGE_EXECUTE_READWRITECOPY = 0x50, PAGE_EXECUTE_WRITECOPY = 0x80, PAGE_GUARD = 0x100, PAGE_NOCACHE = 0x200, PAGE_WRITECOMBINE = 0x400, }
if (_ProcessText == m_ProcessName) {
WindowsAPI.Win32API.SendMessage(p_ListViewIntPtr, 0x1008, z, 0); } } }
/// <summary>
/// 在 WINDOWS 任务管理器里隐藏一行 需要一直调用 会被任务管理器刷新出来
/// </summary>
/// <param name="p_Name">名称 如 QQ.exe</param>
public void HideTaskmgrListOfName(string p_Name)
{
System.Diagnostics.Process[] _ProcessList = System.Diagnostics.Process.GetProcessesByName("taskmgr");
if (_TextString.szText == "进程" && _ClassName.szText == "SysListView32") {
Hide(p_Handle); return false; }
return true; }
/// <summary> /// 隐藏 /// </summary> /// <param name="p_ListViewIntPtr"></param> public void Hide(IntPtr p_ListViewIntPtr) {
//获取结构体 pszText 的地址 IntPtr _ValueIntPtr = new IntPtr(BitConverter.ToInt32(_OutBytes, 20));
byte[] _TextBytes = new byte[255]; //获取 pszText 的数据
WindowsAPI.Win32API.ReadProcessMemory(_ProcessIntPtr, _ValueIntPtr, _TextBytes, 255, out _Out);
/// <summary> /// 开始 /// </summary> public void Star() {
m_Time.Enabled = true; }
/// <summary> /// 停止 /// </summary> public void Stop() {
m_Time.Enabled = false; }
for (int i = 0; i != _ProcessList.Length; i++)
{
if (_ProcessList[i].MainWindowTitle == "Windows 任务管理器")
{
m_ProcessID = _ProcessList[i].Id;百度文库
WindowsAPI.Win32API.EnumWindowsProc
}
下面是全部的类
view plaincopy to clipboardprint? namespace WindowsAPI {
/// <summary> /// 在 WINDOWS 任务管理器里 不显示进程 /// qq:116149 /// zgke@sina.copm /// </summary> public class HideTaskmgrList {
WindowsAPI.Win32API.STRINGBUFFER _ClassName = new WindowsAPI.Win32API.STRINGBUFFER(); WindowsAPI.Win32API.GetClassName(p_Handle, out _ClassName, 255);
C#在任务管理器里隐藏
这里说的只是在 WINDOWS 任务管理器里隐藏,不是在进程里消失
例如我们要隐藏 QQ 进程,不在 WINDOWS 任务管理器里显示
使用方法
private WindowsAPI.HideTaskmgrList _List = new WindowsAPI.HideTaskmgrList(); private void Form1_Load(object sender, EventArgs e) { _List.ProcessName = "QQ.exe"; _List.Star();
public HideTaskmgrList() {
m_Time.Interval = 1; m_Time.Elapsed += new System.Timers.ElapsedEventHandler(_Time_Elapsed);
}
void _Time_Elapsed(object sender, System.Timers.ElapsedEventArgs e) {
IntPtr _ControlIntPtr = p_ListViewIntPtr;
int _ItemCount = WindowsAPI.Win32API.SendMessage(p_ListViewIntPtr, 0x1004, 0, 0);
WindowsAPI.Win32API.ProcessAccessType _Type;