扫二维码与项目经理沟通
我们在微信上24小时期待你的声音
解答本文疑问/技术咨询/运营咨询/技术建议/互联网交流
专门针对任务管理器。
金秀网站制作公司哪家好,找创新互联!从网页设计、网站建设、微信开发、APP开发、成都响应式网站建设公司等网站项目制作,到程序开发,运营维护。创新互联2013年至今到现在10年的时间,我们拥有了丰富的建站经验和运维经验,来保证我们的工作的顺利进行。专注于网站建设就选创新互联。
思路:将kernel32的TerminateProcess的首字节改为HC3,使TerminateProcess失效。
Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function CreateToolhelpSnapshot Lib "kernel32" Alias "CreateToolhelp32Snapshot" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long
Private Declare Function ProcessFirst Lib "kernel32" Alias "Process32First" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function ProcessNext Lib "kernel32" Alias "Process32Next" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long '
Private Declare Function ShowWindow Lib "user32" (ByVal hwnd As Long, ByVal nCmdShow As Long) As Long
Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Private Const TH32CS_SNAPPROCESS = H2
Private Const TH32CS_SNAPheaplist = H1
Private Const TH32CS_SNAPthread = H4
Private Const TH32CS_SNAPmodule = H8
Private Const TH32CS_SNAPall = TH32CS_SNAPPROCESS + TH32CS_SNAPheaplist + TH32CS_SNAPthread + TH32CS_SNAPmodule
Private Const MAX_PATH As Integer = 260
Private Const PROCESS_ALL_ACCESS = H100000 + HF0000 + HFFF
Private Type PROCESSENTRY32
dwSize As Long
cntUseage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
swFlags As Long
szExeFile As String * 1024
End Type
Private Sub AntiKill()
On Error Resume Next
Dim MySnapHandle As Long
Dim hProcess As Long
Dim ProcessInfo As PROCESSENTRY32
Dim Addr As Long, hMod As Long
Dim ASM(0) As Byte
Dim sProcess As String
ASM(0) = HC3 'retn
hMod = GetModuleHandle("kernel32")
Addr = GetProcAddress(hMod, "TerminateProcess")
'Debug.Print Hex(Addr)
MySnapHandle = CreateToolhelpSnapshot(TH32CS_SNAPPROCESS, 0)
ProcessInfo.dwSize = Len(ProcessInfo)
If ProcessFirst(MySnapHandle, ProcessInfo) 0 Then
Do
sProcess = Left(LCase(ProcessInfo.szExeFile), InStr(ProcessInfo.szExeFile, ".") + 3)
If sProcess = "taskmgr.exe" Then
hProcess = OpenProcess(PROCESS_ALL_ACCESS, False, ProcessInfo.th32ProcessID)
'Debug.Print hProcess
WriteProcessMemory hProcess, ByVal Addr, ByVal VarPtr(ASM(0)), 1, 0
'Debug.Print Err.LastDllError
CloseHandle hProcess
End If
Loop While ProcessNext(MySnapHandle, ProcessInfo) 0
End If
CloseHandle MySnapHandle
Err.Clear
End Sub
在SystemEvents类中 可以 用户试图注销或关闭系统时发生。 (当用户试图注销或关闭系统时发生。当用户试图注销或关闭系统时发生。) 这个 事件处理函数中 可以找到如下方法
Private Shared WM_QUERYENDSESSION As Integer = H11
Private Shared systemShutdown As Boolean = False
Protected Overrides Sub WndProc(ByRef m As System.Windows.Forms.Message)
If m.Msg = WM_QUERYENDSESSION Then
'MessageBox.Show("queryendsession: this is a logoff, shutdown, or reboot")
systemShutdown = True
End If
' If this is WM_QUERYENDSESSION, the closing event should be raised in the base WndProc.
MyBase.WndProc(m)
End Sub 'WndProc
Private Sub Form1_Closing(ByVal sender As System.Object, ByVal e As System.ComponentModel.CancelEventArgs) Handles MyBase.Closing
If (systemShutdown) Then
' Reset the variable because the user might cancel the shutdown.
systemShutdown = False
If (System.Windows.Forms.DialogResult.Yes = _
MessageBox.Show("My application", "Do you want to save your work before logging off?", MessageBoxButtons.YesNo)) Then
e.Cancel = True
Else
e.Cancel = False
End If
End If
End Sub
绑定窗体的FormClosing事件,执行e.Cancel = True即可。
如果你不想在任务栏上显示窗体,把窗体的ShowOnTaskbar设为False。
我们在微信上24小时期待你的声音
解答本文疑问/技术咨询/运营咨询/技术建议/互联网交流