Delphi 任务管理器隐藏windows 7上的处理器问题
我一直在Windows XP 32位上为我的应用程序使用此代码。它对我来说工作得很好,但现在我迁移到Windows7 64位,它停止了工作。如何在Windows 7上实现此功能?我用的是Delphi7Delphi 任务管理器隐藏windows 7上的处理器问题,delphi,Delphi,我一直在Windows XP 32位上为我的应用程序使用此代码。它对我来说工作得很好,但现在我迁移到Windows7 64位,它停止了工作。如何在Windows 7上实现此功能?我用的是Delphi7 program Project1; {$APPTYPE CONSOLE} uses Windows, CommCtrl, dialogs , sysutils, classes; var myTimerHandle:WORD; msg:TMSG; Function Magchar(co
program Project1;
{$APPTYPE CONSOLE}
uses
Windows, CommCtrl, dialogs , sysutils, classes;
var
myTimerHandle:WORD;
msg:TMSG;
Function Magchar(const S:string): string;
var
Ch: Char;
L: Integer;
Source, Dest: PChar;
begin
L := Length(S);
SetLength(Result, L);
Source := Pointer(S);
Dest := Pointer(Result);
while L <> 0 do
begin
Ch := Source^;
if (Ch >= 'A') and (Ch <= 'Z') then
Inc(Ch, 32); Dest^ := Ch; Inc(Source); Inc(Dest); Dec(L);
end;
end;
Function CacheCache(_Processus:string):string;
var
dwSize, dwNumberOfBytes, PID, hProcess:Cardinal;
PLocalShared, PSysShared:PlvItem;
wnd: THandle;
iCount, i: integer;
szTemp:string;
begin
wnd := FindWindow('#32770',nil);
wnd := FindWindowEx(wnd, 0, '#32770', nil);
wnd := FindWindowEx(wnd, 0, 'SysListView32',nil);
iCount := SendMessage(wnd, LVM_GETITEMCOUNT, 0, 0);
for
i := 0 to iCount -1 do
begin
dwSize := SizeOf(LV_ITEM) + SizeOf(CHAR) * MAX_PATH;
pLocalShared := VirtualAlloc(nil, dwSize, MEM_RESERVE + MEM_COMMIT, PAGE_READWRITE);
GetWindowThreadProcessID(WND, @PID);
hProcess := OpenProcess(PROCESS_VM_OPERATION OR PROCESS_VM_READ OR PROCESS_VM_WRITE, FALSE, PID);
pSysShared := VirtualAllocEx(hProcess, nil, dwSize, MEM_RESERVE OR MEM_COMMIT, PAGE_READWRITE);
pLocalShared.mask := LVIF_TEXT;
pLocalShared.iItem := 0;
pLocalShared.iSubItem := 0;
pLocalShared.pszText := LPTSTR(DWord(pSysShared) + SizeOf(LV_ITEM));
pLocalShared.cchTextMax := 100;
WriteProcessMemory(hProcess, pSysShared, pLocalShared, 1024, dwNumberOfBytes);
SendMessage(wnd, LVM_GETITEMTEXT, i, LPARAM(pSysShared));
ReadProcessMemory(hProcess, pSysShared, pLocalShared, 1024, dwNumberOfBytes);
szTemp := PChar(DWord(pLocalShared) + SizeOf(LV_ITEM));
if Pos(_Processus, MagChar(szTemp)) > 0 then
ListView_DeleteItem(wnd, i);
VirtualFree(pLocalShared, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, pSysShared, 0, MEM_RELEASE);
CloseHandle(hProcess);
end;
end;
procedure TimerProc(Wnd:HWnd;Msg,TimerID,dwTime:DWORD);stdcall;
begin
CacheCache('myapp.exe');
end;
procedure StartTimer(Interval:Dword);
begin
MyTimerHandle:=SetTimer(0,0,Interval,@TimerProc);
end;
begin
StartTimer(1);
while (GetMessage(Msg,0,0,0)) Do
begin
TranslateMessage(Msg);
DispatchMessage(Msg);
end;
end.
程序项目1;
{$APPTYPE控制台}
使用
Windows、CommCtrl、对话框、sysutils、类;
变量
myTimerHandle:WORD;
msg:TMSG;
函数Magchar(const S:string):string;
变量
Ch:Char;
L:整数;
来源,目的地:PChar;
开始
L:=长度(S);
设定长度(结果,L);
来源:=指针;
Dest:=指针(结果);
而我是
开始
Ch:=来源^;
如果(通道>='A')和(通道0),则
ListView_DeleteItem(wnd,i);
VirtualFree(pLocalShared,0,MEM_发布);
VirtualFreeEx(hProcess、pSysShared、0、MEM_发行版);
CloseHandle(hProcess);
终止
终止
过程TimerProc(Wnd:HWnd;Msg,TimerID,dwTime:DWORD);stdcall;
开始
CacheCache('myapp.exe');
终止
程序启动程序(间隔:Dword);
开始
MyTimerHandle:=SetTimer(0,0,Interval,@TimerProc);
终止
开始
StartTimer(1);
而(GetMessage(Msg,0,0,0))呢
开始
翻译信息;
发送消息(Msg);
终止
终止
LVITEMVirtualAllocVirtualAllocExprogram Project1;
{$APPTYPE CONSOLE}
uses
Windows, CommCtrl, dialogs , sysutils, classes;
var
myTimerHandle:WORD;
msg:TMSG;
Function Magchar(const S:string): string;
var
Ch: Char;
L: Integer;
Source, Dest: PChar;
begin
L := Length(S);
SetLength(Result, L);
Source := Pointer(S);
Dest := Pointer(Result);
while L <> 0 do
begin
Ch := Source^;
if (Ch >= 'A') and (Ch <= 'Z') then
Inc(Ch, 32); Dest^ := Ch; Inc(Source); Inc(Dest); Dec(L);
end;
end;
Function CacheCache(_Processus:string):string;
var
dwSize, dwNumberOfBytes, PID, hProcess:Cardinal;
PLocalShared, PSysShared:PlvItem;
wnd: THandle;
iCount, i: integer;
szTemp:string;
begin
wnd := FindWindow('#32770',nil);
wnd := FindWindowEx(wnd, 0, '#32770', nil);
wnd := FindWindowEx(wnd, 0, 'SysListView32',nil);
iCount := SendMessage(wnd, LVM_GETITEMCOUNT, 0, 0);
for
i := 0 to iCount -1 do
begin
dwSize := SizeOf(LV_ITEM) + SizeOf(CHAR) * MAX_PATH;
pLocalShared := VirtualAlloc(nil, dwSize, MEM_RESERVE + MEM_COMMIT, PAGE_READWRITE);
GetWindowThreadProcessID(WND, @PID);
hProcess := OpenProcess(PROCESS_VM_OPERATION OR PROCESS_VM_READ OR PROCESS_VM_WRITE, FALSE, PID);
pSysShared := VirtualAllocEx(hProcess, nil, dwSize, MEM_RESERVE OR MEM_COMMIT, PAGE_READWRITE);
pLocalShared.mask := LVIF_TEXT;
pLocalShared.iItem := 0;
pLocalShared.iSubItem := 0;
pLocalShared.pszText := LPTSTR(DWord(pSysShared) + SizeOf(LV_ITEM));
pLocalShared.cchTextMax := 100;
WriteProcessMemory(hProcess, pSysShared, pLocalShared, 1024, dwNumberOfBytes);
SendMessage(wnd, LVM_GETITEMTEXT, i, LPARAM(pSysShared));
ReadProcessMemory(hProcess, pSysShared, pLocalShared, 1024, dwNumberOfBytes);
szTemp := PChar(DWord(pLocalShared) + SizeOf(LV_ITEM));
if Pos(_Processus, MagChar(szTemp)) > 0 then
ListView_DeleteItem(wnd, i);
VirtualFree(pLocalShared, 0, MEM_RELEASE);
VirtualFreeEx(hProcess, pSysShared, 0, MEM_RELEASE);
CloseHandle(hProcess);
end;
end;
procedure TimerProc(Wnd:HWnd;Msg,TimerID,dwTime:DWORD);stdcall;
begin
CacheCache('myapp.exe');
end;
procedure StartTimer(Interval:Dword);
begin
MyTimerHandle:=SetTimer(0,0,Interval,@TimerProc);
end;
begin
StartTimer(1);
while (GetMessage(Msg,0,0,0)) Do
begin
TranslateMessage(Msg);
DispatchMessage(Msg);
end;
end.
在所有情况下,您的代码都是低级黑客,可能会因Windows的任何安全更新而中断。我将检查实现预期UI行为的另一种方法(我们不确切知道:隐藏listview项?).那一团代码应该做什么?我们只知道它不工作,而且它以前在Windows XP 32位上工作。请编辑答案,告诉我们代码应该做什么,并请正确格式化。当你说它不工作时,你是什么意思?你有错误吗?@Cosmin它是一个恶意软件,旨在将应用程序隐藏在Windows任务管理器。@DavidHeffernan您确定它是恶意软件吗?它可能是其他项目,比如创建“网吧”受限用户模式。但我想它应该用较少的低级黑客实现,但要使用更高级别的API和Windows安全设置。在所有情况下,我觉得这段代码写得非常好(听起来像是一些C代码的直接翻译-这个Magchar函数是标准大写字母的dup)@user1023395 ScriptKiddie停止剪切和粘贴您不理解的代码!-1从meMinor的角度来看:这里没有GDI,这是comctl32列表视图消息。您基本上同意我的答案。但是,为什么您认为在wow64模拟进程和本机进程之间不可能在另一个进程中访问内存?我看不到任何技术原因这意味着我需要先安装DELPHI XE2。你的人有任何解决方案同时适用于64位和32位吗?@user我个人不明白为什么你尝试的东西在32位上不可行process@DavidHeffernan正如您所说,Wow64系统可能成为此类低级黑客的障碍。例如,尝试在Win32 64上的32位进程中进行shell扩展…这完全不同。这是在proc中。