- Rongsen.Com.Cn 版权所有 2008-2010 京ICP备08007000号 京公海网安备11010802026356号 朝阳网安编号:110105199号
- 北京黑客防线网安工作室-黑客防线网安服务器维护基地为您提供专业的
服务器维护
,企业网站维护
,网站维护
服务 - (建议采用1024×768分辨率,以达到最佳视觉效果) Powered by 黑客防线网安 ©2009-2010 www.rongsen.com.cn
C# 使用API屏蔽系统热键和任务管理器(2)
作者:黑客防线网安C/C++教程基地 来源:黑客防线网安C/C++教程基地 浏览次数:0 |
黑客防线网安网讯: private static extern short GetKeyState(int vKey); #endregion 方法#region 方法 /**//// <summary> /// 钩子回调函数,在这里屏蔽热键。 /// <remark> /// Auth...
private static extern short GetKeyState(int vKey);
#endregion
方法#region 方法
/**//// <summary>
/// 钩子回调函数,在这里屏蔽热键。
/// <remark>
/// Author:ZhangRongHua
/// Create DateTime: 2009-6-19 20:19
/// Update History:
/// </remark>
/// </summary>
/// <param name="nCode">The n code.</param>
/// <param name="wParam">The w param.</param>
/// <param name="lParam">The l param.</param>
/// <returns></returns>
private int KeyboardHookProc(int nCode, Int32 wParam, IntPtr lParam)
{
KeyMSG m = (KeyMSG) Marshal.PtrToStructure(lParam, typeof (KeyMSG));
if (((Keys) m.vkCode == Keys.LWin) || ((Keys) m.vkCode == Keys.RWin) ||
((m.vkCode == VK_TAB) && ((m.flags & LLKHF_ALTDOWN) != 0)) ||
((m.vkCode == VK_ESCAPE) && ((m.flags & LLKHF_ALTDOWN) != 0)) ||
((m.vkCode == VK_F4) && ((m.flags & LLKHF_ALTDOWN) != 0)) ||
(m.vkCode == VK_ESCAPE) && ((GetKeyState(VK_LCONTROL) & 0x8000) != 0) ||
(m.vkCode == VK_ESCAPE) && ((GetKeyState(VK_RCONTROL) & 0x8000) != 0)
)
{
return 1;
}
return CallNextHookEx(hKeyboardHook, nCode, wParam, lParam);
}
/**//// <summary>
/// 启动Hook,并用流屏蔽任务管理器
/// <remark>
/// Author:ZhangRongHua
/// Create DateTime: 2009-6-19 20:20
/// Update History:
/// </remark>
/// </summary>
public void HookStart()
{
if (hKeyboardHook == 0)
{
// 创建HookProc实例
KeyboardHookProcedure = new HookProc(KeyboardHookProc);
hKeyboardHook = SetWindowsHookEx(WH_KEYBOARD,
KeyboardHookProcedure,
Marshal.GetHINSTANCE(Assembly.GetExecutingAssembly().GetModules()[0]),
0);
// 如果设置钩子失败
if (hKeyboardHook == 0)
{
HookStop();
//throw new Exception("SetWindowsHookEx failedeeeeeeee.");
}
//用二进制流的方法打开任务管理器。而且不关闭流.这样任务管理器就打开不了
MyFs = new FileStream(Environment.ExpandEnvironmentVariables("%windir%\system32\taskmgr.exe"),
FileMode.Open);
byte[] MyByte = new byte[(int) MyFs.Length];
MyFs.Write(MyByte, 0, (int) MyFs.Length);
}
}
/**//// <summary>
/// 卸载hook,并关闭流,取消屏蔽任务管理器。
/// <remark>
/// Author:ZhangRongHua
/// Create DateTime: 2009-6-19 20:21
/// Update History:
/// </remark>
/// </summary>
public void HookStop()
{
bool retKeyboard = true;
if (hKeyboardHook != 0)
{
retKeyboard = UnhookWindowsHookEx(hKeyboardHook);
hKeyboardHook = 0;
}
if (null != MyFs)
{
MyFs.Close();
}
if (!(retKeyboard))
{
throw new Exception("UnhookWindowsHookEx failedsssss.");
}
}
#endregion
Nested type: KeyMSG#region Nested type: KeyMSG
public struct KeyMSG
{
public int dwExtraInfo;
public int flags;
public int scanCode;
public int time;
public int vkCode;
}
#endregion
}
}
//PS:也可以通过将[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
//下的DisableTaskmgr项的值设为"1”来屏蔽任务管理器。
#endregion
方法#region 方法
/**//// <summary>
/// 钩子回调函数,在这里屏蔽热键。
/// <remark>
/// Author:ZhangRongHua
/// Create DateTime: 2009-6-19 20:19
/// Update History:
/// </remark>
/// </summary>
/// <param name="nCode">The n code.</param>
/// <param name="wParam">The w param.</param>
/// <param name="lParam">The l param.</param>
/// <returns></returns>
private int KeyboardHookProc(int nCode, Int32 wParam, IntPtr lParam)
{
KeyMSG m = (KeyMSG) Marshal.PtrToStructure(lParam, typeof (KeyMSG));
if (((Keys) m.vkCode == Keys.LWin) || ((Keys) m.vkCode == Keys.RWin) ||
((m.vkCode == VK_TAB) && ((m.flags & LLKHF_ALTDOWN) != 0)) ||
((m.vkCode == VK_ESCAPE) && ((m.flags & LLKHF_ALTDOWN) != 0)) ||
((m.vkCode == VK_F4) && ((m.flags & LLKHF_ALTDOWN) != 0)) ||
(m.vkCode == VK_ESCAPE) && ((GetKeyState(VK_LCONTROL) & 0x8000) != 0) ||
(m.vkCode == VK_ESCAPE) && ((GetKeyState(VK_RCONTROL) & 0x8000) != 0)
)
{
return 1;
}
return CallNextHookEx(hKeyboardHook, nCode, wParam, lParam);
}
/**//// <summary>
/// 启动Hook,并用流屏蔽任务管理器
/// <remark>
/// Author:ZhangRongHua
/// Create DateTime: 2009-6-19 20:20
/// Update History:
/// </remark>
/// </summary>
public void HookStart()
{
if (hKeyboardHook == 0)
{
// 创建HookProc实例
KeyboardHookProcedure = new HookProc(KeyboardHookProc);
hKeyboardHook = SetWindowsHookEx(WH_KEYBOARD,
KeyboardHookProcedure,
Marshal.GetHINSTANCE(Assembly.GetExecutingAssembly().GetModules()[0]),
0);
// 如果设置钩子失败
if (hKeyboardHook == 0)
{
HookStop();
//throw new Exception("SetWindowsHookEx failedeeeeeeee.");
}
//用二进制流的方法打开任务管理器。而且不关闭流.这样任务管理器就打开不了
MyFs = new FileStream(Environment.ExpandEnvironmentVariables("%windir%\system32\taskmgr.exe"),
FileMode.Open);
byte[] MyByte = new byte[(int) MyFs.Length];
MyFs.Write(MyByte, 0, (int) MyFs.Length);
}
}
/**//// <summary>
/// 卸载hook,并关闭流,取消屏蔽任务管理器。
/// <remark>
/// Author:ZhangRongHua
/// Create DateTime: 2009-6-19 20:21
/// Update History:
/// </remark>
/// </summary>
public void HookStop()
{
bool retKeyboard = true;
if (hKeyboardHook != 0)
{
retKeyboard = UnhookWindowsHookEx(hKeyboardHook);
hKeyboardHook = 0;
}
if (null != MyFs)
{
MyFs.Close();
}
if (!(retKeyboard))
{
throw new Exception("UnhookWindowsHookEx failedsssss.");
}
}
#endregion
Nested type: KeyMSG#region Nested type: KeyMSG
public struct KeyMSG
{
public int dwExtraInfo;
public int flags;
public int scanCode;
public int time;
public int vkCode;
}
#endregion
}
}
//PS:也可以通过将[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
//下的DisableTaskmgr项的值设为"1”来屏蔽任务管理器。
黑客防线网安服务器维护方案本篇连接:http://www.rongsen.com.cn/show-15254-1.html
新闻栏目
| 我要申请本站:N点 | 黑客防线官网 | |
| 专业服务器维护及网站维护手工安全搭建环境,网站安全加固服务。黑客防线网安服务器维护基地招商进行中!QQ:29769479 |