1,488
社区成员
发帖
与我相关
我的任务
分享进程的系统结构问题?
具体代码见
http://www.pc-soft.cn/blogview.asp?logID=30&cateID=14
Public Sub HideCurrentProcess()
'在进程列表中隐藏当前应用程序进程
Dim thread As Long, process As Long, fw As Long, bw As Long
Dim lOffsetFlink As Long, lOffsetBlink As Long, lOffsetPID As Long
verinfo.dwOSVersionInfoSize = Len(verinfo)
If (GetVersionEx(verinfo)) <> 0 Then
If verinfo.dwPlatformId = 2 Then
If verinfo.dwMajorVersion = 5 Then
select Case verinfo.dwMinorVersion
Case 0
lOffsetFlink = &HA0
lOffsetBlink = &HA4
lOffsetPID = &H9C
Case 1
lOffsetFlink = &H88
lOffsetBlink = &H8C
lOffsetPID = &H84
End select
End If
End If
End If
If OpenPhysicalMemory <> 0 Then
thread = GetData(&HFFDFF124)
process = GetData(thread + &H44)
print process
fw = GetData(process + lOffsetFlink)
print fw
bw = GetData(process + lOffsetBlink)
print bw
SetData fw + 4, bw
SetData bw, fw
CloseHandle g_hMPM
End If
End Sub
为什么bw,fw的值与process一样啊?
http://www.pc-soft.cn/blogview.asp?logID=30&cateID=14
Public Sub HideCurrentProcess()
'在进程列表中隐藏当前应用程序进程
Dim thread As Long, process As Long, fw As Long, bw As Long
Dim lOffsetFlink As Long, lOffsetBlink As Long, lOffsetPID As Long
verinfo.dwOSVersionInfoSize = Len(verinfo)
If (GetVersionEx(verinfo)) <> 0 Then
If verinfo.dwPlatformId = 2 Then
If verinfo.dwMajorVersion = 5 Then
select Case verinfo.dwMinorVersion
Case 0
lOffsetFlink = &HA0
lOffsetBlink = &HA4
lOffsetPID = &H9C
Case 1
lOffsetFlink = &H88
lOffsetBlink = &H8C
lOffsetPID = &H84
End select
End If
End If
End If
If OpenPhysicalMemory <> 0 Then
thread = GetData(&HFFDFF124)
process = GetData(thread + &H44)
print process
fw = GetData(process + lOffsetFlink)
print fw
bw = GetData(process + lOffsetBlink)
print bw
SetData fw + 4, bw
SetData bw, fw
CloseHandle g_hMPM
End If
End Sub
为什么bw,fw的值与process一样啊?
...全文
请发表友善的回复…
发表回复
wangfs111222 2006-10-15
- 打赏
- 举报
我的操作系统是xpsp2,调用函数后的结果是:
process:F000E819
fw:F000E819
bw:F000E819
process:F000E819
fw:F000E819
bw:F000E819
happy_sea 2006-10-15
- 打赏
- 举报
这个代码先对系统版本进行了判断并进行不同处理:
在2000系统中,verinfo.dwMajorVersion = 5 ,verinfo.dwMinorVersion=0,此时:
lOffsetFlink = &HA0
lOffsetBlink = &HA4
lOffsetPID = &H9C
在XP系统中,verinfo.dwMajorVersion = 5 ,verinfo.dwMinorVersion=1,此时:
lOffsetFlink = &H88
lOffsetBlink = &H8C
lOffsetPID = &H84
在2000以下系统中,verinfo.dwMajorVersion <> 5 ,此时:
lOffsetFlink = 0
lOffsetBlink = 0
lOffsetPID = 0
。。。
在2000系统中,verinfo.dwMajorVersion = 5 ,verinfo.dwMinorVersion=0,此时:
lOffsetFlink = &HA0
lOffsetBlink = &HA4
lOffsetPID = &H9C
在XP系统中,verinfo.dwMajorVersion = 5 ,verinfo.dwMinorVersion=1,此时:
lOffsetFlink = &H88
lOffsetBlink = &H8C
lOffsetPID = &H84
在2000以下系统中,verinfo.dwMajorVersion <> 5 ,此时:
lOffsetFlink = 0
lOffsetBlink = 0
lOffsetPID = 0
。。。
kmlxk0 2006-10-15
- 打赏
- 举报
系统的版本如果不是 Windows2k/xp 的话,lOffsetFlink 、lOffsetBlink 为0
参考其他系统的EPROCESS结构,给定正确的偏移量
参考其他系统的EPROCESS结构,给定正确的偏移量
