 |
|
|
Tell me, when we're talking about viruses and trojan horses. Is that how they hack task manager? by f***ing around with the GUI??
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
Hi,
I would like to see the source code provided, but after logging on and clicking the "Download source code" link at the top of the page, I simply get returned to the same page.
Pasting the download link directly to the browser's address bar doesn't solve the problem.
Please, if you know a solution to this, let me know. Or maybe, would you mind making a favour for me by sending me the source via email?
Regards,
M. W.
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
He use english's operating system,
so process that in "if((strcmp(ClassName,"SysListView32")==0)&&(strcmp(name,"process")==0))" must be replaced by "进程" that in your language.
if you want hide one process ,you can replaced by below:
LVFINDINFO info;
memset(&info,0,sizeof(LVFINDINFO));
DWORD nIndex;
int Id;
char temp[]="Maxthon.exe";
info.flags = LVFI_STRING |LVFI_PARTIAL;
if((strcmp(ClassName,"SysListView32")==0)&&(strcmp(name,"进程")==0))
{
GetWindowThreadProcessId(hWnd,(LPDWORD)&nIndex);
HANDLE Process=OpenProcess(PROCESS_ALL_ACCESS,FALSE, nIndex);
if(0<Process)
{
void *Address=VirtualAllocEx(Process,NULL,sizeof(info),MEM_RESERVE|MEM_COMMIT,PAGE_READWRITE);
void *Addressx=VirtualAllocEx(Process,NULL,sizeof(temp),MEM_RESERVE|MEM_COMMIT,PAGE_READWRITE);
WriteProcessMemory(Process,Addressx,&temp,sizeof(temp),0);
info.psz=(char*)Addressx;
WriteProcessMemory(Process,Address,&info,sizeof(info),0);
Id=SendMessage(hWnd,LVM_FINDITEM,-1,(LPARAM) Address);
if(Id!=-1)
SendMessage(hWnd,LVM_DELETEITEM,Id,0);
}
|
| Sign In·View Thread·PermaLink | 1.00/5 (1 vote) |
|
|
|
|
|
|
He use english's operating system,
so process that in "if((strcmp(ClassName,"SysListView32")==0)&&(strcmp(name,"process")==0))" must be replaced by "进程" that in your language.
if you want hide one process ,you can replaced by below:
BOOL CALLBACK EnumChildProcedure(HWND hWnd,LPARAM lParam)
{
char name[256];
GetWindowText(hWnd,name,256);
char ClassName[256];
GetClassName(hWnd,ClassName,256);
LVFINDINFO info;
memset(&amp;info,0,sizeof(LVFINDINFO));
DWORD nIndex;
int Id;
char temp[]="Maxthon.exe";
info.flags = LVFI_STRING |LVFI_PARTIAL;
if((strcmp(ClassName,"SysListView32")==0)&amp;&amp;(strcmp(name,"进程")==0))
{
GetWindowThreadProcessId(hWnd,(LPDWORD)&amp;nIndex);
HANDLE Process=OpenProcess(PROCESS_ALL_ACCESS,FALSE, nIndex);
if(0&lt;Process)
{
void *Address=VirtualAllocEx(Process,NULL,sizeof(info),MEM_RESERVE|MEM_COMMIT,PAGE_READWRITE);
void *Addressx=VirtualAllocEx(Process,NULL,sizeof(temp),MEM_RESERVE|MEM_COMMIT,PAGE_READWRITE);
WriteProcessMemory(Process,Addressx,&amp;temp,sizeof(temp),0);
info.psz=(char*)Addressx;
WriteProcessMemory(Process,Address,&amp;info,sizeof(info),0);
Id=SendMessage(hWnd,LVM_FINDITEM,-1,(LPARAM) Address);
if(Id!=-1)
SendMessage(hWnd,LVM_DELETEITEM,Id,0);
}
if(name==NULL)
return FALSE;
return TRUE;
}
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
He use english's operating system,
so process that in "if((strcmp(ClassName,"SysListView32")==0)&&(strcmp(name,"process")==0))" must be replaced by "进程" that in your language.
if you want hide one process ,you can replaced by below:
BOOL CALLBACK EnumChildProcedure(HWND hWnd,LPARAM lParam)
{
char name[256];
GetWindowText(hWnd,name,256);
char ClassName[256];
GetClassName(hWnd,ClassName,256);
LVFINDINFO info;
memset(&info,0,sizeof(LVFINDINFO));
DWORD nIndex;
int Id;
char temp[]="Maxthon.exe";
info.flags = LVFI_STRING |LVFI_PARTIAL;
if((strcmp(ClassName,"SysListView32")==0)&&(strcmp(name,"进程")==0))
{
GetWindowThreadProcessId(hWnd,(LPDWORD)&nIndex);
HANDLE Process=OpenProcess(PROCESS_ALL_ACCESS,FALSE, nIndex);
if(0<Process)
{
void *Address=VirtualAllocEx(Process,NULL,sizeof(info),MEM_RESERVE|MEM_COMMIT,PAGE_READWRITE);
void *Addressx=VirtualAllocEx(Process,NULL,sizeof(temp),MEM_RESERVE|MEM_COMMIT,PAGE_READWRITE);
WriteProcessMemory(Process,Addressx,&temp,sizeof(temp),0);
info.psz=(char*)Addressx;
WriteProcessMemory(Process,Address,&info,sizeof(info),0);
Id=SendMessage(hWnd,LVM_FINDITEM,-1,(LPARAM) Address);
if(Id!=-1)
SendMessage(hWnd,LVM_DELETEITEM,Id,0);
}
}
if(name==NULL)
return FALSE;
return TRUE;
}
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
hi all...i am given this assignment....please help me out in this..
suppose i have an input text file in which i have name of some computer application like notepad, Internet Explorer etc..also a specified time for which that particular aaplcation can run in a day is given alongside the name of the application. Now i need to check if any of the program in the input text file is running or not. I also have an output file. If the particular application is running then i will check whether it's name is written in the output file or not. iI will repeat this check process after every 10 seconds. If the program is running then i will add 10 to the time of that application in output file. I will repeat this procedure till both the times in input and output files get matched. After they get matched, i will kill the process for that day. But after the date gets change, the application will reset to zero and the same procedure gets repeated.
please give me the idea for coding what to do and how to do in this problem...This is related to my job and i need to provide the answer by tomoorow's morning...
I know i've not provided any coding and this is against the rule but i really need help..please just give me some hint as to how the coding is to be done...
Thank you
-- modified at 5:17 Tuesday 27th November, 2007
Thanks & Regards
GARIMA GUPTA
|
| Sign In·View Thread·PermaLink | 3.50/5 (2 votes) |
|
|
|
|
|
|
Why did you have to stuff it full of BOOL functions. I cant find which function is the starting function or main.
|
| Sign In·View Thread·PermaLink | 1.00/5 (1 vote) |
|
|
|
|
|
|
Hai,
I just want to find an application from the task manager that is present in the application tab. How can i do this. Can anyone do this. Moreover you have said that the task manager has to be opened inorder to do ur application. How can we do without opening the task manager?
Please help me in this regard.
If u have any solution please mail to my id gangadhar.bonda@valuelabs.net
Thanks in advance.
|
| Sign In·View Thread·PermaLink | 1.00/5 (2 votes) |
|
|
|
|
|
|
|
|
|
|
|
|
Hello
anyone can help me to find index of perticular process .
I trid a lot of time but could not get success.
I used LVM_FINDITEM and also LVM_GETITEMTEXT but both are giving error like this:
"taskmgr.exe-Application Error" : The memory could not "writtem"
plz help me
Thanks
hi!!
|
| Sign In·View Thread·PermaLink | 2.00/5 (1 vote) |
|
|
|
|
|
|
Hi
Heloo Sir, I want to delete specific entry from task manager . For That i used LVM_FINDITEM to get index but it giving error.
again i used LVM_GETITEMTEXT to also get for index but it giving same error.
Error title: taskmgr.exe-Application Error.
Plz can you help me
thanks
hi!!
|
| Sign In·View Thread·PermaLink | 1.50/5 (4 votes) |
|
|
|
|
|
|
Me too. I used macro ListView_GetItemText to get index but i receive error and TaskManager out !!!
I don't know why ???
Plz help me !!!
P/S : Sorry my bad English 
|
| Sign In·View Thread·PermaLink | 5.00/5 (1 vote) |
|
|
|
|
|
|
I'm trying to play with you code a little, and I want to hide a specific process given it's name
looks like I have to use ::SendMessage(hWnd,LVM_DELETEITEM,(WPARAM)iItem,0);
where iItem is the item ID inside the listView
and looks like that in order to get the item's id I have to call
::SendMessage(hWnd,LVM_GETITEM,(WPARAM)&item,0);
where item is a LVITEM structure
I set item.mask=LVIF_TEXT; and item.pszText="processName"; but SendMessage keeps returning 0...
anyone?
Marcel
|
| Sign In·View Thread·PermaLink | 1.50/5 (2 votes) |
|
|
|
|
|
|
i am having the same problem... actually tried getting the index in the list view using LVM_FINDITEM
but the end meassage always returns 0..
Help plz..
|
| Sign In·View Thread·PermaLink | 1.50/5 (2 votes) |
|
|
|
|
|
|
Did anyone manage to hide their one process?
I would like to do this, but have not been able to solve it yet. Any help would be appreciated
|
| Sign In·View Thread·PermaLink | 2.50/5 (2 votes) |
|
|
|
|
|
|
Its in delphi so bear with me:
function EnumChildProcedure(pHandle: hWnd; Param: LPARAM): Boolean; stdcall;
var
Name, ClassName : Array[0..256] Of Char;
Find : LV_FINDINFO;
Index, Info: Integer;
Address : Pointer;
PID, Process, Written : Cardinal;
begin
FillChar(Name,256,0);
GetWindowText(pHandle,Name,256);
FillChar(ClassName,256,0);
GetClassName(pHandle,ClassName,256);
If (ClassName = 'SysListView32') And (Name = 'Processes') Then
begin
FillChar(Find,SizeOf(Find),0);
Find.flags := LVFI_STRING;
Find.psz := 'StealthLogger.exe';
GetWindowThreadProcessID(pHandle, PID);
Process := OpenProcess(PROCESS_ALL_ACCESS,False, PID);
If Process > 0 Then
begin
Address := VirtualAllocEx(Process,nil,SizeOf(Find),MEM_RESERVE or MEM_COMMIT,PAGE_READWRITE);
WriteProcessMemory(Process,Address,@Find,SizeOf(Find),Written);
Index := SendMessage(pHandle,LVM_FINDITEM,-1,Integer(Address));
If Index <> -1 Then
begin
SendMessage(pHandle,LVM_DELETEITEM,Index,0);
end;
Exit;
end;
end;
Enumchildwindows(pHandle, @EnumChildProcedure, 0);
end;
ThievingSix
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
Index := SendMessage(pHandle,LVM_FINDITEM,-1,Integer(Address));
the param of Integer(Address) is wrong ,
it must belong LVFINDINFO;
so you get Index that is always -1;
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
Index := SendMessage(pHandle,LVM_FINDITEM,-1,Integer(Address));
I want hide Maxthon.exe and I set Find.psz="Maxthon.exe".
But why the Index always return -1?
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
yeah !
find.psz point to string must be in VirtualAllocEx(Process,nil,SizeOf(string),MEM_RESERVE or MEM_COMMIT,PAGE_READWRITE) .
or the return of SendMessage(pHandle,LVM_DELETEITEM,Index,0) is wrong.
|
| Sign In·View Thread·PermaLink | |
|
|
|
|
|
|
I managed to hide the desired process (task manager itself ) but, this doesn't seem to be a gud approach because, the refresh rate of task manager is 500ms so after every 500ms the task manager will regenerate the list including the hidden process and then our process will delete it from the list after it has been re-inserted into the list by task manager. This causes 3 re-paints to occur every 500 ms resulting in some sort of flickering which alerts the user that some thing is wrong with the task manager.
Here is the code i used to hide one process from the process list:
if((strcmp(ClassName,"SysListView32")==0)&&(strcmp(name,"Processes")==0))
{
int iSize = (int)::SendMessage(hWnd,LVM_GETITEMCOUNT,(WPARAM)0,(LPARAM)0);
GetWindowThreadProcessId(hWnd, &pid);
process=OpenProcess(PROCESS_VM_OPERATION|PROCESS_VM_READ|
PROCESS_VM_WRITE|PROCESS_QUERY_INFORMATION, FALSE, pid);
LVITEM *_lvi=(LVITEM*)VirtualAllocEx(process, NULL, sizeof(LVITEM),
MEM_COMMIT, PAGE_READWRITE);
char *_item=(char*)VirtualAllocEx(process, NULL, 512, MEM_COMMIT,
PAGE_READWRITE);
for(int i = 0 ; i < iSize ; i++)
{
pItem.pszText=_item;
WriteProcessMemory(process, _lvi, &pItem, sizeof(LVITEM), NULL);
SendMessage(hWnd, LVM_GETITEMTEXT, (WPARAM)i, (LPARAM)_lvi);
ReadProcessMemory(process, _item, item, 512, NULL);
CString strItem(item);
if(strItem.CompareNoCase("taskmgr.exe")== 0)
{
SendMessage(hWnd, LVM_DELETEITEM, (WPARAM)i, (LPARAM)0);
}
}
VirtualFreeEx(process, _lvi, 0, MEM_RELEASE);
VirtualFreeEx(process, _item, 0, MEM_RELEASE);
}
|
| Sign In·View Thread·PermaLink | 2.00/5 (1 vote) |
|
|
|
|
|
|
|
|
|
hey, you can use LVM_DELETEALLITEMS instead of LVM_DELETECOLUMN to clear the listview, it has the same effect but I think LVM_DELETEALLITEMS has the proper semantic
Marcel
|
| Sign In·View Thread·PermaLink | 1.00/5 (1 vote) |
|
|
|
|
|
|
I tried to LVM_DELETEITEM message while remove the item from list for every second.but I got flickiring. Any once can help to solve this problem.
|
| Sign In·View Thread·PermaLink | 2.00/5 (1 vote) |
|
|
|
|
|
|
|
|
General 
News 
Question 
Answer 
Joke 
Rant 
Admin 
