全部博文(584)
分类: Windows平台
2013-01-28 17:36:04
/* 由进程名获取PID */ DWORD GetPidByProcessName(LPCTSTR pszName) { PROCESSENTRY32 pe32; HANDLE hSnapshot; hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (hSnapshot == INVALID_HANDLE_VALUE) return -1; pe32.dwSize = sizeof(PROCESSENTRY32); if( !Process32First( hSnapshot, &pe32 ) ) { CloseHandle(hSnapshot); return -1; } do { if(lstrcmpi(pe32.szExeFile, pszName) == 0) { CloseHandle(hSnapshot); return pe32.th32ProcessID; } } while ( Process32Next(hSnapshot, &pe32) ); CloseHandle(hSnapshot); return -1; } /* 禁止Win+L热键,参数bDisable表示是否禁止 */ BOOL DisableHotKey(BOOL bDisable) { UCHAR uchOrigCode[] = {0x05}; UCHAR uchHookCode[] = {0x25}; UCHAR uchReadCode[] = {0x00}; LPVOID lpReadAddress; DWORD dwPID; HANDLE hProcess; HMODULE lphModule[512]; DWORD_PTR dwReturn; DWORD dwOldProtect; INT i; //查找winlogon.exe进程PID if(!(dwPID = GetPidByProcessName(_T("winlogon.exe")))) return FALSE; //打开进程 if(!(hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPID))) return FALSE; //枚举进程模块 if(!EnumProcessModules(hProcess, lphModule, sizeof(lphModule), (LPDWORD)&dwReturn)) { CloseHandle(hProcess); return FALSE; } //进程加载基址加上偏移 lpReadAddress = (LPVOID)((LPSTR)lphModule[0] + 0x1710D); if(bDisable) { //读取原地址字节 if(!ReadProcessMemory(hProcess, lpReadAddress, uchReadCode, sizeof(uchReadCode), &dwReturn)) { CloseHandle(hProcess); return FALSE; } //判断是否是要修改的字节 for(i=0; i