frmmain.frm

好好的 好好的 好好的 好好的 好好的 好好的 好好的 好好的 好好的

VERSION 5.00
Object = "{8D1D9FC1-B5FE-46AA-9EB9-75EBE180BFF4}#1.0#0"; "HookAPIs.ocx"
Begin VB.Form frmMain 
   BorderStyle     =   1  'Fixed Single
   Caption         =   "NoTerminateProcess"
   ClientHeight    =   885
   ClientLeft      =   45
   ClientTop       =   435
   ClientWidth     =   3255
   LinkTopic       =   "Form1"
   MaxButton       =   0   'False
   MinButton       =   0   'False
   ScaleHeight     =   885
   ScaleWidth      =   3255
   StartUpPosition =   3  'Windows Default
   Begin VB.Timer Timer1 
      Left            =   45
      Top             =   405
   End
   Begin VB.TextBox Text1 
      Height          =   285
      Left            =   630
      TabIndex        =   1
      Text            =   "Text1"
      Top             =   90
      Width           =   1950
   End
   Begin VB.CommandButton Command1 
      Caption         =   "Hook"
      Height          =   330
      Left            =   495
      TabIndex        =   0
      Top             =   495
      Width           =   2265
   End
   Begin HookAPIs.HookAPI HookAPI1 
      Left            =   2655
      Top             =   135
      _ExtentX        =   979
      _ExtentY        =   794
   End
End
Attribute VB_Name = "frmMain"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Option Explicit

Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hWnd As Long, lpdwProcessId As Long) As Long
Private Declare Function GetCurrentProcessId Lib "kernel32" () As Long

Dim MePID As Long

Private Sub Command1_Click()
    Static lHookIndex As Long
    
    If Command1.Tag = "1" Then
        Command1.Caption = "Hook"
        Command1.Tag = "0"
        HookAPI1.Unhook lHookIndex
    Else
        With HookAPI1
            Dim PID As Long
            
            GetWindowThreadProcessId FindWindow(vbNullString, "Windows 任务管理器"), PID
            .SetTargetTo PID
            lHookIndex = .Hook("taskmgr.exe", "kernel32.dll", "TerminateProcess")
'            lHookIndex = .Hook("taskmgr.exe", "kernel32.dll", "OpenProcess")
            Debug.Print "lHookIndex = " & lHookIndex
            If lHookIndex <> -1 Then
                Command1.Caption = "UnHook"
                Command1.Tag = "1"
            End If
        End With
    End If
End Sub

Private Sub Form_Load()
    MePID = GetCurrentProcessId
    Text1.Text = MePID
End Sub

Private Sub HookAPI1_AfterAction(ByVal sAPIName As String, ByVal fBlocked As Boolean, lRetValue As Long)
    Select Case sAPIName
        Case "TerminateProcess"
            If fBlocked = True Then
                lRetValue = 0
            End If
    End Select
End Sub

Private Sub HookAPI1_BeforeAction(ByVal sAPIName As String, ByVal lpArgs As Long, fBlock As Boolean, lArgCount As Long)
    Dim alArgs() As Long
    Dim tmpI As String
    
    HookAPI1.GetArguments alArgs, 16
    tmpI = HookAPI1.Array2Str(alArgs, 4, 4)
    Select Case sAPIName
        Case "TerminateProcess"
            If InStr(tmpI, Hex(MePID)) > 0 Then
                fBlock = True           '吃掉
                lArgCount = 2           'TerminateProcess有两个参数
            End If
        Case "OpenProcess"
            If InStr(tmpI, Hex(MePID)) > 0 Then
                fBlock = True           '吃掉
                lArgCount = 3           'OpenProcess有三个参数
            End If
    End Select
End Sub

Private Sub Timer1_Timer()
    
End Sub