ghook_noclosedll.dpr

一个delphi的使自己的进程不能被taskmgr杀掉的示范源码.

library GHook_NoCloseDLL;

uses
  GHook_API in 'GHook_API.pas',
  Windows, SysUtils;

type
  TOpenProcess = function (dwDesiredAccess: DWORD; bInheritHandle: BOOL; dwProcessId: DWORD): THandle; stdcall;

var
  APIOpenProcess: TOpenProcess;
  iHook: HHook;
  hMapObject: THandle;
  fMapFile: Pointer;

procedure CreateMapFile;
begin
  // create map file
  if hMapObject=0 then
     begin
       hMapObject:=CreateFileMapping ($FFFFFFFF, nil, page_ReadWrite, 0, 18, 'ProtectProcess');
       if hMapObject>0 then
          begin
            fMapFile:=MapViewOfFile (hMapObject, File_Map_All_Access, 0, 0, 0);
            StrCopy(PChar(fMapFile),  PChar(IntToStr(GetCurrentProcessID)));
          end;
     end;
end;

procedure FreeMapFile;
begin
  if fMapFile<>nil then UnMapViewOfFile(fMapFile);
  if hMapObject>0 then CloseHandle(hMapObject);
end;

// hook proc
function HookProc(nCode: Integer; WPARAM: wParam; LPARAM: lParam): LResult; stdcall;
begin
  Result:=0;
  // do onthing
  if nCode<0 then Result := CallNextHookEx(iHook, nCode, wParam, lParam);
end;

// our EXE calls this method to setup the hook 
procedure SetHook; stdcall;
begin
  CreateMapFile;
  iHook := SetWindowsHookEx(WH_DEBUG, @HookProc, hInstance, 0);
end;

// our EXE calls this method to unset the hook
procedure UnSetHook; stdcall;
begin
  UnHookWindowsHookEx(iHook);
  iHook:=0;
  FreeMapFile;
end;

function MyOpenProcess(dwDesiredAccess: DWORD; bInheritHandle: BOOL; dwProcessId: DWORD): THandle; stdcall;
begin
  Result:=APIOpenProcess(dwDesiredAccess, bInheritHandle, dwProcessId);
  if fMapFile<>nil then if PChar(fMapFile) = IntToStr(dwProcessId) then Result:=$FFFFFFFF; // 0
end;

procedure SetAPIHook; stdcall;
begin
  if @APIOpenProcess = nil then
     begin
       @APIOpenProcess := LocateFunctionAddress(@OpenProcess);
       RepointFunction(@APIOpenProcess, @MyOpenProcess);
     end;
end;

procedure UnSetAPIHook; stdcall;
begin
  if @APIOpenProcess <> nil then
     begin
       RepointFunction(@MyOpenProcess, @APIOpenProcess);
       @APIOpenProcess:=nil;
     end;
end;

function IsHooking: bool; stdcall;
begin
  Result:=(@APIOpenProcess<>nil) and (iHook<>0);
end;

procedure EntryPointProc(Reason: Integer);
begin
    case reason of
        DLL_PROCESS_ATTACH:
            begin
              hMapObject := OpenFileMapping(File_Map_All_Access, true, 'ProtectProcess');
              if hMapObject>0 then fMapFile := MapViewOfFile(hMapObject, File_Map_All_Access, 0, 0, 0);
              SetAPIHook;
            end;
        DLL_PROCESS_DETACH:
            begin
              UnSetAPIHook;
              FreeMapFile;
            end;
    end;
end;

exports
  SetHook, UnSetHook, SetAPIHook, UnSetAPIHook, IsHooking;

begin
  fMapFile:=nil; iHook:=0;
  DllProc := @EntryPointProc;
  EntryPointProc(DLL_PROCESS_ATTACH);
end.