📄 fuckedup.cs
字号:
using System;
using System.Runtime.InteropServices;
using System.Diagnostics;
namespace LicenseManage.BaseClasses
{
using System.Threading;
using Microsoft.VisualBasic;
using Theft;
class FuckedUP
{
public static void FindAndKillButtons() //ArrayList badstuff
{
IntPtr handleToolBar = GetToolbarWindowHandle(); //get toolbar handle
UInt32 count = User32.SendMessage(handleToolBar, TB.BUTTONCOUNT, 0, 0); //get the button count from the toolbar tray
if (Program._Debug_msges && Program._Debug_msges2)
Console.WriteLine("ToolTips at ToolBar DOWN! :: " + count);
for (int i = 0; i <= count; i++) //foreach button icon in toolbar..
{
var text = String.Empty;
var ipWindowHandle = IntPtr.Zero;
if (IntPtr.Size == 8)
{
{
var tbButton1 = new TBBUTTONx64(); // structure for TBBUTTONx64
bool b = GetTBButton(handleToolBar, i, ref tbButton1, ref text, ref ipWindowHandle);
if (Program._Debug_msges && Program._Debug_msges2)
Console.WriteLine(" GetTBButton x64 function returned " + b + " for " + i + "button No.");
}
}
else
{
{
var tbButton2 = new TBBUTTON(); // structure for TBBUTTON
bool b = GetTBButton(handleToolBar, i, ref tbButton2, ref text, ref ipWindowHandle);
if (Program._Debug_msges && Program._Debug_msges2)
Console.WriteLine(" GetTBButton x86 function returned " + b + " for " + i +
"button No.");
}
}
//test.Add(text);
uint pid;
//get the process id from the Button ToolBar, usually explorer.exe
User32.GetWindowThreadProcessId(ipWindowHandle, out pid);
int pid_ = (int) pid;
text = text.ToLower();
if(text.Length>0)
for (int i1 = 0; i1 < KeyGuard.badtooltips.Count; i1++)
{
string badtooltip = KeyGuard.badtooltips[i1].ToString();
if (text.IndexOf(badtooltip.ToLower()) >= 0)
{
//IntPtr hProcess = Kernel32.OpenProcess(ProcessRights.ALL_ACCESS, false, pid);
//pure Windows API Terminate Process. No dll unload, not nice way..but only way.
//Kernel32.TerminateProcess(hProcess, 0);
//Kernel32.CloseHandle(hProcess);
try
{
KillOpeRatiOn objContainer = new KillOpeRatiOn((int)pid);
Thread objThread = new Thread(objContainer.killProcessNET) { IsBackground = true };
objThread.Start();
}
catch (Exception e)
{
if (Program._Debug_msges && Program._Debug_msges2)
Console.WriteLine("Something is Wrong with the killProcessNET() , that kills the bad processes... " + Environment.NewLine + e.Message);
}
//Interaction.Shell("cmd /C TASKKILL /PID " + pid_ + " /F", AppWinStyle.Hide, true, -1);
if (Program._Debug_msges && Program._Debug_msges2)
{
Process localById = Process.GetProcessById(pid_);
Console.WriteLine(localById.ProcessName + " is killed because i found :" +
badtooltip + " in it as :" + text);
}
}
}
if (text.Length > 0)
if (Program._Debug_msges && Program._Debug_msges2)
{
Console.WriteLine(ipWindowHandle + " ipWindowHandle ");
Console.WriteLine("process ID :: " + pid);
Console.WriteLine("Process Name :: " + Process.GetProcessById((int) pid).ProcessName);
//Console.WriteLine(handleToolBar + " handleToolBar");
//Console.WriteLine(tbButton + " tbButton");
Console.WriteLine(text + "text");
}
}
}
private static unsafe bool GetTBButton(IntPtr hToolbar, int i, ref TBBUTTONx64 tbButton1, ref string text, ref IntPtr ipWindowHandle)
{
// One page
const int BUFFER_SIZE = 0x1000;
var localBuffer = new byte[BUFFER_SIZE];
UInt32 processId;
//The return value is the identifier of the thread that created the window.
//UInt32 threadId =
User32.GetWindowThreadProcessId(hToolbar, out processId);
//If the function succeeds, the return value is an open handle to the specified process
IntPtr hProcess = Kernel32.OpenProcess(ProcessRights.ALL_ACCESS, false, processId);
//if (hProcess == IntPtr.Zero){ Debug.Assert(false); return false;}
//Reserves or commits a region of memory within the virtual address space of a specified process.
//The function initializes the memory it allocates to zero, unless MEM_RESET is used.
IntPtr ipRemoteBuffer = Kernel32.VirtualAllocEx(hProcess, IntPtr.Zero, new UIntPtr(BUFFER_SIZE),
MemAllocationType.COMMIT, MemoryProtection.PAGE_READWRITE);
//if (ipRemoteBuffer == IntPtr.Zero){Debug.Assert(false); return false;}
// TBButton
// Deikths se mia Domh dedomenon h opoia pernei times apo thn 8esh mnimis tou &tbButton.
// pTBButton einai o deikths mas k ta data tou einai sto &tbButton , ta opoia ta pernei apo thn ipTBButton,
// otan auth gemizei apo to ReadProcessMemory.
fixed (TBBUTTONx64* pTBButton = &tbButton1)
{
var ipTBButton = new IntPtr(pTBButton);
//fixed (TRAYDATA* ptRayButtonData = &tRayButtonData)
//{
//var iptRayButtonData = new IntPtr(ptRayButtonData);
//gets the text from tooltip , for 'i' , returns 0 if failed , 1 if succeeds.
var b = (int)User32.SendMessage(hToolbar, TB.GETBUTTON, (IntPtr)i, ipRemoteBuffer);
if (b == 1)
{
//{ Debug.Assert(false); return false;} // this is fixed
if (Program._Debug_msges && Program._Debug_msges2)
Console.WriteLine("TB.GETBUTTON =" + b);
Kernel32.ReadProcessMemory(hProcess, ipRemoteBuffer, ipTBButton,new UIntPtr((uint)sizeof(TBBUTTON)), IntPtr.Zero);
//NOTE : EDO EINAI O SOSTOS KODIKAS GIA NA DIABAZO TO DWDATA APO ENA PROCESS ,
//NOTE : DEN MOU XREIASTIKE EDO, TO EKANA ALLIOS
//Console.WriteLine(tbButton.dwData + " dwData");
//bool b2_1 = Kernel32.ReadProcessMemory(hProcess, (IntPtr)tbButton.dwData, iptRayButtonData,
// new UIntPtr((uint)sizeof(TRAYDATA)), IntPtr.Zero);
//if (Program._Debug_msges)
// Console.WriteLine("TB.GETBUTTON =" + b2 + b2_1);
//uint test;
//User32.GetWindowThreadProcessId(ptRayButtonData->hwnd, out test);
//Console.WriteLine(test + "EDO EINAI TO ID");
//NOTE : EOS EDO EINAI .
//int size = Marshal.SizeOf(typeof(TBBUTTON));
//IntPtr pnT = Marshal.AllocHGlobal(size);
//Marshal.StructureToPtr(tbButton, pnT, true);
//'int', $procHandle[0], 'int', $lpData[0], 'ptr', DllStructGetPtr($TBBUTTON2), 'int', DllStructGetSize( $TBBUTTON), 'int', $bytesRead)
//'int', $procHandle[0], 'int',DllStructGetData($TBBUTTON2,7), 'int', DllStructGetPtr($intTip), 'int', DllStructGetSize( $intTip), 'int', 0)
//Int32 dwBytesRead = 0;
//var ipBytesRead = new IntPtr(&dwBytesRead);
//TBBUTTON test;
//test = (TBBUTTON)Marshal.PtrToStructure(ipTBButton, typeof(TBBUTTON));
//ReadData reads back data from memory in the foreign process
//BOOL ReadData(T* data)
//{
// return (m_hProcess && m_lpData) ? ReadProcessMemory(m_hProcess, m_lpData,
// (LPVOID)data, sizeof T, NULL) : FALSE;
//}
//::SendMessage(m_hTrayWnd, TB_GETBUTTON, i, (LPARAM)data.GetData());
//data.ReadData(&tb);
//data.ReadData<TRAYDATA>(&tray,(LPCVOID)tb.dwData);
////Templated ReadData that's used to read a specific data type from
////a memory address located in the foreign process
//template<typename TSUBTYPE> BOOL ReadData(TSUBTYPE* data, LPCVOID lpData)
//{
// return m_hProcess ? ReadProcessMemory(m_hProcess, lpData,
// (LPVOID)data, sizeof TSUBTYPE, NULL) : FALSE;
//}
//DWORD dwProcessId = 0;
//GetWindowThreadProcessId(tray.hwnd,&dwProcessId);
//tifo.sProcessPath = GetFilenameFromPid(dwProcessId);
//if (!b2) { Debug.Assert(false); return false; }
}
}
// button text
fixed (byte* pLocalBuffer = localBuffer)
{
var ipLocalBuffer = new IntPtr(pLocalBuffer);
var chars = (int)User32.SendMessage(hToolbar, TB.GETBUTTONTEXTW, (IntPtr)tbButton1.idCommand, ipRemoteBuffer);
//if (chars == -1) { Debug.Assert(false); return false; }
if (chars > 2)
{
// this is fixed
//Int32 dwBytesRead = 0;
//var ipBytesRead = new IntPtr(&dwBytesRead);
Kernel32.ReadProcessMemory(hProcess, ipRemoteBuffer, ipLocalBuffer,
new UIntPtr(BUFFER_SIZE), IntPtr.Zero);
//if (!b4)
//{
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -