/*
* 功 能:进程防杀
*
*/
using System;
using System.Text;
using System.Runtime.InteropServices;
namespace KProtectProcess
{
public class KProcess : IDisposable
{
bool isDisposed = false;
public bool IsDisposed
{
get { return isDisposed; }
}
bool isStart;
static uint _SelfProcessID = 0;
public static uint SelfProcessID
{
get
{
return _SelfProcessID;
}
}
private delegate void SETPID(uint iPID);
private static IntPtr iHookProcedure = IntPtr.Zero;
~KProcess()
{
this.Dispose(false);
}
private const int WH_GETMESSAGE = 3;
private const string KFILE_NAME = "NKCore.dll";
public delegate int HookProc(int nCode, Int32 wParam, IntPtr lParam);
[DllImport("kernel32.dll", CallingConvention = CallingConvention.StdCall)]
private static extern IntPtr LoadLibrary(string sComName);
[DllImport("user32.dll", CallingConvention = CallingConvention.StdCall)]
private static extern IntPtr SetWindowsHookEx(int idHook, HookProc lpfn, IntPtr pInstance, int threadId);
[DllImport("user32.dll", CallingConvention = CallingConvention.StdCall)]
private static extern bool UnhookWindowsHookEx(IntPtr pHookHandle);
[DllImport("kernel32", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)]
private static extern SETPID GetProcAddress(IntPtr hModule, string procName);
[DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern uint GetCurrentProcessId();
public bool SelfProtection()
{
if (CheckFileExist())
{
IntPtr pInstance = LoadLibrary(KFILE_NAME);
SETPID pGPA = (SETPID)GetProcAddress(pInstance, "SetPID");
if (pGPA == null)
{
return false;
}
pGPA(GetCurrentProcessId());
HookProc HookProcedure = (HookProc)Win32API.GetProcAddress(pInstance, "MsgProc");
iHookProcedure = SetWindowsHookEx(WH_GETMESSAGE, HookProcedure, pInstance, 0);
if (iHookProcedure != null)
{
this.isStart = true;
return true;
}
}
return false;
}
public bool UnLoadProtection()
{
this.isStart = false;
return UnhookWindowsHookEx(iHookProcedure);
}
private bool CheckFileExist()
{
if (!System.IO.File.Exists(AppDomain.CurrentDomain.BaseDirectory + "\\" + KFILE_NAME))
{
throw new Exception("没有找到VC++核心库函数NKCore.dll,请把NKCore.dll动态链接库与该动态链接库放置一个目录!");
}
return true;
}
#region IDisposable 成员
public void Dispose()
{
this.Dispose(true);
GC.SuppressFinalize(this);
}
public void Dispose(bool isDisposing)
{
if (this.isDisposed)
return;
if (isDisposing && isStart)
this.UnLoadProtection();
}
#endregion
class Win32API
{
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true, ExactSpelling = true)]
public static extern KProcess.HookProc GetProcAddress(IntPtr hModule, string procName);
}
}
}
应用
public partial class Form1 : Form
{
KProcess k;
public Form1()
{
InitializeComponent();
k = new KProcess();
}
private void button1_Click(object sender, EventArgs e)
{
if (k.SelfProtection())
MessageBox.Show("保护成功!");
}
private void button2_Click(object sender, EventArgs e)
{
if (k.UnLoadProtection())
MessageBox.Show("已停止保护");
}
protected override void OnFormClosing(FormClosingEventArgs e)
{
if (k != null && !k.IsDisposed)
k.Dispose();
}
}