bestimmte Tasten Sperren.

**nat**

ich glaube strg+alt+entf (und auch alt+tab) kann man nicht so einfach sperren.
vll hilft es dir aber ja, wenn du dein programm aus der liste im taskmanager
entfernst. mit folgendem code kannste das bewerkstelligen (habe ich nicht selber
geschrieben, sondern ma irgendwo gefunden - funzt aber).
is wieder ne dll.

zusammenfalten · markieren

Delphi-Quellcode:

			library HideProcessNT;

uses

  Windows,tlhelp32,ImageHlp,SysUtils;

var

  hmap: THandle;

  hFirstMapHandle:THandle;

type

  SYSTEM_INFORMATION_CLASS = (SystemBasicInformation, SystemProcessorInformation, SystemPerformanceInformation,

    SystemTimeOfDayInformation, SystemNotImplemented1, SystemProcessesAndThreadsInformation, SystemCallCounts,

    SystemConfigurationInformation, SystemProcessorTimes, SystemGlobalFlag, SystemNotImplemented2, SystemModuleInformation,

    SystemLockInformation, SystemNotImplemented3, SystemNotImplemented4, SystemNotImplemented5,

    SystemHandleInformation, SystemObjectInformation, SystemPagefileInformation,

    SystemInstructionEmulationCounts, SystemInvalidInfoClass1, SystemCacheInformation,

    SystemPoolTagInformation, SystemProcessorStatistics, SystemDpcInformation,

    SystemNotImplemented6, SystemLoadImage, SystemUnloadImage, SystemTimeAdjustment,

    SystemNotImplemented7, SystemNotImplemented8, SystemNotImplemented9,

    SystemCrashDumpInformation, SystemExceptionInformation, SystemCrashDumpStateInformation,

    SystemKernelDebuggerInformation, SystemContextSwitchInformation, SystemRegistryQuotaInformation,

    SystemLoadAndCallImage, SystemPrioritySeparation, SystemNotImplemented10, SystemNotImplemented11,

    SystemInvalidInfoClass2, SystemInvalidInfoClass3, SystemTimeZoneInformation,

    SystemLookasideInformation, SystemSetTimeSlipEvent, SystemCreateSession, SystemDeleteSession, SystemInvalidInfoClass4,

    SystemRangeStartInformation, SystemVerifierInformation, SystemAddVerifier, SystemSessionProcessesInformation

  );

  PFARPROC = ^FARPROC;

  _IMAGE_IMPORT_DESCRIPTOR = packed record

    case Integer of

      0:(Characteristics: DWORD);

      1:(OriginalFirstThunk: DWORD; TimeDateStamp: DWORD; ForwarderChain: DWORD; Name: DWORD; FirstThunk: DWORD);

  end;

  IMAGE_IMPORT_DESCRIPTOR = _IMAGE_IMPORT_DESCRIPTOR;

  PIMAGE_IMPORT_DESCRIPTOR = ^IMAGE_IMPORT_DESCRIPTOR;

procedure RedirectIAT(pszCallerModName: Pchar; pfnCurrent: FarProc; pfnNew: FARPROC; hmodCaller: hModule);

var

  ulSize: ULONG;

  pImportDesc: PIMAGE_IMPORT_DESCRIPTOR;

  pszModName: PChar;

  pThunk: PDWORD;

  ppfn:PFARPROC;

  ffound: LongBool;

  written: DWORD;

begin

  pImportDesc:= ImageDirectoryEntryToData(Pointer(hmodCaller), TRUE,IMAGE_DIRECTORY_ENTRY_IMPORT, ulSize);

  if pImportDesc = nil then exit;

  while pImportDesc.Name<>0 do

  begin

    pszModName := PChar(hmodCaller + pImportDesc.Name);

    if (lstrcmpiA(pszModName, pszCallerModName) = 0) then break;

    Inc(pImportDesc);

  end;

  if (pImportDesc.Name = 0) then exit;

  pThunk := PDWORD(hmodCaller + pImportDesc.FirstThunk);

  while pThunk^<>0 do

  begin

    ppfn := PFARPROC(pThunk);

    fFound := (ppfn^ = pfnCurrent);

    if (fFound) then

    begin

      VirtualProtectEx(GetCurrentProcess,ppfn,4,PAGE_EXECUTE_READWRITE,written);

      WriteProcessMemory(GetCurrentProcess, ppfn, @pfnNew, sizeof(pfnNew), Written);

      exit;

    end;

    Inc(pThunk);

  end;

end;

var

  addr_NtQuerySystemInformation: Pointer;

  mypid: DWORD;

  fname: PCHAR;

  mapaddr: PDWORD;

  hideOnlyTaskMan: PBOOL;

function myNtQuerySystemInfo(SystemInformationClass: SYSTEM_INFORMATION_CLASS; SystemInformation: Pointer;

  SystemInformationLength:ULONG; ReturnLength:PULONG):LongInt; stdcall;

label lop, nextpid, exit, fillzero;

asm

  push ReturnLength

  push SystemInformationLength

  push SystemInformation

  push dword ptr SystemInformationClass

  call dword ptr [addr_NtQuerySystemInformation]

  or eax,eax

  jl exit

  cmp SystemInformationClass, SystemProcessesAndThreadsInformation

  jne exit

lop:

  mov esi, SystemInformation

nextpid:

  mov ebx, esi

  cmp dword ptr [esi],0

  je exit

  add esi, [esi]

  mov ecx, [esi+44h]

  cmp ecx, mypid

  jne nextpid

  mov edx, [esi]

  test edx, edx

  je fillzero

  add [ebx], edx

  jmp lop

fillzero:

  and [ebx], edx

  jmp lop

exit:

  mov Result, eax

end;

procedure FuncIncept;

var

  hSnapShot: THandle;

  me32: MODULEENTRY32;

begin

  addr_NtQuerySystemInformation := GetProcAddress(getModuleHandle('ntdll.dll'),'NtQuerySystemInformation');

  hSnapShot := CreateToolHelp32SnapShot(TH32CS_SNAPMODULE,GetCurrentProcessId);

  if hSnapshot = INVALID_HANDLE_VALUE then exit;

  try

    ZeroMemory(@me32,sizeof(MODULEENTRY32));

    me32.dwSize:=sizeof(MODULEENTRY32);

    Module32First(hSnapShot,me32);

    repeat

      RedirectIAT('ntdll.dll',addr_NtQuerySystemInformation,@MyNtQuerySystemInfo,me32.hModule);

    until not Module32Next(hSnapShot,me32);

  finally

    CloseHandle(hSnapShot);

  end;

end;

procedure FreeFunc;

var

  hSnapShot: THandle;

  me32: MODULEENTRY32;

begin

  addr_NtQuerySystemInformation:=GetProcAddress(getModuleHandle('ntdll.dll'),'NtQuerySystemInformation');

  hSnapShot:=CreateToolHelp32SnapShot(TH32CS_SNAPMODULE,GetCurrentProcessId);

  if hSnapshot=INVALID_HANDLE_VALUE then exit;

  try

    ZeroMemory(@me32,sizeof(MODULEENTRY32));

    me32.dwSize:=sizeof(MODULEENTRY32);

    Module32First(hSnapShot,me32);

    repeat

      RedirectIAT('ntdll.dll',@MyNtQuerySystemInfo,addr_NtQuerySystemInformation,me32.hModule);

    until not Module32Next(hSnapShot,me32);

  finally

    CloseHandle(hSnapShot);

  end;

end;

var

  HookHandle: THandle;

function CbtProc(code: integer; wparam: integer; lparam: integer):Integer; stdcall;

begin

  Result:=0;

end;

procedure AttachHook; stdcall;

begin

  HookHandle := SetWindowsHookEx(WH_CBT, @CbtProc, HInstance, 0);

end;

procedure LibraryProc(Reason: Integer);

begin

  if Reason = DLL_PROCESS_DETACH then

    if mypid > 0 then

      FreeFunc()

    else

      CloseHandle(hFirstMapHandle);

end;

function HideNtProcess(pid:DWORD):BOOL; stdcall;

var

  addrMap: PDWORD;

  ptr2: PBOOL;

  OnlyBlindTaskmgr: BOOL;

begin

  mypid:=0;

  result:=false;

  OnlyBlindTaskmgr:=False;

  hFirstMapHandle:=CreateFileMapping($FFFFFFFF,nil,PAGE_READWRITE,0,8,'NtHideFileMapping');

  if hFirstMapHandle=0 then exit;

  addrMap:=MapViewOfFile(hFirstMapHandle,FILE_MAP_WRITE,0,0,8);

  if addrMap=nil then

  begin

    CloseHandle(hFirstMapHandle);

    exit;

  end;

  addrMap^:=pid;

  ptr2:=PBOOL(DWORD(addrMap)+4);

  ptr2^:=OnlyBlindTaskmgr;

  UnmapViewOfFile(addrMap);

  AttachHook;

  result:=true;

end;

exports

  HideNtProcess;

begin

  hmap:=OpenFileMapping(FILE_MAP_READ,false,'NtHideFileMapping');

  if hmap=0 then exit;

  try

    mapaddr:=MapViewOfFile(hmap,FILE_MAP_READ,0,0,0);

    if mapaddr=nil then exit;

    mypid:=mapaddr^;

    hideOnlyTaskMan:=PBOOL(DWORD(mapaddr)+4);

    if hideOnlyTaskMan^ then

    begin

      fname:=allocMem(MAX_PATH+1);

      GetModuleFileName(GetModuleHandle(nil),fname,MAX_PATH+1);

      if not (ExtractFileName(fname)='taskmgr.exe') then exit;

    end;

    FuncIncept;

  finally

    UnmapViewOfFile(mapaddr);

    CloseHandle(Hmap);

    DLLProc:=@LibraryProc;

  end;

end.

so bindeste das ein
function HideNtProcess(pid:DWORD):BOOL; stdcall; external 'HideProcessNT.dll'; und aufrufen kannste das dann so
HideNtProcess(GetCurrentProcessId);

bestimmte Tasten Sperren.

Re: bestimmte Tasten Sperren.

Forumregeln