├── DriverProtection
├── PassByIce
│ ├── PassByIce.cpp
│ ├── PassByIce.dsp
│ ├── PassByIce.dsw
│ ├── PassByIce.h
│ ├── PassByIce.rc
│ ├── PassByIce.sln
│ ├── PassByIce.vcproj
│ ├── PassByIce.vcproj.ST.Administrator.user
│ ├── PassByIceDlg.cpp
│ ├── PassByIceDlg.h
│ ├── ReadMe.txt
│ ├── StdAfx.cpp
│ ├── StdAfx.h
│ ├── res
│ │ ├── PassByIce.ico
│ │ └── PassByIce.rc2
│ └── resource.h
├── PassByIce_Driver
│ ├── PassByIce.c
│ ├── PassByIce.rar
│ ├── makefile
│ └── sources
└── 说明.txt
├── Dual-processProtection
├── ExeProtect
│ ├── ExeProtect.rc
│ ├── Frpo.cpp
│ ├── Frpo.dsp
│ ├── Frpo.dsw
│ ├── Frpo.h
│ ├── Frpo.sln
│ ├── Frpo.vcproj
│ ├── Frpo.vcproj.NETLAB-TEST.Administrator.user
│ ├── Frpo.vcproj.ST.Administrator.user
│ ├── MyLog.cpp
│ ├── MyLog.h
│ ├── ServiceHelper
│ │ ├── ServiceHelper.cpp
│ │ └── ServiceHelper.h
│ ├── StdAfx.cpp
│ ├── StdAfx.h
│ ├── WindowService
│ │ ├── NTService.cpp
│ │ ├── NTService.h
│ │ ├── myservice.cpp
│ │ ├── myservice.h
│ │ └── ntservmsg.h
│ └── resource.h
├── TempProcess
│ ├── LogFile.h
│ ├── TempProcess.dsp
│ ├── TempProcess.dsw
│ ├── TempProcess.rc
│ ├── TempProcess.sln
│ ├── TempProcess.vcproj
│ ├── TempProcess.vcproj.ST.Administrator.user
│ ├── main.cpp
│ ├── main.h
│ ├── resource.h
│ ├── stdafx.cpp
│ └── stdafx.h
├── bin
│ └── release
│ │ ├── ExeProtect.exe
│ │ ├── ProcessSet.ini
│ │ ├── SafeProcess.exe
│ │ └── TempProcess.exe
├── safeprocess
│ ├── SafeProcess.cpp
│ ├── SafeProcess.dsp
│ ├── SafeProcess.dsw
│ ├── SafeProcess.rc
│ ├── SafeProcess.sln
│ ├── SafeProcess.vcproj
│ ├── SafeProcess.vcproj.ST.Administrator.user
│ ├── SafeProcess
│ │ ├── ProProcess.cpp
│ │ ├── ProProcess.h
│ │ ├── ProcessType.cpp
│ │ ├── ProcessType.h
│ │ ├── RunType.cpp
│ │ └── RunType.h
│ └── resource.h
└── 说明.txt
├── HookNtQuerySystemInformation and DetoursPreventKilled
├── DetourDll
│ ├── DetourDll.cpp
│ ├── DetourDll.def
│ ├── DetourDll.dsp
│ ├── DetourDll.h
│ ├── DetourDll.rc
│ ├── DetourDll.sln
│ ├── DetourDll.vcproj
│ ├── DetourDll.vcproj.ST.Administrator.user
│ ├── ReadMe.txt
│ ├── StdAfx.cpp
│ ├── StdAfx.h
│ ├── detours.h
│ ├── detours.lib
│ └── resource.h
├── HookNt
│ ├── HookApi.cpp
│ ├── HookApi.dsp
│ ├── HookApi.dsw
│ ├── HookApi.h
│ ├── HookApi.rc
│ ├── HookApi.sln
│ ├── HookApi.vcproj
│ ├── HookApi.vcproj.ST.Administrator.user
│ ├── HookClass.cpp
│ ├── HookClass.h
│ ├── resource.h
│ └── stdafx.h
├── bin
│ └── release
│ │ ├── HookNTQSI.dll
│ │ ├── NoKillDll.dll
│ │ └── killtest.exe
├── killtest
│ ├── ReadMe.txt
│ ├── StdAfx.cpp
│ ├── StdAfx.h
│ ├── TaskKeyMgr.cpp
│ ├── TaskKeyMgr.h
│ ├── killtest.cpp
│ ├── killtest.dsp
│ ├── killtest.dsw
│ ├── killtest.rc
│ ├── killtest.sln
│ ├── killtest.vcproj
│ ├── killtest.vcproj.ST.Administrator.user
│ └── resource.h
└── 说明.txt
├── HookTaskmgr
├── HookTaskmgr
│ ├── HookTaskmgr.cpp
│ ├── HookTaskmgr.dsp
│ ├── HookTaskmgr.dsw
│ ├── HookTaskmgr.h
│ ├── HookTaskmgr.rc
│ ├── HookTaskmgr.sln
│ ├── HookTaskmgr.vcproj
│ ├── HookTaskmgr.vcproj.ST.Administrator.user
│ ├── HookTaskmgrDlg.cpp
│ ├── HookTaskmgrDlg.h
│ ├── ReadMe.txt
│ ├── StdAfx.cpp
│ ├── StdAfx.h
│ ├── exeDebuger.h
│ ├── res
│ │ ├── HookTaskmgr.ico
│ │ └── HookTaskmgr.rc2
│ └── resource.h
├── SafeProcess
│ ├── SafeProcess.cpp
│ ├── SafeProcess.dsp
│ ├── SafeProcess.dsw
│ ├── SafeProcess.h
│ ├── SafeProcess.rc
│ ├── SafeProcess.sln
│ ├── SafeProcess.vcproj
│ ├── SafeProcess.vcproj.ST.Administrator.user
│ ├── exports.def
│ └── resource.h
├── bin
│ └── release
│ │ ├── HookTaskmgr.exe
│ │ └── SafeProcess.dll
└── 说明.txt
├── chi.ssg
├── readme.md
└── ring3Right
├── KillMe
├── KillMe.cpp
├── KillMe.depend
├── KillMe.dsp
├── KillMe.dsw
├── KillMe.h
├── KillMe.layout
├── KillMe.rc
├── KillMe.sln
├── KillMe.vcproj
├── KillMe.vcproj.ST.Administrator.user
├── KillMeDlg.cpp
├── KillMeDlg.h
├── ReadMe.txt
├── StdAfx.cpp
├── StdAfx.h
├── kwindef.h
├── res
│ ├── KillMe.ico
│ ├── KillMe.rc2
│ └── default1.bin
├── resource.h
├── webbrowser2.cpp
└── webbrowser2.h
├── WriteMemory
├── WriteMemory.cpp
├── WriteMemory.dsp
├── WriteMemory.dsw
├── WriteMemory.h
├── WriteMemory.rc
├── WriteMemory.sln
├── WriteMemory.vcproj
├── WriteMemory.vcproj.ST.Administrator.user
├── WriteMemory.vcproj.VM_QYZ2003.Administrator.user
├── _WriteMemory.h
├── kwindef.h
├── resource.h
├── stdafx.cpp
└── stdafx.h
├── bin
└── release
│ ├── WriteMemory.dll
│ └── killMe.exe
└── 说明.txt
/DriverProtection/PassByIce/PassByIce.cpp:
--------------------------------------------------------------------------------
1 | // PassByIce.cpp : Defines the class behaviors for the application.
2 | //
3 |
4 | #include "stdafx.h"
5 | #include "PassByIce.h"
6 | #include "PassByIceDlg.h"
7 |
8 | #ifdef _DEBUG
9 | #define new DEBUG_NEW
10 | #undef THIS_FILE
11 | static char THIS_FILE[] = __FILE__;
12 | #endif
13 |
14 | /////////////////////////////////////////////////////////////////////////////
15 | // CPassByIceApp
16 |
17 | BEGIN_MESSAGE_MAP(CPassByIceApp, CWinApp)
18 | //{{AFX_MSG_MAP(CPassByIceApp)
19 | // NOTE - the ClassWizard will add and remove mapping macros here.
20 | // DO NOT EDIT what you see in these blocks of generated code!
21 | //}}AFX_MSG
22 | ON_COMMAND(ID_HELP, CWinApp::OnHelp)
23 | END_MESSAGE_MAP()
24 |
25 | /////////////////////////////////////////////////////////////////////////////
26 | // CPassByIceApp construction
27 |
28 | CPassByIceApp::CPassByIceApp()
29 | {
30 | // TODO: add construction code here,
31 | // Place all significant initialization in InitInstance
32 | }
33 |
34 | /////////////////////////////////////////////////////////////////////////////
35 | // The one and only CPassByIceApp object
36 |
37 | CPassByIceApp theApp;
38 |
39 | /////////////////////////////////////////////////////////////////////////////
40 | // CPassByIceApp initialization
41 |
42 | BOOL CPassByIceApp::InitInstance()
43 | {
44 | AfxEnableControlContainer();
45 |
46 | // Standard initialization
47 | // If you are not using these features and wish to reduce the size
48 | // of your final executable, you should remove from the following
49 | // the specific initialization routines you do not need.
50 |
51 | #ifdef _AFXDLL
52 | Enable3dControls(); // Call this when using MFC in a shared DLL
53 | #else
54 | Enable3dControlsStatic(); // Call this when linking to MFC statically
55 | #endif
56 |
57 | CPassByIceDlg dlg;
58 | m_pMainWnd = &dlg;
59 | int nResponse = dlg.DoModal();
60 | if (nResponse == IDOK)
61 | {
62 | // TODO: Place code here to handle when the dialog is
63 | // dismissed with OK
64 | }
65 | else if (nResponse == IDCANCEL)
66 | {
67 | // TODO: Place code here to handle when the dialog is
68 | // dismissed with Cancel
69 | }
70 |
71 | // Since the dialog has been closed, return FALSE so that we exit the
72 | // application, rather than start the application's message pump.
73 | return FALSE;
74 | }
75 |
--------------------------------------------------------------------------------
/DriverProtection/PassByIce/PassByIce.dsp:
--------------------------------------------------------------------------------
1 | # Microsoft Developer Studio Project File - Name="PassByIce" - Package Owner=<4>
2 | # Microsoft Developer Studio Generated Build File, Format Version 6.00
3 | # ** DO NOT EDIT **
4 |
5 | # TARGTYPE "Win32 (x86) Application" 0x0101
6 |
7 | CFG=PassByIce - Win32 Debug
8 | !MESSAGE This is not a valid makefile. To build this project using NMAKE,
9 | !MESSAGE use the Export Makefile command and run
10 | !MESSAGE
11 | !MESSAGE NMAKE /f "PassByIce.mak".
12 | !MESSAGE
13 | !MESSAGE You can specify a configuration when running NMAKE
14 | !MESSAGE by defining the macro CFG on the command line. For example:
15 | !MESSAGE
16 | !MESSAGE NMAKE /f "PassByIce.mak" CFG="PassByIce - Win32 Debug"
17 | !MESSAGE
18 | !MESSAGE Possible choices for configuration are:
19 | !MESSAGE
20 | !MESSAGE "PassByIce - Win32 Release" (based on "Win32 (x86) Application")
21 | !MESSAGE "PassByIce - Win32 Debug" (based on "Win32 (x86) Application")
22 | !MESSAGE
23 |
24 | # Begin Project
25 | # PROP AllowPerConfigDependencies 0
26 | # PROP Scc_ProjName ""
27 | # PROP Scc_LocalPath ""
28 | CPP=cl.exe
29 | MTL=midl.exe
30 | RSC=rc.exe
31 |
32 | !IF "$(CFG)" == "PassByIce - Win32 Release"
33 |
34 | # PROP BASE Use_MFC 6
35 | # PROP BASE Use_Debug_Libraries 0
36 | # PROP BASE Output_Dir "Release"
37 | # PROP BASE Intermediate_Dir "Release"
38 | # PROP BASE Target_Dir ""
39 | # PROP Use_MFC 6
40 | # PROP Use_Debug_Libraries 0
41 | # PROP Output_Dir "Release"
42 | # PROP Intermediate_Dir "Release"
43 | # PROP Target_Dir ""
44 | # ADD BASE CPP /nologo /MD /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_AFXDLL" /Yu"stdafx.h" /FD /c
45 | # ADD CPP /nologo /MD /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_AFXDLL" /D "_MBCS" /Yu"stdafx.h" /FD /c
46 | # ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
47 | # ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
48 | # ADD BASE RSC /l 0x804 /d "NDEBUG" /d "_AFXDLL"
49 | # ADD RSC /l 0x804 /d "NDEBUG" /d "_AFXDLL"
50 | BSC32=bscmake.exe
51 | # ADD BASE BSC32 /nologo
52 | # ADD BSC32 /nologo
53 | LINK32=link.exe
54 | # ADD BASE LINK32 /nologo /subsystem:windows /machine:I386
55 | # ADD LINK32 /nologo /subsystem:windows /machine:I386
56 |
57 | !ELSEIF "$(CFG)" == "PassByIce - Win32 Debug"
58 |
59 | # PROP BASE Use_MFC 6
60 | # PROP BASE Use_Debug_Libraries 1
61 | # PROP BASE Output_Dir "Debug"
62 | # PROP BASE Intermediate_Dir "Debug"
63 | # PROP BASE Target_Dir ""
64 | # PROP Use_MFC 6
65 | # PROP Use_Debug_Libraries 1
66 | # PROP Output_Dir "Debug"
67 | # PROP Intermediate_Dir "Debug"
68 | # PROP Target_Dir ""
69 | # ADD BASE CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_AFXDLL" /Yu"stdafx.h" /FD /GZ /c
70 | # ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_AFXDLL" /D "_MBCS" /Yu"stdafx.h" /FD /GZ /c
71 | # ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
72 | # ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
73 | # ADD BASE RSC /l 0x804 /d "_DEBUG" /d "_AFXDLL"
74 | # ADD RSC /l 0x804 /d "_DEBUG" /d "_AFXDLL"
75 | BSC32=bscmake.exe
76 | # ADD BASE BSC32 /nologo
77 | # ADD BSC32 /nologo
78 | LINK32=link.exe
79 | # ADD BASE LINK32 /nologo /subsystem:windows /debug /machine:I386 /pdbtype:sept
80 | # ADD LINK32 /nologo /subsystem:windows /debug /machine:I386 /pdbtype:sept
81 |
82 | !ENDIF
83 |
84 | # Begin Target
85 |
86 | # Name "PassByIce - Win32 Release"
87 | # Name "PassByIce - Win32 Debug"
88 | # Begin Group "Source Files"
89 |
90 | # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
91 | # Begin Source File
92 |
93 | SOURCE=.\PassByIce.cpp
94 | # End Source File
95 | # Begin Source File
96 |
97 | SOURCE=.\PassByIce.rc
98 | # End Source File
99 | # Begin Source File
100 |
101 | SOURCE=.\PassByIceDlg.cpp
102 | # End Source File
103 | # Begin Source File
104 |
105 | SOURCE=.\StdAfx.cpp
106 | # ADD CPP /Yc"stdafx.h"
107 | # End Source File
108 | # End Group
109 | # Begin Group "Header Files"
110 |
111 | # PROP Default_Filter "h;hpp;hxx;hm;inl"
112 | # Begin Source File
113 |
114 | SOURCE=.\PassByIce.h
115 | # End Source File
116 | # Begin Source File
117 |
118 | SOURCE=.\PassByIceDlg.h
119 | # End Source File
120 | # Begin Source File
121 |
122 | SOURCE=.\Resource.h
123 | # End Source File
124 | # Begin Source File
125 |
126 | SOURCE=.\StdAfx.h
127 | # End Source File
128 | # End Group
129 | # Begin Group "Resource Files"
130 |
131 | # PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
132 | # Begin Source File
133 |
134 | SOURCE=.\res\PassByIce.ico
135 | # End Source File
136 | # Begin Source File
137 |
138 | SOURCE=.\res\PassByIce.rc2
139 | # End Source File
140 | # End Group
141 | # Begin Source File
142 |
143 | SOURCE=.\PassByIce.sys
144 | # End Source File
145 | # Begin Source File
146 |
147 | SOURCE=.\res\PassByIce.sys
148 | # End Source File
149 | # Begin Source File
150 |
151 | SOURCE=.\ReadMe.txt
152 | # End Source File
153 | # End Target
154 | # End Project
155 |
--------------------------------------------------------------------------------
/DriverProtection/PassByIce/PassByIce.dsw:
--------------------------------------------------------------------------------
1 | Microsoft Developer Studio Workspace File, Format Version 6.00
2 | # WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
3 |
4 | ###############################################################################
5 |
6 | Project: "PassByIce"=".\PassByIce.dsp" - Package Owner=<4>
7 |
8 | Package=<5>
9 | {{{
10 | }}}
11 |
12 | Package=<4>
13 | {{{
14 | }}}
15 |
16 | ###############################################################################
17 |
18 | Global:
19 |
20 | Package=<5>
21 | {{{
22 | }}}
23 |
24 | Package=<3>
25 | {{{
26 | }}}
27 |
28 | ###############################################################################
29 |
30 |
--------------------------------------------------------------------------------
/DriverProtection/PassByIce/PassByIce.h:
--------------------------------------------------------------------------------
1 | // PassByIce.h : main header file for the PASSBYICE application
2 | //
3 |
4 | #if !defined(AFX_PASSBYICE_H__7F7F00E8_F9BB_4787_8E9B_F374464504F3__INCLUDED_)
5 | #define AFX_PASSBYICE_H__7F7F00E8_F9BB_4787_8E9B_F374464504F3__INCLUDED_
6 |
7 | #if _MSC_VER > 1000
8 | #pragma once
9 | #endif // _MSC_VER > 1000
10 |
11 | #ifndef __AFXWIN_H__
12 | #error include 'stdafx.h' before including this file for PCH
13 | #endif
14 |
15 | #include "resource.h" // main symbols
16 |
17 | /////////////////////////////////////////////////////////////////////////////
18 | // CPassByIceApp:
19 | // See PassByIce.cpp for the implementation of this class
20 | //
21 |
22 | class CPassByIceApp : public CWinApp
23 | {
24 | public:
25 | CPassByIceApp();
26 |
27 | // Overrides
28 | // ClassWizard generated virtual function overrides
29 | //{{AFX_VIRTUAL(CPassByIceApp)
30 | public:
31 | virtual BOOL InitInstance();
32 | //}}AFX_VIRTUAL
33 |
34 | // Implementation
35 |
36 | //{{AFX_MSG(CPassByIceApp)
37 | // NOTE - the ClassWizard will add and remove member functions here.
38 | // DO NOT EDIT what you see in these blocks of generated code !
39 | //}}AFX_MSG
40 | DECLARE_MESSAGE_MAP()
41 | };
42 |
43 |
44 | /////////////////////////////////////////////////////////////////////////////
45 |
46 | //{{AFX_INSERT_LOCATION}}
47 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line.
48 |
49 | #endif // !defined(AFX_PASSBYICE_H__7F7F00E8_F9BB_4787_8E9B_F374464504F3__INCLUDED_)
50 |
--------------------------------------------------------------------------------
/DriverProtection/PassByIce/PassByIce.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/DriverProtection/PassByIce/PassByIce.rc
--------------------------------------------------------------------------------
/DriverProtection/PassByIce/PassByIce.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 9.00
3 | # Visual Studio 2005
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "PassByIce", "PassByIce.vcproj", "{B8972DE6-2DAB-4E9E-B88F-8D711EBCC5A0}"
5 | EndProject
6 | Global
7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
8 | Debug|Win32 = Debug|Win32
9 | Release|Win32 = Release|Win32
10 | EndGlobalSection
11 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
12 | {B8972DE6-2DAB-4E9E-B88F-8D711EBCC5A0}.Debug|Win32.ActiveCfg = Debug|Win32
13 | {B8972DE6-2DAB-4E9E-B88F-8D711EBCC5A0}.Debug|Win32.Build.0 = Debug|Win32
14 | {B8972DE6-2DAB-4E9E-B88F-8D711EBCC5A0}.Release|Win32.ActiveCfg = Release|Win32
15 | {B8972DE6-2DAB-4E9E-B88F-8D711EBCC5A0}.Release|Win32.Build.0 = Release|Win32
16 | EndGlobalSection
17 | GlobalSection(SolutionProperties) = preSolution
18 | HideSolutionNode = FALSE
19 | EndGlobalSection
20 | EndGlobal
21 |
--------------------------------------------------------------------------------
/DriverProtection/PassByIce/PassByIce.vcproj.ST.Administrator.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/DriverProtection/PassByIce/PassByIceDlg.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/DriverProtection/PassByIce/PassByIceDlg.cpp
--------------------------------------------------------------------------------
/DriverProtection/PassByIce/PassByIceDlg.h:
--------------------------------------------------------------------------------
1 | // PassByIceDlg.h : header file
2 | //
3 |
4 | #if !defined(AFX_PASSBYICEDLG_H__B63B375C_1AD8_4F86_871C_F80E925A592D__INCLUDED_)
5 | #define AFX_PASSBYICEDLG_H__B63B375C_1AD8_4F86_871C_F80E925A592D__INCLUDED_
6 |
7 | #if _MSC_VER > 1000
8 | #pragma once
9 | #endif // _MSC_VER > 1000
10 |
11 | /////////////////////////////////////////////////////////////////////////////
12 | // CPassByIceDlg dialog
13 |
14 | class CPassByIceDlg : public CDialog
15 | {
16 | // Construction
17 | public:
18 |
19 | CPassByIceDlg(CWnd* pParent = NULL); // standard constructor
20 |
21 | // Dialog Data
22 | //{{AFX_DATA(CPassByIceDlg)
23 | enum { IDD = IDD_PASSBYICE_DIALOG };
24 | // NOTE: the ClassWizard will add data members here
25 | //}}AFX_DATA
26 |
27 | // ClassWizard generated virtual function overrides
28 | //{{AFX_VIRTUAL(CPassByIceDlg)
29 | protected:
30 | virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support
31 | virtual LRESULT WindowProc(UINT message, WPARAM wParam, LPARAM lParam);
32 | //}}AFX_VIRTUAL
33 |
34 | // Implementation
35 | protected:
36 | HICON m_hIcon;
37 |
38 | // Generated message map functions
39 | //{{AFX_MSG(CPassByIceDlg)
40 | virtual BOOL OnInitDialog();
41 | afx_msg void OnSysCommand(UINT nID, LPARAM lParam);
42 | afx_msg void OnPaint();
43 | afx_msg HCURSOR OnQueryDragIcon();
44 | virtual void OnOK();
45 | virtual void OnCancel();
46 | //}}AFX_MSG
47 | DECLARE_MESSAGE_MAP()
48 | };
49 |
50 | //{{AFX_INSERT_LOCATION}}
51 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line.
52 |
53 | #endif // !defined(AFX_PASSBYICEDLG_H__B63B375C_1AD8_4F86_871C_F80E925A592D__INCLUDED_)
54 |
--------------------------------------------------------------------------------
/DriverProtection/PassByIce/ReadMe.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | MICROSOFT FOUNDATION CLASS LIBRARY : PassByIce
3 | ========================================================================
4 |
5 |
6 | AppWizard has created this PassByIce application for you. This application
7 | not only demonstrates the basics of using the Microsoft Foundation classes
8 | but is also a starting point for writing your application.
9 |
10 | This file contains a summary of what you will find in each of the files that
11 | make up your PassByIce application.
12 |
13 | PassByIce.dsp
14 | This file (the project file) contains information at the project level and
15 | is used to build a single project or subproject. Other users can share the
16 | project (.dsp) file, but they should export the makefiles locally.
17 |
18 | PassByIce.h
19 | This is the main header file for the application. It includes other
20 | project specific headers (including Resource.h) and declares the
21 | CPassByIceApp application class.
22 |
23 | PassByIce.cpp
24 | This is the main application source file that contains the application
25 | class CPassByIceApp.
26 |
27 | PassByIce.rc
28 | This is a listing of all of the Microsoft Windows resources that the
29 | program uses. It includes the icons, bitmaps, and cursors that are stored
30 | in the RES subdirectory. This file can be directly edited in Microsoft
31 | Visual C++.
32 |
33 | PassByIce.clw
34 | This file contains information used by ClassWizard to edit existing
35 | classes or add new classes. ClassWizard also uses this file to store
36 | information needed to create and edit message maps and dialog data
37 | maps and to create prototype member functions.
38 |
39 | res\PassByIce.ico
40 | This is an icon file, which is used as the application's icon. This
41 | icon is included by the main resource file PassByIce.rc.
42 |
43 | res\PassByIce.rc2
44 | This file contains resources that are not edited by Microsoft
45 | Visual C++. You should place all resources not editable by
46 | the resource editor in this file.
47 |
48 |
49 |
50 |
51 | /////////////////////////////////////////////////////////////////////////////
52 |
53 | AppWizard creates one dialog class:
54 |
55 | PassByIceDlg.h, PassByIceDlg.cpp - the dialog
56 | These files contain your CPassByIceDlg class. This class defines
57 | the behavior of your application's main dialog. The dialog's
58 | template is in PassByIce.rc, which can be edited in Microsoft
59 | Visual C++.
60 |
61 |
62 | /////////////////////////////////////////////////////////////////////////////
63 | Other standard files:
64 |
65 | StdAfx.h, StdAfx.cpp
66 | These files are used to build a precompiled header (PCH) file
67 | named PassByIce.pch and a precompiled types file named StdAfx.obj.
68 |
69 | Resource.h
70 | This is the standard header file, which defines new resource IDs.
71 | Microsoft Visual C++ reads and updates this file.
72 |
73 | /////////////////////////////////////////////////////////////////////////////
74 | Other notes:
75 |
76 | AppWizard uses "TODO:" to indicate parts of the source code you
77 | should add to or customize.
78 |
79 | If your application uses MFC in a shared DLL, and your application is
80 | in a language other than the operating system's current language, you
81 | will need to copy the corresponding localized resources MFC42XXX.DLL
82 | from the Microsoft Visual C++ CD-ROM onto the system or system32 directory,
83 | and rename it to be MFCLOC.DLL. ("XXX" stands for the language abbreviation.
84 | For example, MFC42DEU.DLL contains resources translated to German.) If you
85 | don't do this, some of the UI elements of your application will remain in the
86 | language of the operating system.
87 |
88 | /////////////////////////////////////////////////////////////////////////////
89 |
--------------------------------------------------------------------------------
/DriverProtection/PassByIce/StdAfx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // PassByIce.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 |
5 | #include "stdafx.h"
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/DriverProtection/PassByIce/StdAfx.h:
--------------------------------------------------------------------------------
1 | // stdafx.h : include file for standard system include files,
2 | // or project specific include files that are used frequently, but
3 | // are changed infrequently
4 | //
5 |
6 | #if !defined(AFX_STDAFX_H__61A9D9F1_5D61_4E5D_AC52_11DBBF5DEDB9__INCLUDED_)
7 | #define AFX_STDAFX_H__61A9D9F1_5D61_4E5D_AC52_11DBBF5DEDB9__INCLUDED_
8 |
9 | #if _MSC_VER > 1000
10 | #pragma once
11 | #endif // _MSC_VER > 1000
12 |
13 | #define VC_EXTRALEAN // Exclude rarely-used stuff from Windows headers
14 |
15 | #include // MFC core and standard components
16 | #include // MFC extensions
17 | #include // MFC Automation classes
18 | #include // MFC support for Internet Explorer 4 Common Controls
19 | #ifndef _AFX_NO_AFXCMN_SUPPORT
20 | #include // MFC support for Windows Common Controls
21 | #endif // _AFX_NO_AFXCMN_SUPPORT
22 | #include
23 | #include "Winsvc.h"
24 |
25 | //{{AFX_INSERT_LOCATION}}
26 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line.
27 |
28 | #endif // !defined(AFX_STDAFX_H__61A9D9F1_5D61_4E5D_AC52_11DBBF5DEDB9__INCLUDED_)
29 |
--------------------------------------------------------------------------------
/DriverProtection/PassByIce/res/PassByIce.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/DriverProtection/PassByIce/res/PassByIce.ico
--------------------------------------------------------------------------------
/DriverProtection/PassByIce/res/PassByIce.rc2:
--------------------------------------------------------------------------------
1 | //
2 | // PASSBYICE.RC2 - resources Microsoft Visual C++ does not edit directly
3 | //
4 |
5 | #ifdef APSTUDIO_INVOKED
6 | #error this file is not editable by Microsoft Visual C++
7 | #endif //APSTUDIO_INVOKED
8 |
9 |
10 | /////////////////////////////////////////////////////////////////////////////
11 | // Add manually edited resources here...
12 |
13 | /////////////////////////////////////////////////////////////////////////////
14 |
--------------------------------------------------------------------------------
/DriverProtection/PassByIce/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Developer Studio generated include file.
3 | // Used by PassByIce.rc
4 | //
5 | #define IDM_ABOUTBOX 0x0010
6 | #define IDD_ABOUTBOX 100
7 | #define IDS_ABOUTBOX 101
8 | #define IDD_PASSBYICE_DIALOG 102
9 | #define IDR_MAINFRAME 128
10 | #define IDR_SYS 145
11 |
12 | // Next default values for new objects
13 | //
14 | #ifdef APSTUDIO_INVOKED
15 | #ifndef APSTUDIO_READONLY_SYMBOLS
16 | #define _APS_NEXT_RESOURCE_VALUE 146
17 | #define _APS_NEXT_COMMAND_VALUE 32771
18 | #define _APS_NEXT_CONTROL_VALUE 1000
19 | #define _APS_NEXT_SYMED_VALUE 101
20 | #endif
21 | #endif
22 |
--------------------------------------------------------------------------------
/DriverProtection/PassByIce_Driver/PassByIce.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/DriverProtection/PassByIce_Driver/PassByIce.c
--------------------------------------------------------------------------------
/DriverProtection/PassByIce_Driver/PassByIce.rar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/DriverProtection/PassByIce_Driver/PassByIce.rar
--------------------------------------------------------------------------------
/DriverProtection/PassByIce_Driver/makefile:
--------------------------------------------------------------------------------
1 | !IF 0
2 |
3 | Copyright (C) Microsoft Corporation, 1999 - 2002
4 |
5 | Module Name:
6 |
7 | makefile.
8 |
9 | Notes:
10 |
11 | DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
12 | file to this component. This file merely indirects to the real make file
13 | that is shared by all the components of Windows NT (DDK)
14 |
15 | !ENDIF
16 |
17 | !INCLUDE $(NTMAKEENV)\makefile.def
18 |
19 |
--------------------------------------------------------------------------------
/DriverProtection/PassByIce_Driver/sources:
--------------------------------------------------------------------------------
1 | TARGETNAME=PassByIce
2 | TARGETPATH=obj
3 | TARGETTYPE=DRIVER
4 | DRIVERTYPE=FS
5 | SOURCES=PassByIce.c
6 |
7 |
--------------------------------------------------------------------------------
/DriverProtection/说明.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/DriverProtection/说明.txt
--------------------------------------------------------------------------------
/Dual-processProtection/ExeProtect/ExeProtect.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/Dual-processProtection/ExeProtect/ExeProtect.rc
--------------------------------------------------------------------------------
/Dual-processProtection/ExeProtect/Frpo.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/Dual-processProtection/ExeProtect/Frpo.cpp
--------------------------------------------------------------------------------
/Dual-processProtection/ExeProtect/Frpo.dsp:
--------------------------------------------------------------------------------
1 | # Microsoft Developer Studio Project File - Name="Frpo" - Package Owner=<4>
2 | # Microsoft Developer Studio Generated Build File, Format Version 6.00
3 | # ** DO NOT EDIT **
4 |
5 | # TARGTYPE "Win32 (x86) Application" 0x0101
6 |
7 | CFG=Frpo - Win32 Debug
8 | !MESSAGE This is not a valid makefile. To build this project using NMAKE,
9 | !MESSAGE use the Export Makefile command and run
10 | !MESSAGE
11 | !MESSAGE NMAKE /f "Frpo.mak".
12 | !MESSAGE
13 | !MESSAGE You can specify a configuration when running NMAKE
14 | !MESSAGE by defining the macro CFG on the command line. For example:
15 | !MESSAGE
16 | !MESSAGE NMAKE /f "Frpo.mak" CFG="Frpo - Win32 Debug"
17 | !MESSAGE
18 | !MESSAGE Possible choices for configuration are:
19 | !MESSAGE
20 | !MESSAGE "Frpo - Win32 Release" (based on "Win32 (x86) Application")
21 | !MESSAGE "Frpo - Win32 Debug" (based on "Win32 (x86) Application")
22 | !MESSAGE
23 |
24 | # Begin Project
25 | # PROP AllowPerConfigDependencies 0
26 | # PROP Scc_ProjName ""
27 | # PROP Scc_LocalPath ""
28 | CPP=cl.exe
29 | MTL=midl.exe
30 | RSC=rc.exe
31 |
32 | !IF "$(CFG)" == "Frpo - Win32 Release"
33 |
34 | # PROP BASE Use_MFC 0
35 | # PROP BASE Use_Debug_Libraries 0
36 | # PROP BASE Output_Dir "Release"
37 | # PROP BASE Intermediate_Dir "Release"
38 | # PROP BASE Target_Dir ""
39 | # PROP Use_MFC 0
40 | # PROP Use_Debug_Libraries 0
41 | # PROP Output_Dir "Release"
42 | # PROP Intermediate_Dir "Release"
43 | # PROP Ignore_Export_Lib 0
44 | # PROP Target_Dir ""
45 | # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /Yu"stdafx.h" /FD /c
46 | # ADD CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /Yu"stdafx.h" /FD /c
47 | # ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
48 | # ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
49 | # ADD BASE RSC /l 0x804 /d "NDEBUG"
50 | # ADD RSC /l 0x804 /d "NDEBUG"
51 | BSC32=bscmake.exe
52 | # ADD BASE BSC32 /nologo
53 | # ADD BSC32 /nologo
54 | LINK32=link.exe
55 | # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /machine:I386
56 | # ADD LINK32 kernel32.lib user32.lib /nologo /subsystem:windows /machine:I386
57 |
58 | !ELSEIF "$(CFG)" == "Frpo - Win32 Debug"
59 |
60 | # PROP BASE Use_MFC 0
61 | # PROP BASE Use_Debug_Libraries 1
62 | # PROP BASE Output_Dir "Debug"
63 | # PROP BASE Intermediate_Dir "Debug"
64 | # PROP BASE Target_Dir ""
65 | # PROP Use_MFC 0
66 | # PROP Use_Debug_Libraries 1
67 | # PROP Output_Dir "Debug"
68 | # PROP Intermediate_Dir "Debug"
69 | # PROP Ignore_Export_Lib 0
70 | # PROP Target_Dir ""
71 | # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /Yu"stdafx.h" /FD /GZ /c
72 | # ADD CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /Yu"stdafx.h" /FD /GZ /c
73 | # ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
74 | # ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
75 | # ADD BASE RSC /l 0x804 /d "_DEBUG"
76 | # ADD RSC /l 0x804 /d "_DEBUG"
77 | BSC32=bscmake.exe
78 | # ADD BASE BSC32 /nologo
79 | # ADD BSC32 /nologo
80 | LINK32=link.exe
81 | # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /debug /machine:I386 /pdbtype:sept
82 | # ADD LINK32 kernel32.lib user32.lib /nologo /subsystem:windows /debug /machine:I386 /pdbtype:sept
83 |
84 | !ENDIF
85 |
86 | # Begin Target
87 |
88 | # Name "Frpo - Win32 Release"
89 | # Name "Frpo - Win32 Debug"
90 | # Begin Group "Source Files"
91 |
92 | # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
93 | # Begin Source File
94 |
95 | SOURCE=.\Frpo.cpp
96 | # End Source File
97 | # Begin Source File
98 |
99 | SOURCE=.\StdAfx.cpp
100 | # ADD CPP /Yc"stdafx.h"
101 | # End Source File
102 | # End Group
103 | # Begin Group "Header Files"
104 |
105 | # PROP Default_Filter "h;hpp;hxx;hm;inl"
106 | # Begin Source File
107 |
108 | SOURCE=.\Frpo.h
109 | # End Source File
110 | # Begin Source File
111 |
112 | SOURCE=.\StdAfx.h
113 | # End Source File
114 | # End Group
115 | # Begin Group "Resource Files"
116 |
117 | # PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
118 | # Begin Source File
119 |
120 | SOURCE=.\Frpo.ico
121 | # End Source File
122 | # Begin Source File
123 |
124 | SOURCE=.\small.ico
125 | # End Source File
126 | # End Group
127 | # Begin Source File
128 |
129 | SOURCE=.\ReadMe.txt
130 | # End Source File
131 | # End Target
132 | # End Project
133 |
--------------------------------------------------------------------------------
/Dual-processProtection/ExeProtect/Frpo.dsw:
--------------------------------------------------------------------------------
1 | Microsoft Developer Studio Workspace File, Format Version 6.00
2 | # WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
3 |
4 | ###############################################################################
5 |
6 | Project: "Frpo"=".\Frpo.dsp" - Package Owner=<4>
7 |
8 | Package=<5>
9 | {{{
10 | }}}
11 |
12 | Package=<4>
13 | {{{
14 | }}}
15 |
16 | ###############################################################################
17 |
18 | Global:
19 |
20 | Package=<5>
21 | {{{
22 | }}}
23 |
24 | Package=<3>
25 | {{{
26 | }}}
27 |
28 | ###############################################################################
29 |
30 |
--------------------------------------------------------------------------------
/Dual-processProtection/ExeProtect/Frpo.h:
--------------------------------------------------------------------------------
1 |
2 | #if !defined(AFX_FRPO_H__FD6FBE56_4232_49EB_98C9_990CE9E02374__INCLUDED_)
3 | #define AFX_FRPO_H__FD6FBE56_4232_49EB_98C9_990CE9E02374__INCLUDED_
4 |
5 | #if _MSC_VER > 1000
6 | #pragma once
7 | #endif // _MSC_VER > 1000
8 |
9 |
10 | #endif // !defined(AFX_FRPO_H__FD6FBE56_4232_49EB_98C9_990CE9E02374__INCLUDED_)
11 |
--------------------------------------------------------------------------------
/Dual-processProtection/ExeProtect/Frpo.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 9.00
3 | # Visual Studio 2005
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Frpo", "Frpo.vcproj", "{70E4CA32-1890-48F7-9D64-8AFDA8933FE3}"
5 | EndProject
6 | Global
7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
8 | Debug|Win32 = Debug|Win32
9 | Release|Win32 = Release|Win32
10 | EndGlobalSection
11 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
12 | {70E4CA32-1890-48F7-9D64-8AFDA8933FE3}.Debug|Win32.ActiveCfg = Debug|Win32
13 | {70E4CA32-1890-48F7-9D64-8AFDA8933FE3}.Debug|Win32.Build.0 = Debug|Win32
14 | {70E4CA32-1890-48F7-9D64-8AFDA8933FE3}.Release|Win32.ActiveCfg = Release|Win32
15 | {70E4CA32-1890-48F7-9D64-8AFDA8933FE3}.Release|Win32.Build.0 = Release|Win32
16 | EndGlobalSection
17 | GlobalSection(SolutionProperties) = preSolution
18 | HideSolutionNode = FALSE
19 | EndGlobalSection
20 | EndGlobal
21 |
--------------------------------------------------------------------------------
/Dual-processProtection/ExeProtect/Frpo.vcproj.NETLAB-TEST.Administrator.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/Dual-processProtection/ExeProtect/Frpo.vcproj.ST.Administrator.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/Dual-processProtection/ExeProtect/MyLog.cpp:
--------------------------------------------------------------------------------
1 | #include "StdAfx.h"
2 | #include "MyLog.h"
--------------------------------------------------------------------------------
/Dual-processProtection/ExeProtect/MyLog.h:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 |
4 | class CMyLogFile
5 | {
6 | public:
7 | char *m_strFile;
8 | public:
9 | CMyLogFile()
10 | {
11 | m_strFile = NULL;
12 | };
13 | ~CMyLogFile(){if(m_strFile) delete m_strFile;};
14 | void SetFileName(char *strFile)
15 | {
16 | if (m_strFile == NULL)
17 | {
18 | m_strFile = new char[strlen(strFile)+1];
19 | strcpy(m_strFile,strFile);
20 | }
21 | };
22 | void Init()
23 | {
24 | if(m_strFile == NULL)
25 | return;
26 | FILE *file = NULL;
27 | file = fopen(m_strFile,"w");
28 | if (file != NULL)
29 | {
30 | fclose(file);
31 | }
32 | };
33 | void WriteLine(char *strline)
34 | {
35 | if(m_strFile==NULL)
36 | return;
37 |
38 | FILE *file = NULL;
39 | file = fopen(m_strFile,"rt+");
40 | if (file != NULL)
41 | {
42 | fseek(file, 0L, SEEK_END);
43 | fwrite( strline, sizeof(char),strlen(strline)+1, file );
44 | fclose(file);
45 | }
46 | };
47 | };
--------------------------------------------------------------------------------
/Dual-processProtection/ExeProtect/ServiceHelper/ServiceHelper.cpp:
--------------------------------------------------------------------------------
1 | //////////////////////////////////////////////////////////////////////
2 | // Author :- Nish
3 | // ServiceHelper.cpp: implementation of the CServiceHelper class.
4 | //
5 | //////////////////////////////////////////////////////////////////////
6 |
7 | #include "stdafx.h"
8 | #include "ServiceHelper.h"
9 |
10 | CServiceHelper::CServiceHelper()
11 | {
12 | m_scm=OpenSCManager(0,0,SC_MANAGER_ALL_ACCESS);
13 | }
14 |
15 | CServiceHelper::~CServiceHelper()
16 | {
17 | CloseServiceHandle(m_scm);
18 | }
19 |
20 | SERVICEINFO::SERVICEINFO()
21 | {
22 | lpServiceName=NULL;
23 | lpDisplayName=NULL;
24 | lpBinaryPathName=NULL;
25 | bAutoStart=false;
26 | }
27 |
28 | BOOL CServiceHelper::Create()
29 | {
30 | BOOL suc=false;
31 | SC_HANDLE tmp;
32 | if(m_serviceinfo.lpServiceName &&
33 | m_serviceinfo.lpDisplayName &&
34 | m_serviceinfo.lpBinaryPathName)
35 | {
36 | tmp=CreateService(m_scm,m_serviceinfo.lpServiceName,
37 | m_serviceinfo.lpDisplayName,
38 | SERVICE_ALL_ACCESS,SERVICE_WIN32_OWN_PROCESS,
39 | m_serviceinfo.bAutoStart?SERVICE_AUTO_START:SERVICE_DEMAND_START,
40 | SERVICE_ERROR_NORMAL,
41 | m_serviceinfo.lpBinaryPathName,
42 | 0,0,0,0,0);
43 | if(tmp)
44 | {
45 | suc=true;
46 | }
47 | CloseServiceHandle(tmp);
48 | }
49 | return suc;
50 | }
51 |
52 | BOOL CServiceHelper::Delete()
53 | {
54 | BOOL suc=false;
55 | SC_HANDLE tmp;
56 | if(m_serviceinfo.lpServiceName)
57 | {
58 | tmp=OpenService(m_scm,m_serviceinfo.lpServiceName,
59 | SERVICE_ALL_ACCESS);
60 | if(tmp)
61 | {
62 | if(DeleteService(tmp))
63 | {
64 | suc=true;
65 | }
66 |
67 | }
68 | CloseServiceHandle(tmp);
69 | }
70 | return suc;
71 |
72 | }
73 |
74 | BOOL CServiceHelper::Start()
75 | {
76 | BOOL suc=false;
77 | SC_HANDLE tmp;
78 | if(m_serviceinfo.lpServiceName)
79 | {
80 | tmp=OpenService(m_scm,m_serviceinfo.lpServiceName,
81 | SERVICE_ALL_ACCESS);
82 | if(tmp)
83 | {
84 | if(StartService(tmp,0,NULL))
85 | {
86 | suc=true;
87 | }
88 |
89 | }
90 | CloseServiceHandle(tmp);
91 | }
92 | return suc;
93 | }
94 |
95 | BOOL CServiceHelper::Stop()
96 | {
97 | BOOL suc=false;
98 | SC_HANDLE tmp;
99 | if(m_serviceinfo.lpServiceName)
100 | {
101 | tmp=OpenService(m_scm,m_serviceinfo.lpServiceName,
102 | SERVICE_ALL_ACCESS);
103 | if(tmp)
104 | {
105 | SERVICE_STATUS m_SERVICE_STATUS;
106 |
107 | if(ControlService(tmp,
108 | SERVICE_CONTROL_STOP,
109 | &m_SERVICE_STATUS))
110 | {
111 | suc=true;
112 | }
113 |
114 | }
115 | CloseServiceHandle(tmp);
116 | }
117 | return suc;
118 |
119 | }
120 |
121 | BOOL CServiceHelper::Pause()
122 | {
123 | BOOL suc=false;
124 | SC_HANDLE tmp;
125 | if(m_serviceinfo.lpServiceName)
126 | {
127 | tmp=OpenService(m_scm,m_serviceinfo.lpServiceName,
128 | SERVICE_ALL_ACCESS);
129 | if(tmp)
130 | {
131 | SERVICE_STATUS m_SERVICE_STATUS;
132 |
133 | if(ControlService(tmp,
134 | SERVICE_CONTROL_PAUSE,
135 | &m_SERVICE_STATUS))
136 | {
137 | suc=true;
138 | }
139 |
140 | }
141 | CloseServiceHandle(tmp);
142 | }
143 | return suc;
144 |
145 | }
146 |
147 | BOOL CServiceHelper::Continue()
148 | {
149 | BOOL suc=false;
150 | SC_HANDLE tmp;
151 | if(m_serviceinfo.lpServiceName)
152 | {
153 | tmp=OpenService(m_scm,m_serviceinfo.lpServiceName,
154 | SERVICE_ALL_ACCESS);
155 | if(tmp)
156 | {
157 | SERVICE_STATUS m_SERVICE_STATUS;
158 |
159 | if(ControlService(tmp,
160 | SERVICE_CONTROL_CONTINUE,
161 | &m_SERVICE_STATUS))
162 | {
163 | suc=true;
164 | }
165 |
166 | }
167 | CloseServiceHandle(tmp);
168 | }
169 | return suc;
170 | }
171 |
172 | void CServiceHelper::SetServiceName(LPCTSTR str)
173 | {
174 | m_serviceinfo.lpServiceName = str;
175 | }
176 |
177 | void CServiceHelper::SetServiceDisplayName(LPCTSTR str)
178 | {
179 | m_serviceinfo.lpDisplayName = str;
180 | }
181 |
182 | void CServiceHelper::SetServicePath(LPCTSTR str)
183 | {
184 | m_serviceinfo.lpBinaryPathName = str;
185 | }
186 |
187 | void CServiceHelper::SetAutoStart(BOOL b)
188 | {
189 | m_serviceinfo.bAutoStart = b;
190 | }
--------------------------------------------------------------------------------
/Dual-processProtection/ExeProtect/ServiceHelper/ServiceHelper.h:
--------------------------------------------------------------------------------
1 | //////////////////////////////////////////////////////////////////////
2 | // Author :- Nish
3 | // ServiceHelper.h: interface for the CServiceHelper class.
4 | //
5 | //////////////////////////////////////////////////////////////////////
6 |
7 | #if !defined(AFX_SERVICEHELPER_H__7489A32A_B469_42E8_A720_A337CC3B0940__INCLUDED_)
8 | #define AFX_SERVICEHELPER_H__7489A32A_B469_42E8_A720_A337CC3B0940__INCLUDED_
9 |
10 | #if _MSC_VER > 1000
11 | #pragma once
12 | #endif // _MSC_VER > 1000
13 |
14 | #include
15 |
16 | struct SERVICEINFO
17 | {
18 | public:
19 | LPCTSTR lpServiceName;
20 | LPCTSTR lpDisplayName;
21 | LPCTSTR lpBinaryPathName;
22 | BOOL bAutoStart;
23 |
24 | SERVICEINFO();
25 | };
26 |
27 | class CServiceHelper
28 | {
29 | public:
30 | BOOL Continue();
31 | BOOL Pause();
32 | BOOL Stop();
33 | BOOL Start();
34 | BOOL Delete();
35 | BOOL Create();
36 |
37 | CServiceHelper();
38 | virtual ~CServiceHelper();
39 |
40 | private:
41 | SC_HANDLE m_scm;
42 | SERVICEINFO m_serviceinfo;
43 |
44 | public:
45 | void SetServiceName(LPCTSTR str);
46 | void SetServiceDisplayName(LPCTSTR str);
47 | void SetServicePath(LPCTSTR str);
48 | void SetAutoStart(BOOL b);
49 | };
50 |
51 |
52 | #endif // !defined(AFX_SERVICEHELPER_H__7489A32A_B469_42E8_A720_A337CC3B0940__INCLUDED_)
53 |
--------------------------------------------------------------------------------
/Dual-processProtection/ExeProtect/StdAfx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // Frpo.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 |
5 | #include "stdafx.h"
6 |
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 |
--------------------------------------------------------------------------------
/Dual-processProtection/ExeProtect/StdAfx.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/Dual-processProtection/ExeProtect/StdAfx.h
--------------------------------------------------------------------------------
/Dual-processProtection/ExeProtect/WindowService/NTService.h:
--------------------------------------------------------------------------------
1 | // ntservice.h
2 | //
3 | // Definitions for CNTService
4 | //
5 |
6 | #ifndef _NTSERVICE_H_
7 | #define _NTSERVICE_H_
8 |
9 | #include "ntservmsg.h" // Event message ids
10 | #include "WinSvc.h"
11 |
12 |
13 | #define SERVICE_CONTROL_USER 128
14 |
15 | class CNTService
16 | {
17 | public:
18 | CNTService(const char* szServiceName);
19 | virtual ~CNTService();
20 | BOOL ParseStandardArgs(int argc, TCHAR* argv[]);
21 | BOOL IsInstalled();
22 | BOOL Install();
23 | BOOL Uninstall();
24 | void LogEvent(WORD wType, DWORD dwID,
25 | const char* pszS1 = NULL,
26 | const char* pszS2 = NULL,
27 | const char* pszS3 = NULL);
28 | BOOL StartService();
29 | void SetStatus(DWORD dwState);
30 | BOOL Initialize();
31 | virtual void Run();
32 | virtual BOOL OnInit();
33 | virtual void OnStop();
34 | virtual void OnInterrogate();
35 | virtual void OnPause();
36 | virtual void OnContinue();
37 | virtual void OnShutdown();
38 | virtual BOOL OnUserControl(DWORD dwOpcode);
39 | void DebugMsg(const char* pszFormat, ...);
40 |
41 |
42 |
43 | // static member functions
44 | static void WINAPI ServiceMain(DWORD dwArgc, LPTSTR* lpszArgv);
45 | static void WINAPI Handler(DWORD dwOpcode);
46 |
47 |
48 | // data members
49 | char m_szServiceName[64];
50 | int m_iMajorVersion;
51 | int m_iMinorVersion;
52 | SERVICE_STATUS_HANDLE m_hServiceStatus;
53 | SERVICE_STATUS m_Status;
54 | BOOL m_bIsRunning;
55 |
56 | // static data
57 | static CNTService* m_pThis; // nasty hack to get object ptr
58 |
59 | private:
60 | HANDLE m_hEventSource;
61 |
62 | };
63 |
64 | #endif // _NTSERVICE_H_
65 |
--------------------------------------------------------------------------------
/Dual-processProtection/ExeProtect/WindowService/myservice.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/Dual-processProtection/ExeProtect/WindowService/myservice.cpp
--------------------------------------------------------------------------------
/Dual-processProtection/ExeProtect/WindowService/myservice.h:
--------------------------------------------------------------------------------
1 | // myservice.h
2 |
3 | #include "ntservice.h"
4 | class CMyService : public CNTService
5 | {
6 | public:
7 | CMyService();
8 | virtual BOOL OnInit();
9 | virtual void Run();
10 | virtual BOOL OnUserControl(DWORD dwOpcode);
11 |
12 | void SaveStatus();
13 |
14 | // Control parameters
15 | int m_iStartParam;
16 | int m_iIncParam;
17 |
18 | // Current state
19 | int m_iState ;
20 | };
21 |
--------------------------------------------------------------------------------
/Dual-processProtection/ExeProtect/WindowService/ntservmsg.h:
--------------------------------------------------------------------------------
1 | //
2 | // Values are 32 bit values layed out as follows:
3 | //
4 | // 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
5 | // 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
6 | // +---+-+-+-----------------------+-------------------------------+
7 | // |Sev|C|R| Facility | Code |
8 | // +---+-+-+-----------------------+-------------------------------+
9 | //
10 | // where
11 | //
12 | // Sev - is the severity code
13 | //
14 | // 00 - Success
15 | // 01 - Informational
16 | // 10 - Warning
17 | // 11 - Error
18 | //
19 | // C - is the Customer code flag
20 | //
21 | // R - is a reserved bit
22 | //
23 | // Facility - is the facility code
24 | //
25 | // Code - is the facility's status code
26 | //
27 | //
28 | // Define the facility codes
29 | //
30 |
31 |
32 | //
33 | // Define the severity codes
34 | //
35 |
36 |
37 | //
38 | // MessageId: EVMSG_INSTALLED
39 | //
40 | // MessageText:
41 | //
42 | // The %1 service was installed.
43 | //
44 | #define EVMSG_INSTALLED 0x00000064L
45 |
46 | //
47 | // MessageId: EVMSG_REMOVED
48 | //
49 | // MessageText:
50 | //
51 | // The %1 service was removed.
52 | //
53 | #define EVMSG_REMOVED 0x00000065L
54 |
55 | //
56 | // MessageId: EVMSG_NOTREMOVED
57 | //
58 | // MessageText:
59 | //
60 | // The %1 service could not be removed.
61 | //
62 | #define EVMSG_NOTREMOVED 0x00000066L
63 |
64 | //
65 | // MessageId: EVMSG_CTRLHANDLERNOTINSTALLED
66 | //
67 | // MessageText:
68 | //
69 | // The control handler could not be installed.
70 | //
71 | #define EVMSG_CTRLHANDLERNOTINSTALLED 0x00000067L
72 |
73 | //
74 | // MessageId: EVMSG_FAILEDINIT
75 | //
76 | // MessageText:
77 | //
78 | // The initialization process failed.
79 | //
80 | #define EVMSG_FAILEDINIT 0x00000068L
81 |
82 | //
83 | // MessageId: EVMSG_STARTED
84 | //
85 | // MessageText:
86 | //
87 | // The service was started.
88 | //
89 | #define EVMSG_STARTED 0x00000069L
90 |
91 | //
92 | // MessageId: EVMSG_BADREQUEST
93 | //
94 | // MessageText:
95 | //
96 | // The service received an unsupported request.
97 | //
98 | #define EVMSG_BADREQUEST 0x0000006AL
99 |
100 | //
101 | // MessageId: EVMSG_DEBUG
102 | //
103 | // MessageText:
104 | //
105 | // Debug: %1
106 | //
107 | #define EVMSG_DEBUG 0x0000006BL
108 |
109 | //
110 | // MessageId: EVMSG_STOPPED
111 | //
112 | // MessageText:
113 | //
114 | // The service was stopped.
115 | //
116 | #define EVMSG_STOPPED 0x0000006CL
117 |
118 |
--------------------------------------------------------------------------------
/Dual-processProtection/ExeProtect/resource.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/Dual-processProtection/ExeProtect/resource.h
--------------------------------------------------------------------------------
/Dual-processProtection/TempProcess/LogFile.h:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 |
4 | class CMyLogFile
5 | {
6 | public:
7 | char *m_strFile;
8 | public:
9 | CMyLogFile()
10 | {
11 | m_strFile = NULL;
12 | };
13 | ~CMyLogFile(){if(m_strFile) delete m_strFile;};
14 | void SetFileName(char *strFile)
15 | {
16 | if (m_strFile == NULL)
17 | {
18 | m_strFile = new char[strlen(strFile)+1];
19 | strcpy(m_strFile,strFile);
20 | }
21 | };
22 | void Init()
23 | {
24 | if(m_strFile == NULL)
25 | return;
26 | FILE *file = NULL;
27 | file = fopen(m_strFile,"w");
28 | if (file != NULL)
29 | {
30 | fclose(file);
31 | }
32 | };
33 | void WriteLine(char *strline)
34 | {
35 | if(m_strFile==NULL)
36 | return;
37 |
38 | FILE *file = NULL;
39 | file = fopen(m_strFile,"rt+");
40 | if (file != NULL)
41 | {
42 | fseek(file, 0L, SEEK_END);
43 | fwrite( strline, sizeof(char),strlen(strline)+1, file );
44 | fclose(file);
45 | }
46 | };
47 | };
--------------------------------------------------------------------------------
/Dual-processProtection/TempProcess/TempProcess.dsp:
--------------------------------------------------------------------------------
1 | # Microsoft Developer Studio Project File - Name="TempProcess" - Package Owner=<4>
2 | # Microsoft Developer Studio Generated Build File, Format Version 6.00
3 | # ** DO NOT EDIT **
4 |
5 | # TARGTYPE "Win32 (x86) Console Application" 0x0103
6 |
7 | CFG=TempProcess - Win32 Debug
8 | !MESSAGE This is not a valid makefile. To build this project using NMAKE,
9 | !MESSAGE use the Export Makefile command and run
10 | !MESSAGE
11 | !MESSAGE NMAKE /f "TempProcess.mak".
12 | !MESSAGE
13 | !MESSAGE You can specify a configuration when running NMAKE
14 | !MESSAGE by defining the macro CFG on the command line. For example:
15 | !MESSAGE
16 | !MESSAGE NMAKE /f "TempProcess.mak" CFG="TempProcess - Win32 Debug"
17 | !MESSAGE
18 | !MESSAGE Possible choices for configuration are:
19 | !MESSAGE
20 | !MESSAGE "TempProcess - Win32 Release" (based on "Win32 (x86) Console Application")
21 | !MESSAGE "TempProcess - Win32 Debug" (based on "Win32 (x86) Console Application")
22 | !MESSAGE
23 |
24 | # Begin Project
25 | # PROP AllowPerConfigDependencies 0
26 | # PROP Scc_ProjName ""
27 | # PROP Scc_LocalPath ""
28 | CPP=cl.exe
29 | RSC=rc.exe
30 |
31 | !IF "$(CFG)" == "TempProcess - Win32 Release"
32 |
33 | # PROP BASE Use_MFC 0
34 | # PROP BASE Use_Debug_Libraries 0
35 | # PROP BASE Output_Dir "Release"
36 | # PROP BASE Intermediate_Dir "Release"
37 | # PROP BASE Target_Dir ""
38 | # PROP Use_MFC 0
39 | # PROP Use_Debug_Libraries 0
40 | # PROP Output_Dir "Release"
41 | # PROP Intermediate_Dir "Release"
42 | # PROP Target_Dir ""
43 | # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
44 | # ADD CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
45 | # ADD BASE RSC /l 0x804 /d "NDEBUG"
46 | # ADD RSC /l 0x804 /d "NDEBUG"
47 | BSC32=bscmake.exe
48 | # ADD BASE BSC32 /nologo
49 | # ADD BSC32 /nologo
50 | LINK32=link.exe
51 | # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
52 | # ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
53 |
54 | !ELSEIF "$(CFG)" == "TempProcess - Win32 Debug"
55 |
56 | # PROP BASE Use_MFC 0
57 | # PROP BASE Use_Debug_Libraries 1
58 | # PROP BASE Output_Dir "Debug"
59 | # PROP BASE Intermediate_Dir "Debug"
60 | # PROP BASE Target_Dir ""
61 | # PROP Use_MFC 0
62 | # PROP Use_Debug_Libraries 1
63 | # PROP Output_Dir "Debug"
64 | # PROP Intermediate_Dir "Debug"
65 | # PROP Target_Dir ""
66 | # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
67 | # ADD CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
68 | # ADD BASE RSC /l 0x804 /d "_DEBUG"
69 | # ADD RSC /l 0x804 /d "_DEBUG"
70 | BSC32=bscmake.exe
71 | # ADD BASE BSC32 /nologo
72 | # ADD BSC32 /nologo
73 | LINK32=link.exe
74 | # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
75 | # ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
76 |
77 | !ENDIF
78 |
79 | # Begin Target
80 |
81 | # Name "TempProcess - Win32 Release"
82 | # Name "TempProcess - Win32 Debug"
83 | # Begin Group "Source Files"
84 |
85 | # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
86 | # End Group
87 | # Begin Group "Header Files"
88 |
89 | # PROP Default_Filter "h;hpp;hxx;hm;inl"
90 | # End Group
91 | # Begin Group "Resource Files"
92 |
93 | # PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
94 | # End Group
95 | # End Target
96 | # End Project
97 |
--------------------------------------------------------------------------------
/Dual-processProtection/TempProcess/TempProcess.dsw:
--------------------------------------------------------------------------------
1 | Microsoft Developer Studio Workspace File, Format Version 6.00
2 | # WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
3 |
4 | ###############################################################################
5 |
6 | Project: "TempProcess"=.\TempProcess.dsp - Package Owner=<4>
7 |
8 | Package=<5>
9 | {{{
10 | }}}
11 |
12 | Package=<4>
13 | {{{
14 | }}}
15 |
16 | ###############################################################################
17 |
18 | Global:
19 |
20 | Package=<5>
21 | {{{
22 | }}}
23 |
24 | Package=<3>
25 | {{{
26 | }}}
27 |
28 | ###############################################################################
29 |
30 |
--------------------------------------------------------------------------------
/Dual-processProtection/TempProcess/TempProcess.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/Dual-processProtection/TempProcess/TempProcess.rc
--------------------------------------------------------------------------------
/Dual-processProtection/TempProcess/TempProcess.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 9.00
3 | # Visual Studio 2005
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TempProcess", "TempProcess.vcproj", "{79CB1AC3-0D0E-4783-941D-58CE33C87A7E}"
5 | EndProject
6 | Global
7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
8 | Debug|Win32 = Debug|Win32
9 | Release|Win32 = Release|Win32
10 | EndGlobalSection
11 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
12 | {79CB1AC3-0D0E-4783-941D-58CE33C87A7E}.Debug|Win32.ActiveCfg = Debug|Win32
13 | {79CB1AC3-0D0E-4783-941D-58CE33C87A7E}.Debug|Win32.Build.0 = Debug|Win32
14 | {79CB1AC3-0D0E-4783-941D-58CE33C87A7E}.Release|Win32.ActiveCfg = Release|Win32
15 | {79CB1AC3-0D0E-4783-941D-58CE33C87A7E}.Release|Win32.Build.0 = Release|Win32
16 | EndGlobalSection
17 | GlobalSection(SolutionProperties) = preSolution
18 | HideSolutionNode = FALSE
19 | EndGlobalSection
20 | EndGlobal
21 |
--------------------------------------------------------------------------------
/Dual-processProtection/TempProcess/TempProcess.vcproj:
--------------------------------------------------------------------------------
1 |
2 |
9 |
10 |
13 |
14 |
15 |
16 |
17 |
27 |
30 |
33 |
36 |
39 |
44 |
59 |
62 |
67 |
70 |
80 |
83 |
86 |
89 |
94 |
97 |
100 |
103 |
106 |
107 |
117 |
120 |
123 |
126 |
129 |
134 |
149 |
152 |
157 |
160 |
169 |
172 |
175 |
178 |
183 |
186 |
189 |
192 |
195 |
196 |
197 |
198 |
199 |
200 |
204 |
207 |
208 |
211 |
212 |
215 |
216 |
217 |
221 |
224 |
225 |
228 |
229 |
232 |
233 |
236 |
237 |
238 |
242 |
243 |
244 |
245 |
246 |
247 |
--------------------------------------------------------------------------------
/Dual-processProtection/TempProcess/TempProcess.vcproj.ST.Administrator.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/Dual-processProtection/TempProcess/main.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/Dual-processProtection/TempProcess/main.cpp
--------------------------------------------------------------------------------
/Dual-processProtection/TempProcess/main.h:
--------------------------------------------------------------------------------
1 |
2 | #if !defined(AFX_FRPO_H__FD6FBE56_4232_49EB_98C9_990CE9E02374__INCLUDED_)
3 | #define AFX_FRPO_H__FD6FBE56_4232_49EB_98C9_990CE9E02374__INCLUDED_
4 |
5 | #if _MSC_VER > 1000
6 | #pragma once
7 | #endif // _MSC_VER > 1000
8 |
9 |
10 |
11 |
12 | #endif // !defined(AFX_FRPO_H__FD6FBE56_4232_49EB_98C9_990CE9E02374__INCLUDED_)
13 |
--------------------------------------------------------------------------------
/Dual-processProtection/TempProcess/resource.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/Dual-processProtection/TempProcess/resource.h
--------------------------------------------------------------------------------
/Dual-processProtection/TempProcess/stdafx.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/Dual-processProtection/TempProcess/stdafx.cpp
--------------------------------------------------------------------------------
/Dual-processProtection/TempProcess/stdafx.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/Dual-processProtection/TempProcess/stdafx.h
--------------------------------------------------------------------------------
/Dual-processProtection/bin/release/ExeProtect.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/Dual-processProtection/bin/release/ExeProtect.exe
--------------------------------------------------------------------------------
/Dual-processProtection/bin/release/ProcessSet.ini:
--------------------------------------------------------------------------------
1 | [Setting]
2 | Protect=1
3 |
--------------------------------------------------------------------------------
/Dual-processProtection/bin/release/SafeProcess.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/Dual-processProtection/bin/release/SafeProcess.exe
--------------------------------------------------------------------------------
/Dual-processProtection/bin/release/TempProcess.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/Dual-processProtection/bin/release/TempProcess.exe
--------------------------------------------------------------------------------
/Dual-processProtection/safeprocess/SafeProcess.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/Dual-processProtection/safeprocess/SafeProcess.cpp
--------------------------------------------------------------------------------
/Dual-processProtection/safeprocess/SafeProcess.dsp:
--------------------------------------------------------------------------------
1 | # Microsoft Developer Studio Project File - Name="SafeProcess" - Package Owner=<4>
2 | # Microsoft Developer Studio Generated Build File, Format Version 6.00
3 | # ** DO NOT EDIT **
4 |
5 | # TARGTYPE "Win32 (x86) Console Application" 0x0103
6 |
7 | CFG=SafeProcess - Win32 Debug
8 | !MESSAGE This is not a valid makefile. To build this project using NMAKE,
9 | !MESSAGE use the Export Makefile command and run
10 | !MESSAGE
11 | !MESSAGE NMAKE /f "SafeProcess.mak".
12 | !MESSAGE
13 | !MESSAGE You can specify a configuration when running NMAKE
14 | !MESSAGE by defining the macro CFG on the command line. For example:
15 | !MESSAGE
16 | !MESSAGE NMAKE /f "SafeProcess.mak" CFG="SafeProcess - Win32 Debug"
17 | !MESSAGE
18 | !MESSAGE Possible choices for configuration are:
19 | !MESSAGE
20 | !MESSAGE "SafeProcess - Win32 Release" (based on "Win32 (x86) Console Application")
21 | !MESSAGE "SafeProcess - Win32 Debug" (based on "Win32 (x86) Console Application")
22 | !MESSAGE
23 |
24 | # Begin Project
25 | # PROP AllowPerConfigDependencies 0
26 | # PROP Scc_ProjName ""
27 | # PROP Scc_LocalPath ""
28 | CPP=cl.exe
29 | RSC=rc.exe
30 |
31 | !IF "$(CFG)" == "SafeProcess - Win32 Release"
32 |
33 | # PROP BASE Use_MFC 0
34 | # PROP BASE Use_Debug_Libraries 0
35 | # PROP BASE Output_Dir "Release"
36 | # PROP BASE Intermediate_Dir "Release"
37 | # PROP BASE Target_Dir ""
38 | # PROP Use_MFC 0
39 | # PROP Use_Debug_Libraries 0
40 | # PROP Output_Dir "Release"
41 | # PROP Intermediate_Dir "Release"
42 | # PROP Target_Dir ""
43 | # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
44 | # ADD CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
45 | # ADD BASE RSC /l 0x804 /d "NDEBUG"
46 | # ADD RSC /l 0x804 /d "NDEBUG"
47 | BSC32=bscmake.exe
48 | # ADD BASE BSC32 /nologo
49 | # ADD BSC32 /nologo
50 | LINK32=link.exe
51 | # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
52 | # ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
53 |
54 | !ELSEIF "$(CFG)" == "SafeProcess - Win32 Debug"
55 |
56 | # PROP BASE Use_MFC 0
57 | # PROP BASE Use_Debug_Libraries 1
58 | # PROP BASE Output_Dir "Debug"
59 | # PROP BASE Intermediate_Dir "Debug"
60 | # PROP BASE Target_Dir ""
61 | # PROP Use_MFC 0
62 | # PROP Use_Debug_Libraries 1
63 | # PROP Output_Dir "Debug"
64 | # PROP Intermediate_Dir "Debug"
65 | # PROP Target_Dir ""
66 | # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
67 | # ADD CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
68 | # ADD BASE RSC /l 0x804 /d "_DEBUG"
69 | # ADD RSC /l 0x804 /d "_DEBUG"
70 | BSC32=bscmake.exe
71 | # ADD BASE BSC32 /nologo
72 | # ADD BSC32 /nologo
73 | LINK32=link.exe
74 | # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
75 | # ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
76 |
77 | !ENDIF
78 |
79 | # Begin Target
80 |
81 | # Name "SafeProcess - Win32 Release"
82 | # Name "SafeProcess - Win32 Debug"
83 | # Begin Group "Source Files"
84 |
85 | # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
86 | # End Group
87 | # Begin Group "Header Files"
88 |
89 | # PROP Default_Filter "h;hpp;hxx;hm;inl"
90 | # End Group
91 | # Begin Group "Resource Files"
92 |
93 | # PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
94 | # End Group
95 | # End Target
96 | # End Project
97 |
--------------------------------------------------------------------------------
/Dual-processProtection/safeprocess/SafeProcess.dsw:
--------------------------------------------------------------------------------
1 | Microsoft Developer Studio Workspace File, Format Version 6.00
2 | # WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
3 |
4 | ###############################################################################
5 |
6 | Project: "SafeProcess"=".\SafeProcess.dsp" - Package Owner=<4>
7 |
8 | Package=<5>
9 | {{{
10 | }}}
11 |
12 | Package=<4>
13 | {{{
14 | }}}
15 |
16 | ###############################################################################
17 |
18 | Global:
19 |
20 | Package=<5>
21 | {{{
22 | }}}
23 |
24 | Package=<3>
25 | {{{
26 | }}}
27 |
28 | ###############################################################################
29 |
30 |
--------------------------------------------------------------------------------
/Dual-processProtection/safeprocess/SafeProcess.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/Dual-processProtection/safeprocess/SafeProcess.rc
--------------------------------------------------------------------------------
/Dual-processProtection/safeprocess/SafeProcess.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 9.00
3 | # Visual Studio 2005
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SafeProcess", "SafeProcess.vcproj", "{4338E270-CE31-468E-A3DF-288ADF83BE85}"
5 | EndProject
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TempProcess", "..\TempProcess\TempProcess.vcproj", "{79CB1AC3-0D0E-4783-941D-58CE33C87A7E}"
7 | EndProject
8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ExeProtect", "..\ExeProtect\Frpo.vcproj", "{70E4CA32-1890-48F7-9D64-8AFDA8933FE3}"
9 | EndProject
10 | Global
11 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
12 | Debug|Win32 = Debug|Win32
13 | Release|Win32 = Release|Win32
14 | EndGlobalSection
15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | {4338E270-CE31-468E-A3DF-288ADF83BE85}.Debug|Win32.ActiveCfg = Debug|Win32
17 | {4338E270-CE31-468E-A3DF-288ADF83BE85}.Debug|Win32.Build.0 = Debug|Win32
18 | {4338E270-CE31-468E-A3DF-288ADF83BE85}.Release|Win32.ActiveCfg = Release|Win32
19 | {4338E270-CE31-468E-A3DF-288ADF83BE85}.Release|Win32.Build.0 = Release|Win32
20 | {79CB1AC3-0D0E-4783-941D-58CE33C87A7E}.Debug|Win32.ActiveCfg = Debug|Win32
21 | {79CB1AC3-0D0E-4783-941D-58CE33C87A7E}.Debug|Win32.Build.0 = Debug|Win32
22 | {79CB1AC3-0D0E-4783-941D-58CE33C87A7E}.Release|Win32.ActiveCfg = Release|Win32
23 | {79CB1AC3-0D0E-4783-941D-58CE33C87A7E}.Release|Win32.Build.0 = Release|Win32
24 | {70E4CA32-1890-48F7-9D64-8AFDA8933FE3}.Debug|Win32.ActiveCfg = Debug|Win32
25 | {70E4CA32-1890-48F7-9D64-8AFDA8933FE3}.Debug|Win32.Build.0 = Debug|Win32
26 | {70E4CA32-1890-48F7-9D64-8AFDA8933FE3}.Release|Win32.ActiveCfg = Release|Win32
27 | {70E4CA32-1890-48F7-9D64-8AFDA8933FE3}.Release|Win32.Build.0 = Release|Win32
28 | EndGlobalSection
29 | GlobalSection(SolutionProperties) = preSolution
30 | HideSolutionNode = FALSE
31 | EndGlobalSection
32 | EndGlobal
33 |
--------------------------------------------------------------------------------
/Dual-processProtection/safeprocess/SafeProcess.vcproj:
--------------------------------------------------------------------------------
1 |
2 |
8 |
9 |
12 |
13 |
14 |
15 |
16 |
26 |
29 |
32 |
35 |
38 |
43 |
58 |
61 |
66 |
69 |
78 |
81 |
84 |
87 |
92 |
95 |
98 |
101 |
104 |
105 |
115 |
118 |
121 |
124 |
127 |
132 |
147 |
150 |
155 |
158 |
168 |
171 |
174 |
177 |
182 |
185 |
188 |
191 |
194 |
195 |
196 |
197 |
198 |
199 |
203 |
206 |
207 |
210 |
211 |
212 |
216 |
219 |
220 |
221 |
225 |
226 |
229 |
232 |
233 |
236 |
237 |
238 |
239 |
240 |
241 |
242 |
--------------------------------------------------------------------------------
/Dual-processProtection/safeprocess/SafeProcess.vcproj.ST.Administrator.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/Dual-processProtection/safeprocess/SafeProcess/ProProcess.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/Dual-processProtection/safeprocess/SafeProcess/ProProcess.cpp
--------------------------------------------------------------------------------
/Dual-processProtection/safeprocess/SafeProcess/ProProcess.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/Dual-processProtection/safeprocess/SafeProcess/ProProcess.h
--------------------------------------------------------------------------------
/Dual-processProtection/safeprocess/SafeProcess/ProcessType.cpp:
--------------------------------------------------------------------------------
1 | // ProcessType.cpp: implementation of the CProcessType class.
2 | //
3 | //////////////////////////////////////////////////////////////////////
4 |
5 | #include "stdafx.h"
6 | //#include "fastrun.h"
7 | #include "ProcessType.h"
8 | #include
9 | #include "RunType.h"
10 |
11 |
12 | #ifdef _DEBUG
13 | #undef THIS_FILE
14 | static char THIS_FILE[]=__FILE__;
15 | #define new DEBUG_NEW
16 | #endif
17 |
18 | #define DEFAULT_BUFFER_LENGTH 10
19 | #define DEFAULT_BUFFER_INCREASE_STEP 3
20 |
21 | //extern CRunType g_rtKernel;
22 | extern CEvent g_Event;
23 |
24 | //////////////////////////////////////////////////////////////////////
25 | // Construction/Destruction
26 | //////////////////////////////////////////////////////////////////////
27 |
28 | BOOL CALLBACK EnumThreadWndProc(HWND hwnd,LPARAM);
29 |
30 | CProcessType::CProcessType()
31 | {
32 | m_nBufferLength = DEFAULT_BUFFER_LENGTH;
33 | m_nCurrentLength = 0;
34 |
35 | m_pProcessTypeBuffer = new ProcessType[m_nBufferLength];
36 | }
37 |
38 | CProcessType::~CProcessType()
39 | {
40 | if(m_pProcessTypeBuffer)
41 | delete [] m_pProcessTypeBuffer;
42 | }
43 |
44 | pProcessType CProcessType::GetBufferPoint(int nIndex)
45 | {
46 | if(!IsIndexValid(nIndex))
47 | return NULL;
48 |
49 | return m_pProcessTypeBuffer + nIndex;
50 | }
51 |
52 | BOOL CProcessType::TerminateAProcess(int nIndex)
53 | {
54 | if(!IsIndexValid(nIndex))
55 | return FALSE;
56 |
57 | //::PostThreadMessage (m_pProcessTypeBuffer[nIndex].dwThreadId,WM_CLOSE,0,0);
58 | EnumThreadWindows(m_pProcessTypeBuffer[nIndex].dwThreadId,(WNDENUMPROC)EnumThreadWndProc,0);
59 |
60 | DWORD dwResult = ::WaitForSingleObject (m_pProcessTypeBuffer[nIndex].hThread,1000);
61 |
62 | if(dwResult == WAIT_TIMEOUT)
63 | ::TerminateProcess (m_pProcessTypeBuffer[nIndex].hProcess,0);
64 | return TRUE;
65 | }
66 |
67 | BOOL CALLBACK EnumThreadWndProc(HWND hwnd,LPARAM)
68 | {
69 | SendMessage(hwnd,WM_CLOSE,0,0);
70 |
71 | return TRUE;
72 | }
--------------------------------------------------------------------------------
/Dual-processProtection/safeprocess/SafeProcess/ProcessType.h:
--------------------------------------------------------------------------------
1 | // ProcessType.h: interface for the CProcessType class.
2 | //
3 | //////////////////////////////////////////////////////////////////////
4 |
5 | #if !defined(AFX_PROCESSTYPE_H__647E2FAE_4F79_440F_8096_3CFE85A69244__INCLUDED_)
6 | #define AFX_PROCESSTYPE_H__647E2FAE_4F79_440F_8096_3CFE85A69244__INCLUDED_
7 |
8 | #if _MSC_VER > 1000
9 | #pragma once
10 | #endif // _MSC_VER > 1000
11 |
12 | //#include "fastrun.h"
13 |
14 | typedef struct ProcessType
15 | {
16 | TCHAR strName[52];
17 | HANDLE hProcess;
18 | HANDLE hThread;
19 | DWORD dwProcessId;
20 | DWORD dwThreadId;
21 | } ProcessType,*pProcessType;
22 |
23 | class CProcessType
24 | {
25 | public:
26 | CProcessType();
27 | virtual ~CProcessType();
28 | int GetCurrentProcessNumber() const { return m_nCurrentLength;}
29 | pProcessType GetBufferPoint(int nIndex);
30 | BOOL TerminateAProcess(int nIndex);
31 | private:
32 | BOOL IsIndexValid(int nIndex)
33 | {
34 | if(nIndex <0 || nIndex>= m_nCurrentLength)
35 | {
36 | ASSERT(0);
37 | return FALSE;
38 | }
39 | return TRUE;
40 | }
41 |
42 | private:
43 | pProcessType m_pProcessTypeBuffer;
44 | int m_nCurrentLength;
45 | int m_nBufferLength;
46 | };
47 |
48 | #endif // !defined(AFX_PROCESSTYPE_H__647E2FAE_4F79_440F_8096_3CFE85A69244__INCLUDED_)
49 |
--------------------------------------------------------------------------------
/Dual-processProtection/safeprocess/SafeProcess/RunType.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/Dual-processProtection/safeprocess/SafeProcess/RunType.cpp
--------------------------------------------------------------------------------
/Dual-processProtection/safeprocess/SafeProcess/RunType.h:
--------------------------------------------------------------------------------
1 | // RunType.h: interface for the CRunType class.
2 | //
3 | //////////////////////////////////////////////////////////////////////
4 |
5 | #if !defined(AFX_RUNTYPE_H__09E7C1EA_283F_4B86_9D98_2364A9F9735B__INCLUDED_)
6 | #define AFX_RUNTYPE_H__09E7C1EA_283F_4B86_9D98_2364A9F9735B__INCLUDED_
7 |
8 | #if _MSC_VER > 1000
9 | #pragma once
10 | #endif // _MSC_VER > 1000
11 |
12 |
13 | typedef struct RunType
14 | {
15 | BOOL bRuned;
16 | BOOL bAutoRun;
17 | int nShowMode;
18 | int nHour;
19 | int nMinute;
20 | BOOL bRunWithTime;
21 | UINT uHotKeyID;
22 | UINT uHotKeyVk;
23 | UINT uHotKeyFlag;
24 | TCHAR strFilePath[256];
25 | TCHAR strName[52];
26 | } RunType,*pRunType;
27 |
28 | typedef struct SuperType
29 | {
30 | BOOL bEnable;
31 | BOOL bPrompt;
32 | int nHour;
33 | int nMinute;
34 | int nTask;
35 | int nAheadMinutes;
36 | // DWORD dwReserve;
37 | } SuperType, *pSuperType;
38 |
39 | class CRunType
40 | {
41 | public:
42 | CRunType();
43 | virtual ~CRunType();
44 |
45 | BOOL RegisterAllItemsHotKey();
46 | void UnRegisterAllItemsHotKey();
47 |
48 | int SearchTheID(UINT uID);
49 | void PostRunWithMessage();
50 |
51 | BOOL IsBufferEmpty() { return (m_nCurrentLength == 0);}
52 | int GetCurrentLength() const { return m_nCurrentLength;}
53 |
54 | void ThreadChecking();
55 | void GetMainWndHandle(HWND hWnd)
56 | {
57 | ASSERT(IsWindow(hWnd));
58 | m_hMainWnd = hWnd;
59 | }
60 |
61 | pSuperType GetSuperTypeBufferHead() { return m_stSuperTypeBuffer;}
62 |
63 | int GetSuperTypeTask(int nIndex);
64 | private:
65 | BOOL IsIndexValid(int nIndex)
66 | {
67 | if(nIndex <0 || nIndex>= m_nCurrentLength)
68 | {
69 | ASSERT(0);
70 | return FALSE;
71 | }
72 | return TRUE;
73 | }
74 |
75 | void SetHotKeyName(LPTSTR source, WORD vk, WORD flag);
76 | private:
77 | pRunType m_pRunTypeBuffer;
78 | SuperType m_stSuperTypeBuffer[7];
79 | int m_nBufferLength;
80 | int m_nCurrentLength;
81 | HWND m_hMainWnd;
82 | };
83 |
84 | #endif // !defined(AFX_RUNTYPE_H__09E7C1EA_283F_4B86_9D98_2364A9F9735B__INCLUDED_)
85 |
--------------------------------------------------------------------------------
/Dual-processProtection/safeprocess/resource.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/Dual-processProtection/safeprocess/resource.h
--------------------------------------------------------------------------------
/Dual-processProtection/说明.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/Dual-processProtection/说明.txt
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/DetourDll/DetourDll.cpp:
--------------------------------------------------------------------------------
1 | // DetourDll.cpp : Defines the entry point for the DLL application.
2 | //
3 |
4 | #include "stdafx.h"
5 | #include "stdio.h"
6 |
7 | #include "DetourDll.h"
8 |
9 | #include "detours.h" //the main API header of detours
10 |
11 | #pragma comment(lib,"detours.lib")
12 |
13 |
14 | //////////////////////////////////////////////////////////////////////////
15 | //custom API hook code here
16 | //////////////////////////////////////////////////////////////////////////
17 |
18 | //hook
19 | //HANDLE WINAPI OpenProcess(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId )
20 | HANDLE WINAPI CopyOpenProcess(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId );
21 | DETOUR_TRAMPOLINE(HANDLE WINAPI CopyOpenProcess(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId ), OpenProcess);
22 | HANDLE WINAPI MyOpenProcess(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId )
23 | {
24 | if (dwProcessId == GetPID())
25 | {
26 | return NULL;
27 | }
28 | HANDLE nResult=CopyOpenProcess(dwDesiredAccess,bInheritHandle,dwProcessId); //call origin function
29 | return nResult;
30 | }
31 |
32 | BOOL WINAPI CopyTerminateProcess(HANDLE hProcess,DWORD uExitCode);
33 | DETOUR_TRAMPOLINE(BOOL WINAPI CopyTerminateProcess(HANDLE hProcess,DWORD uExitCode), TerminateProcess);
34 | BOOL WINAPI MyTerminateProcess(HANDLE hProcess,DWORD uExitCode)
35 | {
36 | HANDLE handle=::OpenProcess(PROCESS_ALL_ACCESS,true,GetPID());
37 | if (hProcess == handle)
38 | {
39 | return FALSE;
40 | }
41 | return CopyTerminateProcess(hProcess,uExitCode); //call origin function
42 | }
43 |
44 | //////////////////////////////////////////////////////////////////////////
45 |
46 |
47 | BOOL APIENTRY DllMain( HANDLE hModule,
48 | DWORD ul_reason_for_call,
49 | LPVOID lpReserved
50 | )
51 | {
52 | switch (ul_reason_for_call)
53 | {
54 | case DLL_PROCESS_ATTACH:
55 | OutputDebugString("Detour dll Load!");
56 | DetourFunctionWithTrampoline((PBYTE)CopyOpenProcess, (PBYTE)MyOpenProcess);
57 | break;
58 | case DLL_THREAD_ATTACH:
59 | break;
60 | case DLL_THREAD_DETACH:
61 | break;
62 | case DLL_PROCESS_DETACH:
63 | OutputDebugString("Detour dll Exit!");
64 | DetourRemove((PBYTE)CopyOpenProcess, (PBYTE)MyOpenProcess);
65 | break;
66 | }
67 | return TRUE;
68 | }
69 |
70 |
71 | LRESULT WINAPI MsgProc(int code, WPARAM wParam, LPARAM lParam)
72 | {
73 | //note :on windows 2k ,the 1st paramter to CallNextHookEx can be NULL
74 | //On win 98 ,it must be the hook handle
75 | return(CallNextHookEx(NULL,code,wParam,lParam));
76 | }
77 |
78 |
79 | void SetPID(DWORD dwPID)
80 | {
81 | // CHAR str[1024]="";
82 | // wsprintf(str,"%d",dwPID);
83 | // OutputDebugString(str);
84 |
85 | HKEY hKey=NULL;
86 | RegCreateKey(HKEY_LOCAL_MACHINE,"SOFTWARE\\Peter\\DetourHook",&hKey);
87 | RegSetValueEx(hKey,NULL,0,REG_DWORD,(const LPBYTE)&dwPID,4); //set value!!
88 | RegCloseKey(hKey);
89 | }
90 |
91 |
92 | DWORD GetPID()
93 | {
94 | DWORD dwPID=0;
95 |
96 |
97 | DWORD dwType=REG_DWORD;
98 | DWORD dwSize=4;
99 |
100 | HKEY hKey=NULL;
101 | RegCreateKey(HKEY_LOCAL_MACHINE,"SOFTWARE\\Peter\\DetourHook",&hKey);
102 | RegQueryValueEx(hKey,NULL,0,&dwType,(LPBYTE)&dwPID,&dwSize); //get value!!
103 | RegCloseKey(hKey);
104 |
105 | return dwPID;
106 | }
107 |
108 | //yacki added
109 | HOOKPROC hkprcMsgProc=NULL; //the pointer of MsgProc()
110 | static HINSTANCE hinstDLL=NULL; //the handle of dll!
111 | static HHOOK hhookMsg=NULL; //the handle of hook!
112 |
113 | typedef void (*SETPID)(DWORD nPID);
114 | void LoadProcess()
115 | {
116 | hinstDLL = LoadLibrary((LPCTSTR)"NoKillDll.dll"); //hookdll.dll is in the same path
117 |
118 | SETPID fnSetPID=(SETPID)GetProcAddress(hinstDLL,"SetPID");
119 | if (NULL == fnSetPID)
120 | {
121 | return;
122 | }
123 | (fnSetPID)(GetCurrentProcessId());
124 |
125 | hkprcMsgProc = (HOOKPROC)GetProcAddress(hinstDLL, "MsgProc"); //get pointer of msg proc
126 | hhookMsg = SetWindowsHookEx(WH_GETMESSAGE,hkprcMsgProc,hinstDLL,0); //0 mean hook all process! you can specify a process id,hook one process!
127 | //unsigned long id = GetCurrentProcessId();
128 | //printf("%l",GetCurrentProcessId());
129 | }
130 |
131 | void UnLoadProcess()
132 | {
133 | if (hhookMsg)
134 | {
135 | UnhookWindowsHookEx(hhookMsg); //uninstall hook!!
136 | }
137 | }
138 |
139 |
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/DetourDll/DetourDll.def:
--------------------------------------------------------------------------------
1 | EXPORTS
2 | ;dll export functions
3 | MsgProc
4 | SetPID
5 | LoadProcess
6 | UnLoadProcess
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/DetourDll/DetourDll.dsp:
--------------------------------------------------------------------------------
1 | # Microsoft Developer Studio Project File - Name="DetourDll" - Package Owner=<4>
2 | # Microsoft Developer Studio Generated Build File, Format Version 6.00
3 | # ** DO NOT EDIT **
4 |
5 | # TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
6 |
7 | CFG=DETOURDLL - WIN32 RELEASE
8 | !MESSAGE This is not a valid makefile. To build this project using NMAKE,
9 | !MESSAGE use the Export Makefile command and run
10 | !MESSAGE
11 | !MESSAGE NMAKE /f "DetourDll.mak".
12 | !MESSAGE
13 | !MESSAGE You can specify a configuration when running NMAKE
14 | !MESSAGE by defining the macro CFG on the command line. For example:
15 | !MESSAGE
16 | !MESSAGE NMAKE /f "DetourDll.mak" CFG="DETOURDLL - WIN32 RELEASE"
17 | !MESSAGE
18 | !MESSAGE Possible choices for configuration are:
19 | !MESSAGE
20 | !MESSAGE "DetourDll - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
21 | !MESSAGE
22 |
23 | # Begin Project
24 | # PROP AllowPerConfigDependencies 0
25 | # PROP Scc_ProjName ""
26 | # PROP Scc_LocalPath ""
27 | CPP=cl.exe
28 | MTL=midl.exe
29 | RSC=rc.exe
30 | # PROP BASE Use_MFC 0
31 | # PROP BASE Use_Debug_Libraries 0
32 | # PROP BASE Output_Dir "Release"
33 | # PROP BASE Intermediate_Dir "Release"
34 | # PROP BASE Target_Dir ""
35 | # PROP Use_MFC 0
36 | # PROP Use_Debug_Libraries 0
37 | # PROP Output_Dir "Release"
38 | # PROP Intermediate_Dir "Release"
39 | # PROP Ignore_Export_Lib 0
40 | # PROP Target_Dir ""
41 | # ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "DETOURDLL_EXPORTS" /Yu"stdafx.h" /FD /c
42 | # ADD CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "DETOURDLL_EXPORTS" /FD /c
43 | # SUBTRACT CPP /YX /Yc /Yu
44 | # ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
45 | # ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
46 | # ADD BASE RSC /l 0x804 /d "NDEBUG"
47 | # ADD RSC /l 0x804 /d "NDEBUG"
48 | BSC32=bscmake.exe
49 | # ADD BASE BSC32 /nologo
50 | # ADD BSC32 /nologo
51 | LINK32=link.exe
52 | # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /machine:I386
53 | # ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /machine:I386 /out:"../../bin/NoKillDll.dll"
54 | # Begin Target
55 |
56 | # Name "DetourDll - Win32 Release"
57 | # Begin Group "Source Files"
58 |
59 | # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
60 | # Begin Source File
61 |
62 | SOURCE=.\DetourDll.cpp
63 | # End Source File
64 | # Begin Source File
65 |
66 | SOURCE=.\DetourDll.def
67 | # End Source File
68 | # Begin Source File
69 |
70 | SOURCE=.\StdAfx.cpp
71 | # ADD CPP /Yc"stdafx.h"
72 | # End Source File
73 | # End Group
74 | # Begin Group "Header Files"
75 |
76 | # PROP Default_Filter "h;hpp;hxx;hm;inl"
77 | # Begin Source File
78 |
79 | SOURCE=.\DetourDll.h
80 | # End Source File
81 | # Begin Source File
82 |
83 | SOURCE=.\StdAfx.h
84 | # End Source File
85 | # End Group
86 | # Begin Group "Resource Files"
87 |
88 | # PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
89 | # End Group
90 | # Begin Source File
91 |
92 | SOURCE=.\ReadMe.txt
93 | # End Source File
94 | # End Target
95 | # End Project
96 |
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/DetourDll/DetourDll.h:
--------------------------------------------------------------------------------
1 |
2 | // The following ifdef block is the standard way of creating macros which make exporting
3 | // from a DLL simpler. All files within this DLL are compiled with the DETOURDLL_EXPORTS
4 | // symbol defined on the command line. this symbol should not be defined on any project
5 | // that uses this DLL. This way any other project whose source files include this file see
6 | // DETOURDLL_API functions as being imported from a DLL, wheras this DLL sees symbols
7 | // defined with this macro as being exported.
8 | #define DETOURDLL_EXPORTS
9 | #ifdef DETOURDLL_EXPORTS
10 | #define DETOURDLL_API __declspec(dllexport)
11 | #else
12 | #define DETOURDLL_API __declspec(dllimport)
13 | #endif
14 |
15 | LRESULT WINAPI MsgProc(int code, WPARAM wParam, LPARAM lParam);
16 | void SetPID(DWORD dwPID);
17 | DWORD GetPID();
18 | DETOURDLL_API void LoadProcess();
19 | DETOURDLL_API void UnLoadProcess();
20 |
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/DetourDll/DetourDll.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/HookNtQuerySystemInformation and DetoursPreventKilled/DetourDll/DetourDll.rc
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/DetourDll/DetourDll.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 9.00
3 | # Visual Studio 2005
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DetourDll", "DetourDll.vcproj", "{AF478494-1B28-48D0-9104-14F565BAEC61}"
5 | EndProject
6 | Global
7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
8 | Debug|Win32 = Debug|Win32
9 | Release|Win32 = Release|Win32
10 | EndGlobalSection
11 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
12 | {AF478494-1B28-48D0-9104-14F565BAEC61}.Debug|Win32.ActiveCfg = Debug|Win32
13 | {AF478494-1B28-48D0-9104-14F565BAEC61}.Debug|Win32.Build.0 = Debug|Win32
14 | {AF478494-1B28-48D0-9104-14F565BAEC61}.Release|Win32.ActiveCfg = Release|Win32
15 | {AF478494-1B28-48D0-9104-14F565BAEC61}.Release|Win32.Build.0 = Release|Win32
16 | EndGlobalSection
17 | GlobalSection(SolutionProperties) = preSolution
18 | HideSolutionNode = FALSE
19 | EndGlobalSection
20 | EndGlobal
21 |
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/DetourDll/DetourDll.vcproj.ST.Administrator.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/DetourDll/ReadMe.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | DYNAMIC LINK LIBRARY : DetourDll
3 | ========================================================================
4 |
5 |
6 | AppWizard has created this DetourDll DLL for you.
7 |
8 | This file contains a summary of what you will find in each of the files that
9 | make up your DetourDll application.
10 |
11 | DetourDll.dsp
12 | This file (the project file) contains information at the project level and
13 | is used to build a single project or subproject. Other users can share the
14 | project (.dsp) file, but they should export the makefiles locally.
15 |
16 | DetourDll.cpp
17 | This is the main DLL source file.
18 |
19 | DetourDll.h
20 | This file contains your DLL exports.
21 |
22 | /////////////////////////////////////////////////////////////////////////////
23 | Other standard files:
24 |
25 | StdAfx.h, StdAfx.cpp
26 | These files are used to build a precompiled header (PCH) file
27 | named DetourDll.pch and a precompiled types file named StdAfx.obj.
28 |
29 |
30 | /////////////////////////////////////////////////////////////////////////////
31 | Other notes:
32 |
33 | AppWizard uses "TODO:" to indicate parts of the source code you
34 | should add to or customize.
35 |
36 |
37 | /////////////////////////////////////////////////////////////////////////////
38 |
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/DetourDll/StdAfx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // DetourDll.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 |
5 | #include "stdafx.h"
6 |
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 |
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/DetourDll/StdAfx.h:
--------------------------------------------------------------------------------
1 | // stdafx.h : include file for standard system include files,
2 | // or project specific include files that are used frequently, but
3 | // are changed infrequently
4 | //
5 |
6 | #if !defined(AFX_STDAFX_H__83DD34E5_2559_489D_A6C3_DA4E158A6B27__INCLUDED_)
7 | #define AFX_STDAFX_H__83DD34E5_2559_489D_A6C3_DA4E158A6B27__INCLUDED_
8 |
9 | #if _MSC_VER > 1000
10 | #pragma once
11 | #endif // _MSC_VER > 1000
12 |
13 |
14 | // Insert your headers here
15 | #define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
16 |
17 | #include
18 |
19 | // TODO: reference additional headers your program requires here
20 |
21 | //{{AFX_INSERT_LOCATION}}
22 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line.
23 |
24 | #endif // !defined(AFX_STDAFX_H__83DD34E5_2559_489D_A6C3_DA4E158A6B27__INCLUDED_)
25 |
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/DetourDll/detours.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/HookNtQuerySystemInformation and DetoursPreventKilled/DetourDll/detours.lib
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/DetourDll/resource.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/HookNtQuerySystemInformation and DetoursPreventKilled/DetourDll/resource.h
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/HookNt/HookApi.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/HookNtQuerySystemInformation and DetoursPreventKilled/HookNt/HookApi.cpp
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/HookNt/HookApi.dsp:
--------------------------------------------------------------------------------
1 | # Microsoft Developer Studio Project File - Name="HookApi" - Package Owner=<4>
2 | # Microsoft Developer Studio Generated Build File, Format Version 6.00
3 | # ** DO NOT EDIT **
4 |
5 | # TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
6 |
7 | CFG=HookApi - Win32 Debug
8 | !MESSAGE This is not a valid makefile. To build this project using NMAKE,
9 | !MESSAGE use the Export Makefile command and run
10 | !MESSAGE
11 | !MESSAGE NMAKE /f "HookApi.mak".
12 | !MESSAGE
13 | !MESSAGE You can specify a configuration when running NMAKE
14 | !MESSAGE by defining the macro CFG on the command line. For example:
15 | !MESSAGE
16 | !MESSAGE NMAKE /f "HookApi.mak" CFG="HookApi - Win32 Debug"
17 | !MESSAGE
18 | !MESSAGE Possible choices for configuration are:
19 | !MESSAGE
20 | !MESSAGE "HookApi - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
21 | !MESSAGE "HookApi - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
22 | !MESSAGE
23 |
24 | # Begin Project
25 | # PROP AllowPerConfigDependencies 0
26 | # PROP Scc_ProjName ""
27 | # PROP Scc_LocalPath ""
28 | CPP=cl.exe
29 | MTL=midl.exe
30 | RSC=rc.exe
31 |
32 | !IF "$(CFG)" == "HookApi - Win32 Release"
33 |
34 | # PROP BASE Use_MFC 0
35 | # PROP BASE Use_Debug_Libraries 0
36 | # PROP BASE Output_Dir "Release"
37 | # PROP BASE Intermediate_Dir "Release"
38 | # PROP BASE Target_Dir ""
39 | # PROP Use_MFC 0
40 | # PROP Use_Debug_Libraries 0
41 | # PROP Output_Dir "Release"
42 | # PROP Intermediate_Dir "Release"
43 | # PROP Ignore_Export_Lib 0
44 | # PROP Target_Dir ""
45 | # ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "HOOKAPI_EXPORTS" /YX /FD /c
46 | # ADD CPP /nologo /MD /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "HOOKAPI_EXPORTS" /YX /FD /c
47 | # ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
48 | # ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
49 | # ADD BASE RSC /l 0x804 /d "NDEBUG"
50 | # ADD RSC /l 0x804 /d "NDEBUG"
51 | BSC32=bscmake.exe
52 | # ADD BASE BSC32 /nologo
53 | # ADD BSC32 /nologo
54 | LINK32=link.exe
55 | # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /machine:I386
56 | # ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib Imagehlp.lib /nologo /dll /machine:I386 /out:"..\bin\Release/HookNTQSI.dll"
57 |
58 | !ELSEIF "$(CFG)" == "HookApi - Win32 Debug"
59 |
60 | # PROP BASE Use_MFC 0
61 | # PROP BASE Use_Debug_Libraries 1
62 | # PROP BASE Output_Dir "Debug"
63 | # PROP BASE Intermediate_Dir "Debug"
64 | # PROP BASE Target_Dir ""
65 | # PROP Use_MFC 0
66 | # PROP Use_Debug_Libraries 1
67 | # PROP Output_Dir "Debug"
68 | # PROP Intermediate_Dir "Debug"
69 | # PROP Ignore_Export_Lib 0
70 | # PROP Target_Dir ""
71 | # ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "HOOKAPI_EXPORTS" /YX /FD /GZ /c
72 | # ADD CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "HOOKAPI_EXPORTS" /YX /FD /GZ /c
73 | # ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
74 | # ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
75 | # ADD BASE RSC /l 0x804 /d "_DEBUG"
76 | # ADD RSC /l 0x804 /d "_DEBUG"
77 | BSC32=bscmake.exe
78 | # ADD BASE BSC32 /nologo
79 | # ADD BSC32 /nologo
80 | LINK32=link.exe
81 | # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /debug /machine:I386 /pdbtype:sept
82 | # ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib Imagehlp.lib /nologo /dll /debug /machine:I386 /out:"..\bin\Debug/HookNTQSI.dll" /pdbtype:sept
83 |
84 | !ENDIF
85 |
86 | # Begin Target
87 |
88 | # Name "HookApi - Win32 Release"
89 | # Name "HookApi - Win32 Debug"
90 | # Begin Group "Source Files"
91 |
92 | # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
93 | # Begin Source File
94 |
95 | SOURCE=.\HookApi.cpp
96 | # End Source File
97 | # Begin Source File
98 |
99 | SOURCE=.\HookClass.cpp
100 | # End Source File
101 | # End Group
102 | # Begin Group "Header Files"
103 |
104 | # PROP Default_Filter "h;hpp;hxx;hm;inl"
105 | # Begin Source File
106 |
107 | SOURCE=.\HookApi.h
108 | # End Source File
109 | # Begin Source File
110 |
111 | SOURCE=.\HookClass.h
112 | # End Source File
113 | # End Group
114 | # Begin Group "Resource Files"
115 |
116 | # PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
117 | # End Group
118 | # End Target
119 | # End Project
120 |
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/HookNt/HookApi.dsw:
--------------------------------------------------------------------------------
1 | Microsoft Developer Studio Workspace File, Format Version 6.00
2 | # WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
3 |
4 | ###############################################################################
5 |
6 | Project: "HookApi"=.\HookApi.dsp - Package Owner=<4>
7 |
8 | Package=<5>
9 | {{{
10 | }}}
11 |
12 | Package=<4>
13 | {{{
14 | }}}
15 |
16 | ###############################################################################
17 |
18 | Global:
19 |
20 | Package=<5>
21 | {{{
22 | }}}
23 |
24 | Package=<3>
25 | {{{
26 | }}}
27 |
28 | ###############################################################################
29 |
30 |
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/HookNt/HookApi.h:
--------------------------------------------------------------------------------
1 | #ifndef HOOKAPI_H
2 | #define HOOKAPI_H
3 |
4 | #ifdef _DLL_
5 | #define DLL_EXP_IMP __declspec(dllexport)
6 | #else
7 | #define DLL_EXP_IMP __declspec(dllimport)
8 | #endif
9 |
10 | extern "C" DLL_EXP_IMP int _cdecl Hook(DWORD dwSelfProcessID_P);
11 | extern "C" DLL_EXP_IMP int _cdecl Unhook();
12 |
13 | #endif
14 |
15 |
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/HookNt/HookApi.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/HookNtQuerySystemInformation and DetoursPreventKilled/HookNt/HookApi.rc
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/HookNt/HookApi.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 9.00
3 | # Visual Studio 2005
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HookApi", "HookApi.vcproj", "{A304896B-9768-400D-998C-F1D0EA8C6CEC}"
5 | EndProject
6 | Global
7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
8 | Debug|Win32 = Debug|Win32
9 | Release|Win32 = Release|Win32
10 | EndGlobalSection
11 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
12 | {A304896B-9768-400D-998C-F1D0EA8C6CEC}.Debug|Win32.ActiveCfg = Debug|Win32
13 | {A304896B-9768-400D-998C-F1D0EA8C6CEC}.Debug|Win32.Build.0 = Debug|Win32
14 | {A304896B-9768-400D-998C-F1D0EA8C6CEC}.Release|Win32.ActiveCfg = Release|Win32
15 | {A304896B-9768-400D-998C-F1D0EA8C6CEC}.Release|Win32.Build.0 = Release|Win32
16 | EndGlobalSection
17 | GlobalSection(SolutionProperties) = preSolution
18 | HideSolutionNode = FALSE
19 | EndGlobalSection
20 | EndGlobal
21 |
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/HookNt/HookApi.vcproj.ST.Administrator.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/HookNt/HookClass.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/HookNtQuerySystemInformation and DetoursPreventKilled/HookNt/HookClass.cpp
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/HookNt/HookClass.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/HookNtQuerySystemInformation and DetoursPreventKilled/HookNt/HookClass.h
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/HookNt/resource.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/HookNtQuerySystemInformation and DetoursPreventKilled/HookNt/resource.h
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/HookNt/stdafx.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/HookNtQuerySystemInformation and DetoursPreventKilled/HookNt/stdafx.h
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/bin/release/HookNTQSI.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/HookNtQuerySystemInformation and DetoursPreventKilled/bin/release/HookNTQSI.dll
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/bin/release/NoKillDll.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/HookNtQuerySystemInformation and DetoursPreventKilled/bin/release/NoKillDll.dll
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/bin/release/killtest.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/HookNtQuerySystemInformation and DetoursPreventKilled/bin/release/killtest.exe
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/killtest/ReadMe.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | CONSOLE APPLICATION : killtest
3 | ========================================================================
4 |
5 |
6 | AppWizard has created this killtest application for you.
7 |
8 | This file contains a summary of what you will find in each of the files that
9 | make up your killtest application.
10 |
11 | killtest.dsp
12 | This file (the project file) contains information at the project level and
13 | is used to build a single project or subproject. Other users can share the
14 | project (.dsp) file, but they should export the makefiles locally.
15 |
16 | killtest.cpp
17 | This is the main application source file.
18 |
19 |
20 | /////////////////////////////////////////////////////////////////////////////
21 | Other standard files:
22 |
23 | StdAfx.h, StdAfx.cpp
24 | These files are used to build a precompiled header (PCH) file
25 | named killtest.pch and a precompiled types file named StdAfx.obj.
26 |
27 |
28 | /////////////////////////////////////////////////////////////////////////////
29 | Other notes:
30 |
31 | AppWizard uses "TODO:" to indicate parts of the source code you
32 | should add to or customize.
33 |
34 | /////////////////////////////////////////////////////////////////////////////
35 |
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/killtest/StdAfx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // killtest.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 |
5 | #include "stdafx.h"
6 |
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 |
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/killtest/StdAfx.h:
--------------------------------------------------------------------------------
1 | // stdafx.h : include file for standard system include files,
2 | // or project specific include files that are used frequently, but
3 | // are changed infrequently
4 | //
5 |
6 | #if !defined(AFX_STDAFX_H__8C6E7ABC_0F64_4331_8006_744A1C68D242__INCLUDED_)
7 | #define AFX_STDAFX_H__8C6E7ABC_0F64_4331_8006_744A1C68D242__INCLUDED_
8 |
9 | #if _MSC_VER > 1000
10 | #pragma once
11 | #endif // _MSC_VER > 1000
12 |
13 | #define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
14 |
15 | #include
16 | #include
17 | #include
18 |
19 |
20 |
21 |
22 | #ifdef _DEBUG
23 | #pragma comment(lib,"../lib/debug/NoKillDll.lib")
24 | #else
25 | #pragma comment(lib,"../lib/release/NoKillDll.lib")
26 | #endif
27 |
28 |
29 | // TODO: reference additional headers your program requires here
30 |
31 | //{{AFX_INSERT_LOCATION}}
32 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line.
33 |
34 | #endif // !defined(AFX_STDAFX_H__8C6E7ABC_0F64_4331_8006_744A1C68D242__INCLUDED_)
35 |
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/killtest/TaskKeyMgr.cpp:
--------------------------------------------------------------------------------
1 | ////////////////////////////////////////////////////////////////
2 | // MSDN Magazine -- September 2002
3 | // If this code works, it was written by Paul DiLascia.
4 | // If not, I don't know who wrote it.
5 | // Compiles with Visual Studio 6.0 and Visual Studio .NET on Windows XP.
6 | //
7 |
8 | #include "StdAfx.h"
9 | #include "TaskKeyMgr.h"
10 | //#include "hook.h"
11 | #define HKCU HKEY_CURRENT_USER
12 |
13 | // Magic registry key/value for "Remove Task Manager" policy.
14 | //
15 | LPCTSTR KEY_DisableTaskMgr =
16 | "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System";
17 | LPCTSTR VAL_DisableTaskMgr = "DisableTaskMgr";
18 |
19 | //////////////////
20 | // Disable task-key related stuff.
21 | //
22 | // dwFlags = what to disable
23 | // bDisable = disable (TRUE) or enable (FALSE)
24 | // bBeep = whether to beep for illegal keys (TASKKEYS only)
25 | //
26 | void CTaskKeyMgr::Disable(DWORD dwFlags, BOOL bDisable, BOOL bBeep)
27 | {
28 | //// task manager (Ctrl+Alt+Del)
29 | //if (dwFlags & TASKMGR) {
30 | // HKEY hk;
31 | // if (RegOpenKey(HKCU, KEY_DisableTaskMgr,&hk)!=ERROR_SUCCESS)
32 | // RegCreateKey(HKCU, KEY_DisableTaskMgr, &hk);
33 |
34 | // if (bDisable) { // disable TM: set policy = 1
35 | // DWORD val=1;
36 | // RegSetValueEx(hk, VAL_DisableTaskMgr, NULL,
37 | // REG_DWORD, (BYTE*)&val, sizeof(val));
38 |
39 | // } else { // enable TM: remove policy
40 | // RegDeleteValue(hk,VAL_DisableTaskMgr);
41 | // }
42 | //}
43 | //// task bar
44 | //if (dwFlags & TASKBAR) {
45 | // HWND hwnd = FindWindow("Shell_traywnd", NULL);
46 | // EnableWindow(hwnd, !bDisable);
47 | //}
48 | if(Is_Win2000())
49 | {
50 | if (dwFlags & TASKLIST) {
51 | if(bDisable&&!IsProcessListItemDisabled()){
52 | //only work for windows 2000
53 | int (_cdecl *pfnHook)(DWORD);
54 |
55 | hMyMyNtQuerySystemInformation= LoadLibrary(_T("HookNTQSI.dll"));
56 | if(hMyMyNtQuerySystemInformation)
57 | {
58 | pfnHook = (int(*)(DWORD))GetProcAddress(hMyMyNtQuerySystemInformation,"Hook");
59 | pfnHook(GetCurrentProcessId());
60 | }
61 | else
62 | {
63 | MessageBox(NULL,_T("Failed to load HookNTQSI.dll.Err ="),NULL,MB_OK | MB_APPLMODAL | MB_ICONWARNING);
64 | }
65 | }
66 | if(!bDisable&&IsProcessListItemDisabled()){
67 | int (_cdecl *pfnUnhook)();
68 | if(hMyMyNtQuerySystemInformation)
69 | {
70 | pfnUnhook = (int(*)())GetProcAddress(hMyMyNtQuerySystemInformation,"Unhook");
71 | pfnUnhook();
72 | FreeLibrary(hMyMyNtQuerySystemInformation);
73 | hMyMyNtQuerySystemInformation=NULL;
74 | }
75 | }
76 | }
77 | }
78 | }
79 |
80 | BOOL CTaskKeyMgr::IsProcessListItemDisabled(){return hMyMyNtQuerySystemInformation!=NULL;}
81 | HINSTANCE CTaskKeyMgr::hMyMyNtQuerySystemInformation=NULL;
82 |
83 |
84 |
85 | BOOL Is_Win2000()
86 | {
87 | OSVERSIONINFOEX osvi;
88 | DWORDLONG dwlConditionMask = 0;
89 |
90 | // Initialize the OSVERSIONINFOEX structure.
91 |
92 | ZeroMemory(&osvi, sizeof(OSVERSIONINFOEX));
93 | osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);
94 | osvi.dwMajorVersion = 5;
95 | osvi.dwMinorVersion = 0;
96 |
97 | // Initialize the condition mask.
98 | VER_SET_CONDITION( dwlConditionMask, VER_MAJORVERSION, VER_EQUAL );
99 | VER_SET_CONDITION( dwlConditionMask, VER_MINORVERSION, VER_EQUAL );
100 |
101 | // Perform the test.
102 | return VerifyVersionInfo(
103 | &osvi,
104 | VER_MAJORVERSION | VER_MINORVERSION,
105 | dwlConditionMask);
106 | }
107 |
108 | BOOL Is_Win2000_SP1_or_Later ()
109 | {
110 | OSVERSIONINFOEX osvi;
111 | DWORDLONG dwlConditionMask = 0;
112 |
113 | // Initialize the OSVERSIONINFOEX structure.
114 |
115 | ZeroMemory(&osvi, sizeof(OSVERSIONINFOEX));
116 | osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);
117 | osvi.dwMajorVersion = 5;
118 | osvi.dwMinorVersion = 0;
119 | osvi.wServicePackMajor = 1;
120 |
121 | // Initialize the condition mask.
122 |
123 | VER_SET_CONDITION( dwlConditionMask, VER_MAJORVERSION,
124 | VER_GREATER_EQUAL );
125 | VER_SET_CONDITION( dwlConditionMask, VER_MINORVERSION,
126 | VER_GREATER_EQUAL );
127 | VER_SET_CONDITION( dwlConditionMask, VER_SERVICEPACKMAJOR,
128 | VER_GREATER_EQUAL );
129 |
130 | // Perform the test.
131 |
132 | return VerifyVersionInfo(
133 | &osvi,
134 | VER_MAJORVERSION | VER_MINORVERSION | VER_SERVICEPACKMAJOR,
135 | dwlConditionMask);
136 | }
137 |
138 | BOOL Is_Win2000_Professional ()
139 | {
140 | OSVERSIONINFOEX osvi;
141 | DWORDLONG dwlConditionMask = 0;
142 |
143 | // Initialize the OSVERSIONINFOEX structure.
144 |
145 | ZeroMemory(&osvi, sizeof(OSVERSIONINFOEX));
146 | osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);
147 | osvi.dwMajorVersion = 5;
148 | osvi.wProductType = VER_NT_WORKSTATION;
149 |
150 | // Initialize the condition mask.
151 |
152 | VER_SET_CONDITION( dwlConditionMask, VER_MAJORVERSION,
153 | VER_GREATER_EQUAL );
154 | VER_SET_CONDITION( dwlConditionMask, VER_PRODUCT_TYPE,
155 | VER_EQUAL );
156 |
157 | // Perform the test.
158 |
159 | return VerifyVersionInfo(
160 | &osvi,
161 | VER_MAJORVERSION | VER_PRODUCT_TYPE,
162 | dwlConditionMask);
163 | }
164 |
165 | bool ISWIN2000_VER = false;
166 | bool ISLoadProcess = false;
167 |
168 | BOOL LoadSafeProcess()
169 | {
170 | ISWIN2000_VER = false;
171 | ISLoadProcess = false;
172 | if (Is_Win2000())
173 | {
174 | ISWIN2000_VER = true;
175 | ISLoadProcess = true;
176 | CTaskKeyMgr::Disable(CTaskKeyMgr::TASKLIST,
177 | !CTaskKeyMgr::IsProcessListItemDisabled());
178 | }
179 | else
180 | {
181 | ISLoadProcess = true;
182 | LoadProcess();
183 | }
184 | return ::ISLoadProcess;
185 | }
186 |
187 | void UnLoadSafeProcess()
188 | {
189 | if (ISLoadProcess)
190 | {
191 | if (ISWIN2000_VER)
192 | {
193 | CTaskKeyMgr::Disable(CTaskKeyMgr::TASKLIST,
194 | !CTaskKeyMgr::IsProcessListItemDisabled());
195 | }
196 | else
197 | {
198 | UnLoadProcess();
199 | }
200 | ISLoadProcess = false;
201 | ISWIN2000_VER = false;
202 | }
203 | }
204 |
205 |
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/killtest/TaskKeyMgr.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/HookNtQuerySystemInformation and DetoursPreventKilled/killtest/TaskKeyMgr.h
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/killtest/killtest.cpp:
--------------------------------------------------------------------------------
1 | // killtest.cpp : Defines the entry point for the console application.
2 | //
3 |
4 | #include "stdafx.h"
5 | #include
6 | #include "TaskKeyMgr.h"
7 |
8 | //HOOKPROC hkprcMsgProc=NULL; //the pointer of MsgProc()
9 | //static HINSTANCE hinstDLL=NULL; //the handle of dll!
10 | //static HHOOK hhookMsg=NULL; //the handle of hook!
11 | //
12 | //typedef void (*SETPID)(DWORD nPID);
13 |
14 | int main(int argc, char* argv[])
15 | {
16 | //hinstDLL = LoadLibrary((LPCTSTR)"NoKillDll.dll"); //hookdll.dll is in the same path
17 |
18 | //SETPID fnSetPID=(SETPID)GetProcAddress(hinstDLL,"SetPID");
19 | //if (NULL == fnSetPID)
20 | //{
21 | // return 0;
22 | //}
23 | //(fnSetPID)(GetCurrentProcessId());
24 |
25 | //hkprcMsgProc = (HOOKPROC)GetProcAddress(hinstDLL, "MsgProc"); //get pointer of msg proc
26 |
27 | //hhookMsg = SetWindowsHookEx(WH_GETMESSAGE,hkprcMsgProc,hinstDLL,0); //0 mean hook all process! you can specify a process id,hook one process!
28 | //unsigned long id = GetCurrentProcessId();
29 | //printf("%l",GetCurrentProcessId());
30 |
31 | //Init();
32 |
33 | //CTaskKeyMgr::Disable(CTaskKeyMgr::TASKLIST,
34 | //!CTaskKeyMgr::IsProcessListItemDisabled());
35 |
36 | LoadSafeProcess();
37 | //LoadProcess();
38 | while (getchar() != 'q')
39 | {
40 | }
41 | //UnLoadProcess();
42 | UnLoadSafeProcess();
43 |
44 | while (getchar() != 'w')
45 | {
46 | }
47 |
48 | return 0;
49 | }
50 |
51 |
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/killtest/killtest.dsp:
--------------------------------------------------------------------------------
1 | # Microsoft Developer Studio Project File - Name="killtest" - Package Owner=<4>
2 | # Microsoft Developer Studio Generated Build File, Format Version 6.00
3 | # ** DO NOT EDIT **
4 |
5 | # TARGTYPE "Win32 (x86) Console Application" 0x0103
6 |
7 | CFG=killtest - Win32 Debug
8 | !MESSAGE This is not a valid makefile. To build this project using NMAKE,
9 | !MESSAGE use the Export Makefile command and run
10 | !MESSAGE
11 | !MESSAGE NMAKE /f "killtest.mak".
12 | !MESSAGE
13 | !MESSAGE You can specify a configuration when running NMAKE
14 | !MESSAGE by defining the macro CFG on the command line. For example:
15 | !MESSAGE
16 | !MESSAGE NMAKE /f "killtest.mak" CFG="killtest - Win32 Debug"
17 | !MESSAGE
18 | !MESSAGE Possible choices for configuration are:
19 | !MESSAGE
20 | !MESSAGE "killtest - Win32 Release" (based on "Win32 (x86) Console Application")
21 | !MESSAGE "killtest - Win32 Debug" (based on "Win32 (x86) Console Application")
22 | !MESSAGE
23 |
24 | # Begin Project
25 | # PROP AllowPerConfigDependencies 0
26 | # PROP Scc_ProjName ""
27 | # PROP Scc_LocalPath ""
28 | CPP=cl.exe
29 | RSC=rc.exe
30 |
31 | !IF "$(CFG)" == "killtest - Win32 Release"
32 |
33 | # PROP BASE Use_MFC 0
34 | # PROP BASE Use_Debug_Libraries 0
35 | # PROP BASE Output_Dir "Release"
36 | # PROP BASE Intermediate_Dir "Release"
37 | # PROP BASE Target_Dir ""
38 | # PROP Use_MFC 0
39 | # PROP Use_Debug_Libraries 0
40 | # PROP Output_Dir "Release"
41 | # PROP Intermediate_Dir "Release"
42 | # PROP Target_Dir ""
43 | # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Yu"stdafx.h" /FD /c
44 | # ADD CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Yu"stdafx.h" /FD /c
45 | # ADD BASE RSC /l 0x804 /d "NDEBUG"
46 | # ADD RSC /l 0x804 /d "NDEBUG"
47 | BSC32=bscmake.exe
48 | # ADD BASE BSC32 /nologo
49 | # ADD BSC32 /nologo
50 | LINK32=link.exe
51 | # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
52 | # ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
53 |
54 | !ELSEIF "$(CFG)" == "killtest - Win32 Debug"
55 |
56 | # PROP BASE Use_MFC 0
57 | # PROP BASE Use_Debug_Libraries 1
58 | # PROP BASE Output_Dir "Debug"
59 | # PROP BASE Intermediate_Dir "Debug"
60 | # PROP BASE Target_Dir ""
61 | # PROP Use_MFC 0
62 | # PROP Use_Debug_Libraries 1
63 | # PROP Output_Dir "Debug"
64 | # PROP Intermediate_Dir "Debug"
65 | # PROP Target_Dir ""
66 | # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /Yu"stdafx.h" /FD /GZ /c
67 | # ADD CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /Yu"stdafx.h" /FD /GZ /c
68 | # ADD BASE RSC /l 0x804 /d "_DEBUG"
69 | # ADD RSC /l 0x804 /d "_DEBUG"
70 | BSC32=bscmake.exe
71 | # ADD BASE BSC32 /nologo
72 | # ADD BSC32 /nologo
73 | LINK32=link.exe
74 | # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
75 | # ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
76 |
77 | !ENDIF
78 |
79 | # Begin Target
80 |
81 | # Name "killtest - Win32 Release"
82 | # Name "killtest - Win32 Debug"
83 | # Begin Group "Source Files"
84 |
85 | # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
86 | # Begin Source File
87 |
88 | SOURCE=.\killtest.cpp
89 | # End Source File
90 | # Begin Source File
91 |
92 | SOURCE=.\StdAfx.cpp
93 | # ADD CPP /Yc"stdafx.h"
94 | # End Source File
95 | # End Group
96 | # Begin Group "Header Files"
97 |
98 | # PROP Default_Filter "h;hpp;hxx;hm;inl"
99 | # Begin Source File
100 |
101 | SOURCE=.\StdAfx.h
102 | # End Source File
103 | # End Group
104 | # Begin Group "Resource Files"
105 |
106 | # PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
107 | # End Group
108 | # Begin Source File
109 |
110 | SOURCE=.\ReadMe.txt
111 | # End Source File
112 | # End Target
113 | # End Project
114 |
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/killtest/killtest.dsw:
--------------------------------------------------------------------------------
1 | Microsoft Developer Studio Workspace File, Format Version 6.00
2 | # WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
3 |
4 | ###############################################################################
5 |
6 | Project: "killtest"=.\killtest.dsp - Package Owner=<4>
7 |
8 | Package=<5>
9 | {{{
10 | }}}
11 |
12 | Package=<4>
13 | {{{
14 | }}}
15 |
16 | ###############################################################################
17 |
18 | Global:
19 |
20 | Package=<5>
21 | {{{
22 | }}}
23 |
24 | Package=<3>
25 | {{{
26 | }}}
27 |
28 | ###############################################################################
29 |
30 |
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/killtest/killtest.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/HookNtQuerySystemInformation and DetoursPreventKilled/killtest/killtest.rc
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/killtest/killtest.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 9.00
3 | # Visual Studio 2005
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DetourDll", "..\DetourDll\DetourDll.vcproj", "{AF478494-1B28-48D0-9104-14F565BAEC61}"
5 | EndProject
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HookApi", "..\HookNt\HookApi.vcproj", "{A304896B-9768-400D-998C-F1D0EA8C6CEC}"
7 | EndProject
8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "killtest", "killtest.vcproj", "{4DFA587A-15B4-4E73-BACC-E16B512F9D63}"
9 | EndProject
10 | Global
11 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
12 | Debug|Win32 = Debug|Win32
13 | Release|Win32 = Release|Win32
14 | EndGlobalSection
15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | {AF478494-1B28-48D0-9104-14F565BAEC61}.Debug|Win32.ActiveCfg = Debug|Win32
17 | {AF478494-1B28-48D0-9104-14F565BAEC61}.Release|Win32.ActiveCfg = Release|Win32
18 | {AF478494-1B28-48D0-9104-14F565BAEC61}.Release|Win32.Build.0 = Release|Win32
19 | {A304896B-9768-400D-998C-F1D0EA8C6CEC}.Debug|Win32.ActiveCfg = Debug|Win32
20 | {A304896B-9768-400D-998C-F1D0EA8C6CEC}.Release|Win32.ActiveCfg = Release|Win32
21 | {A304896B-9768-400D-998C-F1D0EA8C6CEC}.Release|Win32.Build.0 = Release|Win32
22 | {4DFA587A-15B4-4E73-BACC-E16B512F9D63}.Debug|Win32.ActiveCfg = Debug|Win32
23 | {4DFA587A-15B4-4E73-BACC-E16B512F9D63}.Debug|Win32.Build.0 = Debug|Win32
24 | {4DFA587A-15B4-4E73-BACC-E16B512F9D63}.Release|Win32.ActiveCfg = Release|Win32
25 | {4DFA587A-15B4-4E73-BACC-E16B512F9D63}.Release|Win32.Build.0 = Release|Win32
26 | EndGlobalSection
27 | GlobalSection(SolutionProperties) = preSolution
28 | HideSolutionNode = FALSE
29 | EndGlobalSection
30 | EndGlobal
31 |
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/killtest/killtest.vcproj.ST.Administrator.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/killtest/resource.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/HookNtQuerySystemInformation and DetoursPreventKilled/killtest/resource.h
--------------------------------------------------------------------------------
/HookNtQuerySystemInformation and DetoursPreventKilled/说明.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/HookNtQuerySystemInformation and DetoursPreventKilled/说明.txt
--------------------------------------------------------------------------------
/HookTaskmgr/HookTaskmgr/HookTaskmgr.cpp:
--------------------------------------------------------------------------------
1 | // HookTaskmgr.cpp : Defines the class behaviors for the application.
2 | //
3 |
4 | #include "stdafx.h"
5 | #include "HookTaskmgr.h"
6 | #include "HookTaskmgrDlg.h"
7 |
8 | #ifdef _DEBUG
9 | #define new DEBUG_NEW
10 | #undef THIS_FILE
11 | static char THIS_FILE[] = __FILE__;
12 | #endif
13 |
14 | /////////////////////////////////////////////////////////////////////////////
15 | // CHookTaskmgrApp
16 |
17 | BEGIN_MESSAGE_MAP(CHookTaskmgrApp, CWinApp)
18 | //{{AFX_MSG_MAP(CHookTaskmgrApp)
19 | // NOTE - the ClassWizard will add and remove mapping macros here.
20 | // DO NOT EDIT what you see in these blocks of generated code!
21 | //}}AFX_MSG
22 | ON_COMMAND(ID_HELP, CWinApp::OnHelp)
23 | END_MESSAGE_MAP()
24 |
25 | /////////////////////////////////////////////////////////////////////////////
26 | // CHookTaskmgrApp construction
27 |
28 | CHookTaskmgrApp::CHookTaskmgrApp()
29 | {
30 | // TODO: add construction code here,
31 | // Place all significant initialization in InitInstance
32 | }
33 |
34 | /////////////////////////////////////////////////////////////////////////////
35 | // The one and only CHookTaskmgrApp object
36 |
37 | CHookTaskmgrApp theApp;
38 |
39 | /////////////////////////////////////////////////////////////////////////////
40 | // CHookTaskmgrApp initialization
41 |
42 | BOOL CHookTaskmgrApp::InitInstance()
43 | {
44 | AfxEnableControlContainer();
45 |
46 | // Standard initialization
47 | // If you are not using these features and wish to reduce the size
48 | // of your final executable, you should remove from the following
49 | // the specific initialization routines you do not need.
50 |
51 | #ifdef _AFXDLL
52 | Enable3dControls(); // Call this when using MFC in a shared DLL
53 | #else
54 | Enable3dControlsStatic(); // Call this when linking to MFC statically
55 | #endif
56 |
57 | CHookTaskmgrDlg dlg;
58 | m_pMainWnd = &dlg;
59 | int nResponse = dlg.DoModal();
60 | if (nResponse == IDOK)
61 | {
62 | // TODO: Place code here to handle when the dialog is
63 | // dismissed with OK
64 | }
65 | else if (nResponse == IDCANCEL)
66 | {
67 | // TODO: Place code here to handle when the dialog is
68 | // dismissed with Cancel
69 | }
70 |
71 | // Since the dialog has been closed, return FALSE so that we exit the
72 | // application, rather than start the application's message pump.
73 | return FALSE;
74 | }
75 |
76 | BOOL CHookTaskmgrApp::ExistInstance()
77 | {
78 | CHookTaskmgrDlg dlg = m_pMainWnd;
79 | dlg.OnBnClickedButton2();
80 | return TRUE;
81 | }
--------------------------------------------------------------------------------
/HookTaskmgr/HookTaskmgr/HookTaskmgr.dsp:
--------------------------------------------------------------------------------
1 | # Microsoft Developer Studio Project File - Name="HookTaskmgr" - Package Owner=<4>
2 | # Microsoft Developer Studio Generated Build File, Format Version 6.00
3 | # ** DO NOT EDIT **
4 |
5 | # TARGTYPE "Win32 (x86) Application" 0x0101
6 |
7 | CFG=HookTaskmgr - Win32 Debug
8 | !MESSAGE This is not a valid makefile. To build this project using NMAKE,
9 | !MESSAGE use the Export Makefile command and run
10 | !MESSAGE
11 | !MESSAGE NMAKE /f "HookTaskmgr.mak".
12 | !MESSAGE
13 | !MESSAGE You can specify a configuration when running NMAKE
14 | !MESSAGE by defining the macro CFG on the command line. For example:
15 | !MESSAGE
16 | !MESSAGE NMAKE /f "HookTaskmgr.mak" CFG="HookTaskmgr - Win32 Debug"
17 | !MESSAGE
18 | !MESSAGE Possible choices for configuration are:
19 | !MESSAGE
20 | !MESSAGE "HookTaskmgr - Win32 Release" (based on "Win32 (x86) Application")
21 | !MESSAGE "HookTaskmgr - Win32 Debug" (based on "Win32 (x86) Application")
22 | !MESSAGE
23 |
24 | # Begin Project
25 | # PROP AllowPerConfigDependencies 0
26 | # PROP Scc_ProjName ""
27 | # PROP Scc_LocalPath ""
28 | CPP=cl.exe
29 | MTL=midl.exe
30 | RSC=rc.exe
31 |
32 | !IF "$(CFG)" == "HookTaskmgr - Win32 Release"
33 |
34 | # PROP BASE Use_MFC 6
35 | # PROP BASE Use_Debug_Libraries 0
36 | # PROP BASE Output_Dir "Release"
37 | # PROP BASE Intermediate_Dir "Release"
38 | # PROP BASE Target_Dir ""
39 | # PROP Use_MFC 6
40 | # PROP Use_Debug_Libraries 0
41 | # PROP Output_Dir "Release"
42 | # PROP Intermediate_Dir "Release"
43 | # PROP Target_Dir ""
44 | # ADD BASE CPP /nologo /MD /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_AFXDLL" /Yu"stdafx.h" /FD /c
45 | # ADD CPP /nologo /MD /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_AFXDLL" /D "_MBCS" /Yu"stdafx.h" /FD /c
46 | # ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
47 | # ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
48 | # ADD BASE RSC /l 0x804 /d "NDEBUG" /d "_AFXDLL"
49 | # ADD RSC /l 0x804 /d "NDEBUG" /d "_AFXDLL"
50 | BSC32=bscmake.exe
51 | # ADD BASE BSC32 /nologo
52 | # ADD BSC32 /nologo
53 | LINK32=link.exe
54 | # ADD BASE LINK32 /nologo /subsystem:windows /machine:I386
55 | # ADD LINK32 /nologo /subsystem:windows /machine:I386
56 |
57 | !ELSEIF "$(CFG)" == "HookTaskmgr - Win32 Debug"
58 |
59 | # PROP BASE Use_MFC 6
60 | # PROP BASE Use_Debug_Libraries 1
61 | # PROP BASE Output_Dir "Debug"
62 | # PROP BASE Intermediate_Dir "Debug"
63 | # PROP BASE Target_Dir ""
64 | # PROP Use_MFC 6
65 | # PROP Use_Debug_Libraries 1
66 | # PROP Output_Dir "Debug"
67 | # PROP Intermediate_Dir "Debug"
68 | # PROP Target_Dir ""
69 | # ADD BASE CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_AFXDLL" /Yu"stdafx.h" /FD /GZ /c
70 | # ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_AFXDLL" /D "_MBCS" /Yu"stdafx.h" /FD /GZ /c
71 | # ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
72 | # ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
73 | # ADD BASE RSC /l 0x804 /d "_DEBUG" /d "_AFXDLL"
74 | # ADD RSC /l 0x804 /d "_DEBUG" /d "_AFXDLL"
75 | BSC32=bscmake.exe
76 | # ADD BASE BSC32 /nologo
77 | # ADD BSC32 /nologo
78 | LINK32=link.exe
79 | # ADD BASE LINK32 /nologo /subsystem:windows /debug /machine:I386 /pdbtype:sept
80 | # ADD LINK32 /nologo /subsystem:windows /debug /machine:I386 /pdbtype:sept
81 |
82 | !ENDIF
83 |
84 | # Begin Target
85 |
86 | # Name "HookTaskmgr - Win32 Release"
87 | # Name "HookTaskmgr - Win32 Debug"
88 | # Begin Group "Source Files"
89 |
90 | # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
91 | # Begin Source File
92 |
93 | SOURCE=.\HookTaskmgr.cpp
94 | # End Source File
95 | # Begin Source File
96 |
97 | SOURCE=.\HookTaskmgr.rc
98 | # End Source File
99 | # Begin Source File
100 |
101 | SOURCE=.\HookTaskmgrDlg.cpp
102 | # End Source File
103 | # Begin Source File
104 |
105 | SOURCE=.\StdAfx.cpp
106 | # ADD CPP /Yc"stdafx.h"
107 | # End Source File
108 | # End Group
109 | # Begin Group "Header Files"
110 |
111 | # PROP Default_Filter "h;hpp;hxx;hm;inl"
112 | # Begin Source File
113 |
114 | SOURCE=.\HookTaskmgr.h
115 | # End Source File
116 | # Begin Source File
117 |
118 | SOURCE=.\HookTaskmgrDlg.h
119 | # End Source File
120 | # Begin Source File
121 |
122 | SOURCE=.\Resource.h
123 | # End Source File
124 | # Begin Source File
125 |
126 | SOURCE=.\StdAfx.h
127 | # End Source File
128 | # End Group
129 | # Begin Group "Resource Files"
130 |
131 | # PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
132 | # Begin Source File
133 |
134 | SOURCE=.\res\HookTaskmgr.ico
135 | # End Source File
136 | # Begin Source File
137 |
138 | SOURCE=.\res\HookTaskmgr.rc2
139 | # End Source File
140 | # End Group
141 | # Begin Source File
142 |
143 | SOURCE=.\ReadMe.txt
144 | # End Source File
145 | # End Target
146 | # End Project
147 |
--------------------------------------------------------------------------------
/HookTaskmgr/HookTaskmgr/HookTaskmgr.dsw:
--------------------------------------------------------------------------------
1 | Microsoft Developer Studio Workspace File, Format Version 6.00
2 | # WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
3 |
4 | ###############################################################################
5 |
6 | Project: "HookTaskmgr"=.\HookTaskmgr.dsp - Package Owner=<4>
7 |
8 | Package=<5>
9 | {{{
10 | }}}
11 |
12 | Package=<4>
13 | {{{
14 | }}}
15 |
16 | ###############################################################################
17 |
18 | Global:
19 |
20 | Package=<5>
21 | {{{
22 | }}}
23 |
24 | Package=<3>
25 | {{{
26 | }}}
27 |
28 | ###############################################################################
29 |
30 |
--------------------------------------------------------------------------------
/HookTaskmgr/HookTaskmgr/HookTaskmgr.h:
--------------------------------------------------------------------------------
1 | // HookTaskmgr.h : main header file for the HookTaskmgr application
2 | //
3 |
4 | #if !defined(AFX_HookTaskmgr_H__3EDB105C_0D8B_42B8_A00E_F31814C5420E__INCLUDED_)
5 | #define AFX_HookTaskmgr_H__3EDB105C_0D8B_42B8_A00E_F31814C5420E__INCLUDED_
6 |
7 | #if _MSC_VER > 1000
8 | #pragma once
9 | #endif // _MSC_VER > 1000
10 |
11 | #ifndef __AFXWIN_H__
12 | #error include 'stdafx.h' before including this file for PCH
13 | #endif
14 |
15 | #include "resource.h" // main symbols
16 |
17 | /////////////////////////////////////////////////////////////////////////////
18 | // CHookTaskmgrApp:
19 | // See HookTaskmgr.cpp for the implementation of this class
20 | //
21 |
22 | class CHookTaskmgrApp : public CWinApp
23 | {
24 | public:
25 | CHookTaskmgrApp();
26 |
27 | // Overrides
28 | // ClassWizard generated virtual function overrides
29 | //{{AFX_VIRTUAL(CHookTaskmgrApp)
30 | public:
31 | virtual BOOL InitInstance();
32 | virtual BOOL ExistInstance();
33 | //}}AFX_VIRTUAL
34 |
35 | // Implementation
36 |
37 | //{{AFX_MSG(CHookTaskmgrApp)
38 | // NOTE - the ClassWizard will add and remove member functions here.
39 | // DO NOT EDIT what you see in these blocks of generated code !
40 | //}}AFX_MSG
41 | DECLARE_MESSAGE_MAP()
42 | };
43 |
44 |
45 | /////////////////////////////////////////////////////////////////////////////
46 |
47 | //{{AFX_INSERT_LOCATION}}
48 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line.
49 |
50 | #endif // !defined(AFX_HookTaskmgr_H__3EDB105C_0D8B_42B8_A00E_F31814C5420E__INCLUDED_)
51 |
--------------------------------------------------------------------------------
/HookTaskmgr/HookTaskmgr/HookTaskmgr.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/HookTaskmgr/HookTaskmgr/HookTaskmgr.rc
--------------------------------------------------------------------------------
/HookTaskmgr/HookTaskmgr/HookTaskmgr.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 9.00
3 | # Visual Studio 2005
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HookTaskmgr", "HookTaskmgr.vcproj", "{02BC3552-9E50-4AEB-AB1C-3D87575D33CA}"
5 | EndProject
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SafeProcess", "..\SafeProcess\SafeProcess.vcproj", "{0344449F-4251-4313-A773-8216AAC0F353}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|Win32 = Debug|Win32
11 | Release|Win32 = Release|Win32
12 | EndGlobalSection
13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | {02BC3552-9E50-4AEB-AB1C-3D87575D33CA}.Debug|Win32.ActiveCfg = Debug|Win32
15 | {02BC3552-9E50-4AEB-AB1C-3D87575D33CA}.Debug|Win32.Build.0 = Debug|Win32
16 | {02BC3552-9E50-4AEB-AB1C-3D87575D33CA}.Release|Win32.ActiveCfg = Release|Win32
17 | {02BC3552-9E50-4AEB-AB1C-3D87575D33CA}.Release|Win32.Build.0 = Release|Win32
18 | {0344449F-4251-4313-A773-8216AAC0F353}.Debug|Win32.ActiveCfg = Debug|Win32
19 | {0344449F-4251-4313-A773-8216AAC0F353}.Debug|Win32.Build.0 = Debug|Win32
20 | {0344449F-4251-4313-A773-8216AAC0F353}.Release|Win32.ActiveCfg = Release|Win32
21 | {0344449F-4251-4313-A773-8216AAC0F353}.Release|Win32.Build.0 = Release|Win32
22 | EndGlobalSection
23 | GlobalSection(SolutionProperties) = preSolution
24 | HideSolutionNode = FALSE
25 | EndGlobalSection
26 | EndGlobal
27 |
--------------------------------------------------------------------------------
/HookTaskmgr/HookTaskmgr/HookTaskmgr.vcproj.ST.Administrator.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/HookTaskmgr/HookTaskmgr/HookTaskmgrDlg.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/HookTaskmgr/HookTaskmgr/HookTaskmgrDlg.cpp
--------------------------------------------------------------------------------
/HookTaskmgr/HookTaskmgr/HookTaskmgrDlg.h:
--------------------------------------------------------------------------------
1 | // HookTaskmgrDlg.h : header file
2 | //
3 |
4 | #if !defined(AFX_HookTaskmgrDLG_H__D5108457_09EB_4AD9_9EA7_7C40673585B3__INCLUDED_)
5 | #define AFX_HookTaskmgrDLG_H__D5108457_09EB_4AD9_9EA7_7C40673585B3__INCLUDED_
6 |
7 | #if _MSC_VER > 1000
8 | #pragma once
9 | #endif // _MSC_VER > 1000
10 |
11 | /////////////////////////////////////////////////////////////////////////////
12 | // CHookTaskmgrDlg dialog
13 |
14 | class CHookTaskmgrDlg : public CDialog
15 | {
16 | // Construction
17 | public:
18 | CHookTaskmgrDlg(CWnd* pParent = NULL); // standard constructor
19 | ~CHookTaskmgrDlg();
20 |
21 | // Dialog Data
22 | //{{AFX_DATA(CHookTaskmgrDlg)
23 | enum { IDD = IDD_HookTaskmgr_DIALOG };
24 | // NOTE: the ClassWizard will add data members here
25 | //}}AFX_DATA
26 |
27 | // ClassWizard generated virtual function overrides
28 | //{{AFX_VIRTUAL(CHookTaskmgrDlg)
29 | protected:
30 | virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support
31 | //}}AFX_VIRTUAL
32 |
33 | // Implementation
34 | protected:
35 | HICON m_hIcon;
36 | afx_msg void OnTimer(UINT nIDEvent);
37 |
38 | // Generated message map functions
39 | //{{AFX_MSG(CHookTaskmgrDlg)
40 | virtual BOOL OnInitDialog();
41 | afx_msg void OnSysCommand(UINT nID, LPARAM lParam);
42 | afx_msg void OnPaint();
43 | afx_msg HCURSOR OnQueryDragIcon();
44 | //}}AFX_MSG
45 | DECLARE_MESSAGE_MAP()
46 | public:
47 | afx_msg void OnBnClickedButton1();
48 | public:
49 | afx_msg void OnBnClickedButton2();
50 |
51 | bool IsExistTaskmgr();
52 | private:
53 | HWND m_hHookedWindow;
54 | };
55 |
56 | //{{AFX_INSERT_LOCATION}}
57 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line.
58 |
59 | #endif // !defined(AFX_HookTaskmgrDLG_H__D5108457_09EB_4AD9_9EA7_7C40673585B3__INCLUDED_)
60 |
--------------------------------------------------------------------------------
/HookTaskmgr/HookTaskmgr/ReadMe.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | MICROSOFT FOUNDATION CLASS LIBRARY : HookTaskmgr
3 | ========================================================================
4 |
5 |
6 | AppWizard has created this HookTaskmgr application for you. This application
7 | not only demonstrates the basics of using the Microsoft Foundation classes
8 | but is also a starting point for writing your application.
9 |
10 | This file contains a summary of what you will find in each of the files that
11 | make up your HookTaskmgr application.
12 |
13 | HookTaskmgr.dsp
14 | This file (the project file) contains information at the project level and
15 | is used to build a single project or subproject. Other users can share the
16 | project (.dsp) file, but they should export the makefiles locally.
17 |
18 | HookTaskmgr.h
19 | This is the main header file for the application. It includes other
20 | project specific headers (including Resource.h) and declares the
21 | CHookTaskmgrApp application class.
22 |
23 | HookTaskmgr.cpp
24 | This is the main application source file that contains the application
25 | class CHookTaskmgrApp.
26 |
27 | HookTaskmgr.rc
28 | This is a listing of all of the Microsoft Windows resources that the
29 | program uses. It includes the icons, bitmaps, and cursors that are stored
30 | in the RES subdirectory. This file can be directly edited in Microsoft
31 | Visual C++.
32 |
33 | HookTaskmgr.clw
34 | This file contains information used by ClassWizard to edit existing
35 | classes or add new classes. ClassWizard also uses this file to store
36 | information needed to create and edit message maps and dialog data
37 | maps and to create prototype member functions.
38 |
39 | res\HookTaskmgr.ico
40 | This is an icon file, which is used as the application's icon. This
41 | icon is included by the main resource file HookTaskmgr.rc.
42 |
43 | res\HookTaskmgr.rc2
44 | This file contains resources that are not edited by Microsoft
45 | Visual C++. You should place all resources not editable by
46 | the resource editor in this file.
47 |
48 |
49 |
50 |
51 | /////////////////////////////////////////////////////////////////////////////
52 |
53 | AppWizard creates one dialog class:
54 |
55 | HookTaskmgrDlg.h, HookTaskmgrDlg.cpp - the dialog
56 | These files contain your CHookTaskmgrDlg class. This class defines
57 | the behavior of your application's main dialog. The dialog's
58 | template is in HookTaskmgr.rc, which can be edited in Microsoft
59 | Visual C++.
60 |
61 |
62 | /////////////////////////////////////////////////////////////////////////////
63 | Other standard files:
64 |
65 | StdAfx.h, StdAfx.cpp
66 | These files are used to build a precompiled header (PCH) file
67 | named HookTaskmgr.pch and a precompiled types file named StdAfx.obj.
68 |
69 | Resource.h
70 | This is the standard header file, which defines new resource IDs.
71 | Microsoft Visual C++ reads and updates this file.
72 |
73 | /////////////////////////////////////////////////////////////////////////////
74 | Other notes:
75 |
76 | AppWizard uses "TODO:" to indicate parts of the source code you
77 | should add to or customize.
78 |
79 | If your application uses MFC in a shared DLL, and your application is
80 | in a language other than the operating system's current language, you
81 | will need to copy the corresponding localized resources MFC42XXX.DLL
82 | from the Microsoft Visual C++ CD-ROM onto the system or system32 directory,
83 | and rename it to be MFCLOC.DLL. ("XXX" stands for the language abbreviation.
84 | For example, MFC42DEU.DLL contains resources translated to German.) If you
85 | don't do this, some of the UI elements of your application will remain in the
86 | language of the operating system.
87 |
88 | /////////////////////////////////////////////////////////////////////////////
89 |
--------------------------------------------------------------------------------
/HookTaskmgr/HookTaskmgr/StdAfx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // HookTaskmgr.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 |
5 | #include "stdafx.h"
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/HookTaskmgr/HookTaskmgr/StdAfx.h:
--------------------------------------------------------------------------------
1 | // stdafx.h : include file for standard system include files,
2 | // or project specific include files that are used frequently, but
3 | // are changed infrequently
4 | //
5 |
6 | #if !defined(AFX_STDAFX_H__C09B9C84_D263_4558_9F53_858A5809B289__INCLUDED_)
7 | #define AFX_STDAFX_H__C09B9C84_D263_4558_9F53_858A5809B289__INCLUDED_
8 |
9 | #if _MSC_VER > 1000
10 | #pragma once
11 | #endif // _MSC_VER > 1000
12 |
13 | #define VC_EXTRALEAN // Exclude rarely-used stuff from Windows headers
14 |
15 | #include // MFC core and standard components
16 | #include // MFC extensions
17 | #include // MFC Automation classes
18 | #include // MFC support for Internet Explorer 4 Common Controls
19 | #ifndef _AFX_NO_AFXCMN_SUPPORT
20 | #include // MFC support for Windows Common Controls
21 | #endif // _AFX_NO_AFXCMN_SUPPORT
22 |
23 | #ifdef _DEBUG
24 | #pragma comment(lib,"../lib/debug/SafeProcess.lib")
25 | #else
26 | #pragma comment(lib,"../lib/release/SafeProcess.lib")
27 | #endif
28 |
29 |
30 | //{{AFX_INSERT_LOCATION}}
31 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line.
32 |
33 | #endif // !defined(AFX_STDAFX_H__C09B9C84_D263_4558_9F53_858A5809B289__INCLUDED_)
34 |
--------------------------------------------------------------------------------
/HookTaskmgr/HookTaskmgr/exeDebuger.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/HookTaskmgr/HookTaskmgr/exeDebuger.h
--------------------------------------------------------------------------------
/HookTaskmgr/HookTaskmgr/res/HookTaskmgr.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/HookTaskmgr/HookTaskmgr/res/HookTaskmgr.ico
--------------------------------------------------------------------------------
/HookTaskmgr/HookTaskmgr/res/HookTaskmgr.rc2:
--------------------------------------------------------------------------------
1 | //
2 | // HookTaskmgr.RC2 - resources Microsoft Visual C++ does not edit directly
3 | //
4 |
5 | #ifdef APSTUDIO_INVOKED
6 | #error this file is not editable by Microsoft Visual C++
7 | #endif //APSTUDIO_INVOKED
8 |
9 |
10 | /////////////////////////////////////////////////////////////////////////////
11 | // Add manually edited resources here...
12 |
13 | /////////////////////////////////////////////////////////////////////////////
14 |
--------------------------------------------------------------------------------
/HookTaskmgr/HookTaskmgr/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by HookTaskmgr.rc
4 | //
5 | #define IDM_ABOUTBOX 0x0010
6 | #define IDD_ABOUTBOX 100
7 | #define IDS_ABOUTBOX 101
8 | #define IDD_HookTaskmgr_DIALOG 102
9 | #define IDR_MAINFRAME 128
10 | #define IDC_BUTTON1 1000
11 | #define IDC_BUTTON2 1001
12 |
13 | // Next default values for new objects
14 | //
15 | #ifdef APSTUDIO_INVOKED
16 | #ifndef APSTUDIO_READONLY_SYMBOLS
17 | #define _APS_NEXT_RESOURCE_VALUE 129
18 | #define _APS_NEXT_COMMAND_VALUE 32771
19 | #define _APS_NEXT_CONTROL_VALUE 1002
20 | #define _APS_NEXT_SYMED_VALUE 101
21 | #endif
22 | #endif
23 |
--------------------------------------------------------------------------------
/HookTaskmgr/SafeProcess/SafeProcess.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/HookTaskmgr/SafeProcess/SafeProcess.cpp
--------------------------------------------------------------------------------
/HookTaskmgr/SafeProcess/SafeProcess.dsp:
--------------------------------------------------------------------------------
1 | # Microsoft Developer Studio Project File - Name="SafeProcess" - Package Owner=<4>
2 | # Microsoft Developer Studio Generated Build File, Format Version 6.00
3 | # ** DO NOT EDIT **
4 |
5 | # TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
6 |
7 | CFG=SafeProcess - Win32 Debug
8 | !MESSAGE This is not a valid makefile. To build this project using NMAKE,
9 | !MESSAGE use the Export Makefile command and run
10 | !MESSAGE
11 | !MESSAGE NMAKE /f "SafeProcess.mak".
12 | !MESSAGE
13 | !MESSAGE You can specify a configuration when running NMAKE
14 | !MESSAGE by defining the macro CFG on the command line. For example:
15 | !MESSAGE
16 | !MESSAGE NMAKE /f "SafeProcess.mak" CFG="SafeProcess - Win32 Debug"
17 | !MESSAGE
18 | !MESSAGE Possible choices for configuration are:
19 | !MESSAGE
20 | !MESSAGE "SafeProcess - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
21 | !MESSAGE "SafeProcess - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
22 | !MESSAGE
23 |
24 | # Begin Project
25 | # PROP AllowPerConfigDependencies 0
26 | # PROP Scc_ProjName ""
27 | # PROP Scc_LocalPath ""
28 | CPP=cl.exe
29 | MTL=midl.exe
30 | RSC=rc.exe
31 |
32 | !IF "$(CFG)" == "SafeProcess - Win32 Release"
33 |
34 | # PROP BASE Use_MFC 0
35 | # PROP BASE Use_Debug_Libraries 0
36 | # PROP BASE Output_Dir "Release"
37 | # PROP BASE Intermediate_Dir "Release"
38 | # PROP BASE Target_Dir ""
39 | # PROP Use_MFC 0
40 | # PROP Use_Debug_Libraries 0
41 | # PROP Output_Dir "Release"
42 | # PROP Intermediate_Dir "Release"
43 | # PROP Target_Dir ""
44 | # ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "SAFEPROCESS_EXPORTS" /YX /FD /c
45 | # ADD CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "SAFEPROCESS_EXPORTS" /YX /FD /c
46 | # ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
47 | # ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
48 | # ADD BASE RSC /l 0x804 /d "NDEBUG"
49 | # ADD RSC /l 0x804 /d "NDEBUG"
50 | BSC32=bscmake.exe
51 | # ADD BASE BSC32 /nologo
52 | # ADD BSC32 /nologo
53 | LINK32=link.exe
54 | # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /machine:I386
55 | # ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /machine:I386
56 |
57 | !ELSEIF "$(CFG)" == "SafeProcess - Win32 Debug"
58 |
59 | # PROP BASE Use_MFC 0
60 | # PROP BASE Use_Debug_Libraries 1
61 | # PROP BASE Output_Dir "Debug"
62 | # PROP BASE Intermediate_Dir "Debug"
63 | # PROP BASE Target_Dir ""
64 | # PROP Use_MFC 0
65 | # PROP Use_Debug_Libraries 1
66 | # PROP Output_Dir "Debug"
67 | # PROP Intermediate_Dir "Debug"
68 | # PROP Target_Dir ""
69 | # ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "SAFEPROCESS_EXPORTS" /YX /FD /GZ /c
70 | # ADD CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "SAFEPROCESS_EXPORTS" /YX /FD /GZ /c
71 | # ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
72 | # ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
73 | # ADD BASE RSC /l 0x804 /d "_DEBUG"
74 | # ADD RSC /l 0x804 /d "_DEBUG"
75 | BSC32=bscmake.exe
76 | # ADD BASE BSC32 /nologo
77 | # ADD BSC32 /nologo
78 | LINK32=link.exe
79 | # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /debug /machine:I386 /pdbtype:sept
80 | # ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /debug /machine:I386 /pdbtype:sept
81 |
82 | !ENDIF
83 |
84 | # Begin Target
85 |
86 | # Name "SafeProcess - Win32 Release"
87 | # Name "SafeProcess - Win32 Debug"
88 | # Begin Group "Source Files"
89 |
90 | # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
91 | # End Group
92 | # Begin Group "Header Files"
93 |
94 | # PROP Default_Filter "h;hpp;hxx;hm;inl"
95 | # End Group
96 | # Begin Group "Resource Files"
97 |
98 | # PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
99 | # End Group
100 | # End Target
101 | # End Project
102 |
--------------------------------------------------------------------------------
/HookTaskmgr/SafeProcess/SafeProcess.dsw:
--------------------------------------------------------------------------------
1 | Microsoft Developer Studio Workspace File, Format Version 6.00
2 | # WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
3 |
4 | ###############################################################################
5 |
6 | Project: "SafeProcess"=.\SafeProcess.dsp - Package Owner=<4>
7 |
8 | Package=<5>
9 | {{{
10 | }}}
11 |
12 | Package=<4>
13 | {{{
14 | }}}
15 |
16 | ###############################################################################
17 |
18 | Global:
19 |
20 | Package=<5>
21 | {{{
22 | }}}
23 |
24 | Package=<3>
25 | {{{
26 | }}}
27 |
28 | ###############################################################################
29 |
30 |
--------------------------------------------------------------------------------
/HookTaskmgr/SafeProcess/SafeProcess.h:
--------------------------------------------------------------------------------
1 | ////////////////////////////////////////////////////////////////
2 | // 2000 VCKBASE Online Journal.
3 | //
4 | //
5 | #define DLLIMPORT __declspec(dllimport)
6 |
7 |
8 | DLLIMPORT BOOL SafeProcessInit();
9 | DLLIMPORT void SafeProcessTerm();
10 | DLLIMPORT int WINAPI SetHandle(HWND HandleofTarget);
11 |
12 |
--------------------------------------------------------------------------------
/HookTaskmgr/SafeProcess/SafeProcess.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/HookTaskmgr/SafeProcess/SafeProcess.rc
--------------------------------------------------------------------------------
/HookTaskmgr/SafeProcess/SafeProcess.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 9.00
3 | # Visual Studio 2005
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SafeProcess", "SafeProcess.vcproj", "{0344449F-4251-4313-A773-8216AAC0F353}"
5 | EndProject
6 | Global
7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
8 | Debug|Win32 = Debug|Win32
9 | Release|Win32 = Release|Win32
10 | EndGlobalSection
11 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
12 | {0344449F-4251-4313-A773-8216AAC0F353}.Debug|Win32.ActiveCfg = Debug|Win32
13 | {0344449F-4251-4313-A773-8216AAC0F353}.Debug|Win32.Build.0 = Debug|Win32
14 | {0344449F-4251-4313-A773-8216AAC0F353}.Release|Win32.ActiveCfg = Release|Win32
15 | {0344449F-4251-4313-A773-8216AAC0F353}.Release|Win32.Build.0 = Release|Win32
16 | EndGlobalSection
17 | GlobalSection(SolutionProperties) = preSolution
18 | HideSolutionNode = FALSE
19 | EndGlobalSection
20 | EndGlobal
21 |
--------------------------------------------------------------------------------
/HookTaskmgr/SafeProcess/SafeProcess.vcproj.ST.Administrator.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/HookTaskmgr/SafeProcess/exports.def:
--------------------------------------------------------------------------------
1 | LIBRARY "SafeProcess"
2 | EXPORTS
3 |
4 | SetHandle
5 | SECTIONS
6 |
7 | SafeProcess READ WRITE SHARED
8 |
9 |
10 |
--------------------------------------------------------------------------------
/HookTaskmgr/SafeProcess/resource.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/HookTaskmgr/SafeProcess/resource.h
--------------------------------------------------------------------------------
/HookTaskmgr/bin/release/HookTaskmgr.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/HookTaskmgr/bin/release/HookTaskmgr.exe
--------------------------------------------------------------------------------
/HookTaskmgr/bin/release/SafeProcess.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/HookTaskmgr/bin/release/SafeProcess.dll
--------------------------------------------------------------------------------
/HookTaskmgr/说明.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/HookTaskmgr/说明.txt
--------------------------------------------------------------------------------
/chi.ssg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/chi.ssg
--------------------------------------------------------------------------------
/readme.md:
--------------------------------------------------------------------------------
1 | Process prevent killed
2 | =======================
3 | ring3 Right
4 | --------------------------------------
5 | * Modify the program's process to the system process
6 | * Principles and the code is simple, it can prevent the Taskmgr to kill the process
7 | * Valid only in XP.Prevent kill limited, can’t protective ice sword
8 | * [Reference](http://blog.csdn.net/KeSummer/archive/2008/05/18/2455379.aspx)
9 |
10 | Hook NtQuerySystemInformation
11 | --------------------------------------------------------
12 | * hook NtQuerySystemInformation to hidden processes(ring 3 level)
13 | * it can prevent the Task Manager to kill the process
14 | * Valid only in NT2000. Not universal
15 |
16 | Detours lib prevent killed
17 | --------------------------------------------------------
18 | * Principle is similar with HookNtQuerySystemInformation,hook OpenProcess to prevent kille.
19 | * Valid in NT2000,xp and NT2003
20 | * use detourslib,can't prevent some processes tools
21 |
22 | Hook Taskmgr
23 | --------------------------------------------------------
24 | * Hook Taskmgr,use CBT hook block end process message.
25 | * Valid in and windows version(As of 2009)
26 | * Only for the Taskmgr
27 |
28 | Dual-process protection
29 | --------------------------------------------------------
30 | * Two processes monitoring each other, found another prevent killed, start it.
31 | * Versatile, protection capability, can protect Windows service program.
32 | * Not really prevent killed, just rebooted.
33 |
34 | Driver protection
35 | --------------------------------------------------------
36 | * use drive’s ZwQuerySystemInformation hook,to do hide or prevent killed process.
37 | * Strong ability, can protective ice sword
38 | * Complex, right to drive will be identified as Trojan by anti-virus software
39 |
--------------------------------------------------------------------------------
/ring3Right/KillMe/KillMe.cpp:
--------------------------------------------------------------------------------
1 | // KillMe.cpp : Defines the class behaviors for the application.
2 | //
3 |
4 | #include "stdafx.h"
5 | #include "KillMe.h"
6 | #include "KillMeDlg.h"
7 |
8 | #ifdef _DEBUG
9 | #define new DEBUG_NEW
10 | #undef THIS_FILE
11 | static char THIS_FILE[] = __FILE__;
12 | #endif
13 |
14 | /////////////////////////////////////////////////////////////////////////////
15 | // CKillMeApp
16 |
17 | BEGIN_MESSAGE_MAP(CKillMeApp, CWinApp)
18 | //{{AFX_MSG_MAP(CKillMeApp)
19 | // NOTE - the ClassWizard will add and remove mapping macros here.
20 | // DO NOT EDIT what you see in these blocks of generated code!
21 | //}}AFX_MSG
22 | ON_COMMAND(ID_HELP, CWinApp::OnHelp)
23 | END_MESSAGE_MAP()
24 |
25 | /////////////////////////////////////////////////////////////////////////////
26 | // CKillMeApp construction
27 |
28 | CKillMeApp::CKillMeApp()
29 | {
30 | // TODO: add construction code here,
31 | // Place all significant initialization in InitInstance
32 | }
33 |
34 | /////////////////////////////////////////////////////////////////////////////
35 | // The one and only CKillMeApp object
36 |
37 | CKillMeApp theApp;
38 |
39 | /////////////////////////////////////////////////////////////////////////////
40 | // CKillMeApp initialization
41 |
42 | BOOL CKillMeApp::InitInstance()
43 | {
44 | CoInitialize(NULL);
45 |
46 | AfxOleInit();
47 | AfxEnableControlContainer();
48 |
49 | // Standard initialization
50 | // If you are not using these features and wish to reduce the size
51 | // of your final executable, you should remove from the following
52 | // the specific initialization routines you do not need.
53 |
54 | #ifdef _AFXDLL
55 | Enable3dControls(); // Call this when using MFC in a shared DLL
56 | #else
57 | Enable3dControlsStatic(); // Call this when linking to MFC statically
58 | #endif
59 |
60 | CKillMeDlg dlg;
61 | m_pMainWnd = &dlg;
62 | int nResponse = dlg.DoModal();
63 | if (nResponse == IDOK)
64 | {
65 | // TODO: Place code here to handle when the dialog is
66 | // dismissed with OK
67 | }
68 | else if (nResponse == IDCANCEL)
69 | {
70 | // TODO: Place code here to handle when the dialog is
71 | // dismissed with Cancel
72 | }
73 |
74 | // Since the dialog has been closed, return FALSE so that we exit the
75 | // application, rather than start the application's message pump.
76 | return FALSE;
77 | }
78 |
--------------------------------------------------------------------------------
/ring3Right/KillMe/KillMe.depend:
--------------------------------------------------------------------------------
1 | # depslib dependency file v1.0
2 | 1201857918 source:c:\killme\killme.rc
3 | "resource.h"
4 | "afxres.h"
5 | "res\KillMe.rc2"
6 | "l.chs\afxres.rc"
7 |
8 | 1201768882 c:\killme\resource.h
9 |
10 | 1201760123 c:\killme\res\killme.rc2
11 |
12 | 1201829258 source:c:\killme\killmedlg.cpp
13 | "stdafx.h"
14 | "KillMe.h"
15 | "KillMeDlg.h"
16 | "kwindef.h"
17 |
18 | 1201760123 c:\killme\stdafx.h
19 |
20 |
21 |
22 |
23 |
24 |
25 | 1201760123 c:\killme\killme.h
26 | "resource.h"
27 |
28 | 1201829222 c:\killme\killmedlg.h
29 | "webbrowser2.h"
30 |
31 | 1201767216 c:\killme\webbrowser2.h
32 |
33 | 1201759359 c:\killme\kwindef.h
34 |
35 | 1201760123 source:c:\killme\stdafx.cpp
36 | "stdafx.h"
37 |
38 | 1201767216 source:c:\killme\webbrowser2.cpp
39 | "stdafx.h"
40 | "webbrowser2.h"
41 |
42 | 1201767716 source:c:\killme\killme.cpp
43 | "stdafx.h"
44 | "KillMe.h"
45 | "KillMeDlg.h"
46 |
47 |
--------------------------------------------------------------------------------
/ring3Right/KillMe/KillMe.dsp:
--------------------------------------------------------------------------------
1 | # Microsoft Developer Studio Project File - Name="KillMe" - Package Owner=<4>
2 | # Microsoft Developer Studio Generated Build File, Format Version 6.00
3 | # ** DO NOT EDIT **
4 |
5 | # TARGTYPE "Win32 (x86) Application" 0x0101
6 |
7 | CFG=KillMe - Win32 Debug
8 | !MESSAGE This is not a valid makefile. To build this project using NMAKE,
9 | !MESSAGE use the Export Makefile command and run
10 | !MESSAGE
11 | !MESSAGE NMAKE /f "KillMe.mak".
12 | !MESSAGE
13 | !MESSAGE You can specify a configuration when running NMAKE
14 | !MESSAGE by defining the macro CFG on the command line. For example:
15 | !MESSAGE
16 | !MESSAGE NMAKE /f "KillMe.mak" CFG="KillMe - Win32 Debug"
17 | !MESSAGE
18 | !MESSAGE Possible choices for configuration are:
19 | !MESSAGE
20 | !MESSAGE "KillMe - Win32 Release" (based on "Win32 (x86) Application")
21 | !MESSAGE "KillMe - Win32 Debug" (based on "Win32 (x86) Application")
22 | !MESSAGE
23 |
24 | # Begin Project
25 | # PROP AllowPerConfigDependencies 0
26 | # PROP Scc_ProjName ""
27 | # PROP Scc_LocalPath ""
28 | CPP=cl.exe
29 | MTL=midl.exe
30 | RSC=rc.exe
31 |
32 | !IF "$(CFG)" == "KillMe - Win32 Release"
33 |
34 | # PROP BASE Use_MFC 6
35 | # PROP BASE Use_Debug_Libraries 0
36 | # PROP BASE Output_Dir "Release"
37 | # PROP BASE Intermediate_Dir "Release"
38 | # PROP BASE Target_Dir ""
39 | # PROP Use_MFC 6
40 | # PROP Use_Debug_Libraries 0
41 | # PROP Output_Dir "Release"
42 | # PROP Intermediate_Dir "Release"
43 | # PROP Target_Dir ""
44 | # ADD BASE CPP /nologo /MD /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_AFXDLL" /Yu"stdafx.h" /FD /c
45 | # ADD CPP /nologo /MD /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_AFXDLL" /D "_MBCS" /Yu"stdafx.h" /FD /c
46 | # ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
47 | # ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
48 | # ADD BASE RSC /l 0x804 /d "NDEBUG" /d "_AFXDLL"
49 | # ADD RSC /l 0x804 /d "NDEBUG" /d "_AFXDLL"
50 | BSC32=bscmake.exe
51 | # ADD BASE BSC32 /nologo
52 | # ADD BSC32 /nologo
53 | LINK32=link.exe
54 | # ADD BASE LINK32 /nologo /subsystem:windows /machine:I386
55 | # ADD LINK32 /nologo /subsystem:windows /machine:I386
56 |
57 | !ELSEIF "$(CFG)" == "KillMe - Win32 Debug"
58 |
59 | # PROP BASE Use_MFC 6
60 | # PROP BASE Use_Debug_Libraries 1
61 | # PROP BASE Output_Dir "Debug"
62 | # PROP BASE Intermediate_Dir "Debug"
63 | # PROP BASE Target_Dir ""
64 | # PROP Use_MFC 6
65 | # PROP Use_Debug_Libraries 1
66 | # PROP Output_Dir "Debug"
67 | # PROP Intermediate_Dir "Debug"
68 | # PROP Target_Dir ""
69 | # ADD BASE CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_AFXDLL" /Yu"stdafx.h" /FD /GZ /c
70 | # ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_AFXDLL" /D "_MBCS" /Yu"stdafx.h" /FD /GZ /c
71 | # ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
72 | # ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
73 | # ADD BASE RSC /l 0x804 /d "_DEBUG" /d "_AFXDLL"
74 | # ADD RSC /l 0x804 /d "_DEBUG" /d "_AFXDLL"
75 | BSC32=bscmake.exe
76 | # ADD BASE BSC32 /nologo
77 | # ADD BSC32 /nologo
78 | LINK32=link.exe
79 | # ADD BASE LINK32 /nologo /subsystem:windows /debug /machine:I386 /pdbtype:sept
80 | # ADD LINK32 /nologo /subsystem:windows /debug /machine:I386 /pdbtype:sept
81 |
82 | !ENDIF
83 |
84 | # Begin Target
85 |
86 | # Name "KillMe - Win32 Release"
87 | # Name "KillMe - Win32 Debug"
88 | # Begin Group "Source Files"
89 |
90 | # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
91 | # Begin Source File
92 |
93 | SOURCE=.\KillMe.cpp
94 | # End Source File
95 | # Begin Source File
96 |
97 | SOURCE=.\KillMe.rc
98 | # End Source File
99 | # Begin Source File
100 |
101 | SOURCE=.\KillMeDlg.cpp
102 | # End Source File
103 | # Begin Source File
104 |
105 | SOURCE=.\StdAfx.cpp
106 | # ADD CPP /Yc"stdafx.h"
107 | # End Source File
108 | # Begin Source File
109 |
110 | SOURCE=.\webbrowser2.cpp
111 | # End Source File
112 | # End Group
113 | # Begin Group "Header Files"
114 |
115 | # PROP Default_Filter "h;hpp;hxx;hm;inl"
116 | # Begin Source File
117 |
118 | SOURCE=.\KillMe.h
119 | # End Source File
120 | # Begin Source File
121 |
122 | SOURCE=.\KillMeDlg.h
123 | # End Source File
124 | # Begin Source File
125 |
126 | SOURCE=.\kwindef.h
127 | # End Source File
128 | # Begin Source File
129 |
130 | SOURCE=.\Resource.h
131 | # End Source File
132 | # Begin Source File
133 |
134 | SOURCE=.\StdAfx.h
135 | # End Source File
136 | # Begin Source File
137 |
138 | SOURCE=.\webbrowser2.h
139 | # End Source File
140 | # End Group
141 | # Begin Group "Resource Files"
142 |
143 | # PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
144 | # Begin Source File
145 |
146 | SOURCE=.\res\cat.gif
147 | # End Source File
148 | # Begin Source File
149 |
150 | SOURCE=.\res\default1.bin
151 | # End Source File
152 | # Begin Source File
153 |
154 | SOURCE=.\res\KillMe.ico
155 | # End Source File
156 | # Begin Source File
157 |
158 | SOURCE=.\res\KillMe.rc2
159 | # End Source File
160 | # End Group
161 | # Begin Source File
162 |
163 | SOURCE=.\res\cat.htm
164 | # End Source File
165 | # Begin Source File
166 |
167 | SOURCE=.\ReadMe.txt
168 | # End Source File
169 | # End Target
170 | # End Project
171 | # Section KillMe : {D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}
172 | # 2:5:Class:CWebBrowser2
173 | # 2:10:HeaderFile:webbrowser2.h
174 | # 2:8:ImplFile:webbrowser2.cpp
175 | # End Section
176 | # Section KillMe : {8856F961-340A-11D0-A96B-00C04FD705A2}
177 | # 2:21:DefaultSinkHeaderFile:webbrowser2.h
178 | # 2:16:DefaultSinkClass:CWebBrowser2
179 | # End Section
180 |
--------------------------------------------------------------------------------
/ring3Right/KillMe/KillMe.dsw:
--------------------------------------------------------------------------------
1 | Microsoft Developer Studio Workspace File, Format Version 6.00
2 | # WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
3 |
4 | ###############################################################################
5 |
6 | Project: "KillMe"=.\KillMe.dsp - Package Owner=<4>
7 |
8 | Package=<5>
9 | {{{
10 | }}}
11 |
12 | Package=<4>
13 | {{{
14 | }}}
15 |
16 | ###############################################################################
17 |
18 | Global:
19 |
20 | Package=<5>
21 | {{{
22 | }}}
23 |
24 | Package=<3>
25 | {{{
26 | {8856F961-340A-11D0-A96B-00C04FD705A2}
27 | }}}
28 |
29 | ###############################################################################
30 |
31 |
--------------------------------------------------------------------------------
/ring3Right/KillMe/KillMe.h:
--------------------------------------------------------------------------------
1 | // KillMe.h : main header file for the KILLME application
2 | //
3 |
4 | #if !defined(AFX_KILLME_H__72B4CC5E_FA3B_4EF2_AA6E_8F8D2E1BDF26__INCLUDED_)
5 | #define AFX_KILLME_H__72B4CC5E_FA3B_4EF2_AA6E_8F8D2E1BDF26__INCLUDED_
6 |
7 | #if _MSC_VER > 1000
8 | #pragma once
9 | #endif // _MSC_VER > 1000
10 |
11 | #ifndef __AFXWIN_H__
12 | #error include 'stdafx.h' before including this file for PCH
13 | #endif
14 |
15 | #include "resource.h" // main symbols
16 |
17 | /////////////////////////////////////////////////////////////////////////////
18 | // CKillMeApp:
19 | // See KillMe.cpp for the implementation of this class
20 | //
21 |
22 | class CKillMeApp : public CWinApp
23 | {
24 | public:
25 | CKillMeApp();
26 |
27 | // Overrides
28 | // ClassWizard generated virtual function overrides
29 | //{{AFX_VIRTUAL(CKillMeApp)
30 | public:
31 | virtual BOOL InitInstance();
32 | //}}AFX_VIRTUAL
33 |
34 | // Implementation
35 |
36 | //{{AFX_MSG(CKillMeApp)
37 | // NOTE - the ClassWizard will add and remove member functions here.
38 | // DO NOT EDIT what you see in these blocks of generated code !
39 | //}}AFX_MSG
40 | DECLARE_MESSAGE_MAP()
41 | };
42 |
43 |
44 | /////////////////////////////////////////////////////////////////////////////
45 |
46 | //{{AFX_INSERT_LOCATION}}
47 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line.
48 |
49 | #endif // !defined(AFX_KILLME_H__72B4CC5E_FA3B_4EF2_AA6E_8F8D2E1BDF26__INCLUDED_)
50 |
--------------------------------------------------------------------------------
/ring3Right/KillMe/KillMe.layout:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/ring3Right/KillMe/KillMe.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/ring3Right/KillMe/KillMe.rc
--------------------------------------------------------------------------------
/ring3Right/KillMe/KillMe.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 9.00
3 | # Visual Studio 2005
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "KillMe", "KillMe.vcproj", "{3B1A4279-2DBC-4DDC-ACD9-4654257FE874}"
5 | EndProject
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "WriteMemory", "..\WriteMemory\WriteMemory.vcproj", "{A19BFD1D-560E-4970-A3F3-9E16383CFB11}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|Win32 = Debug|Win32
11 | Release|Win32 = Release|Win32
12 | EndGlobalSection
13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | {3B1A4279-2DBC-4DDC-ACD9-4654257FE874}.Debug|Win32.ActiveCfg = Debug|Win32
15 | {3B1A4279-2DBC-4DDC-ACD9-4654257FE874}.Debug|Win32.Build.0 = Debug|Win32
16 | {3B1A4279-2DBC-4DDC-ACD9-4654257FE874}.Release|Win32.ActiveCfg = Release|Win32
17 | {3B1A4279-2DBC-4DDC-ACD9-4654257FE874}.Release|Win32.Build.0 = Release|Win32
18 | {A19BFD1D-560E-4970-A3F3-9E16383CFB11}.Debug|Win32.ActiveCfg = Debug|Win32
19 | {A19BFD1D-560E-4970-A3F3-9E16383CFB11}.Debug|Win32.Build.0 = Debug|Win32
20 | {A19BFD1D-560E-4970-A3F3-9E16383CFB11}.Release|Win32.ActiveCfg = Release|Win32
21 | {A19BFD1D-560E-4970-A3F3-9E16383CFB11}.Release|Win32.Build.0 = Release|Win32
22 | EndGlobalSection
23 | GlobalSection(SolutionProperties) = preSolution
24 | HideSolutionNode = FALSE
25 | EndGlobalSection
26 | EndGlobal
27 |
--------------------------------------------------------------------------------
/ring3Right/KillMe/KillMe.vcproj.ST.Administrator.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/ring3Right/KillMe/KillMeDlg.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/ring3Right/KillMe/KillMeDlg.cpp
--------------------------------------------------------------------------------
/ring3Right/KillMe/KillMeDlg.h:
--------------------------------------------------------------------------------
1 | // KillMeDlg.h : header file
2 | //
3 | //{{AFX_INCLUDES()
4 | #include "webbrowser2.h"
5 | //}}AFX_INCLUDES
6 |
7 | #if !defined(AFX_KILLMEDLG_H__4EC643E8_D038_4D1B_BD6B_FB316AFFD886__INCLUDED_)
8 | #define AFX_KILLMEDLG_H__4EC643E8_D038_4D1B_BD6B_FB316AFFD886__INCLUDED_
9 |
10 | #if _MSC_VER > 1000
11 | #pragma once
12 | #endif // _MSC_VER > 1000
13 |
14 | /////////////////////////////////////////////////////////////////////////////
15 | // CKillMeDlg dialog
16 |
17 | class CKillMeDlg : public CDialog
18 | {
19 | // Construction
20 | public:
21 | CKillMeDlg(CWnd* pParent = NULL); // standard constructor
22 | virtual ~CKillMeDlg();
23 | // Dialog Data
24 | //{{AFX_DATA(CKillMeDlg)
25 | enum { IDD = IDD_KILLME_DIALOG };
26 | CWebBrowser2 m_ie;
27 | //}}AFX_DATA
28 |
29 | // ClassWizard generated virtual function overrides
30 | //{{AFX_VIRTUAL(CKillMeDlg)
31 | protected:
32 | virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support
33 | //}}AFX_VIRTUAL
34 |
35 | // Implementation
36 | protected:
37 | HICON m_hIcon;
38 |
39 | // Generated message map functions
40 | //{{AFX_MSG(CKillMeDlg)
41 | virtual BOOL OnInitDialog();
42 | afx_msg void OnSysCommand(UINT nID, LPARAM lParam);
43 | afx_msg void OnPaint();
44 | afx_msg HCURSOR OnQueryDragIcon();
45 | afx_msg void OnButtonProtect();
46 | afx_msg void OnButtonReset();
47 | afx_msg void OnButtonProtect2();
48 | //}}AFX_MSG
49 | DECLARE_MESSAGE_MAP()
50 | };
51 |
52 | //{{AFX_INSERT_LOCATION}}
53 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line.
54 |
55 | #endif // !defined(AFX_KILLMEDLG_H__4EC643E8_D038_4D1B_BD6B_FB316AFFD886__INCLUDED_)
56 |
--------------------------------------------------------------------------------
/ring3Right/KillMe/ReadMe.txt:
--------------------------------------------------------------------------------
1 | ========================================================================
2 | MICROSOFT FOUNDATION CLASS LIBRARY : KillMe
3 | ========================================================================
4 |
5 |
6 | AppWizard has created this KillMe application for you. This application
7 | not only demonstrates the basics of using the Microsoft Foundation classes
8 | but is also a starting point for writing your application.
9 |
10 | This file contains a summary of what you will find in each of the files that
11 | make up your KillMe application.
12 |
13 | KillMe.dsp
14 | This file (the project file) contains information at the project level and
15 | is used to build a single project or subproject. Other users can share the
16 | project (.dsp) file, but they should export the makefiles locally.
17 |
18 | KillMe.h
19 | This is the main header file for the application. It includes other
20 | project specific headers (including Resource.h) and declares the
21 | CKillMeApp application class.
22 |
23 | KillMe.cpp
24 | This is the main application source file that contains the application
25 | class CKillMeApp.
26 |
27 | KillMe.rc
28 | This is a listing of all of the Microsoft Windows resources that the
29 | program uses. It includes the icons, bitmaps, and cursors that are stored
30 | in the RES subdirectory. This file can be directly edited in Microsoft
31 | Visual C++.
32 |
33 | KillMe.clw
34 | This file contains information used by ClassWizard to edit existing
35 | classes or add new classes. ClassWizard also uses this file to store
36 | information needed to create and edit message maps and dialog data
37 | maps and to create prototype member functions.
38 |
39 | res\KillMe.ico
40 | This is an icon file, which is used as the application's icon. This
41 | icon is included by the main resource file KillMe.rc.
42 |
43 | res\KillMe.rc2
44 | This file contains resources that are not edited by Microsoft
45 | Visual C++. You should place all resources not editable by
46 | the resource editor in this file.
47 |
48 |
49 |
50 |
51 | /////////////////////////////////////////////////////////////////////////////
52 |
53 | AppWizard creates one dialog class:
54 |
55 | KillMeDlg.h, KillMeDlg.cpp - the dialog
56 | These files contain your CKillMeDlg class. This class defines
57 | the behavior of your application's main dialog. The dialog's
58 | template is in KillMe.rc, which can be edited in Microsoft
59 | Visual C++.
60 |
61 |
62 | /////////////////////////////////////////////////////////////////////////////
63 | Other standard files:
64 |
65 | StdAfx.h, StdAfx.cpp
66 | These files are used to build a precompiled header (PCH) file
67 | named KillMe.pch and a precompiled types file named StdAfx.obj.
68 |
69 | Resource.h
70 | This is the standard header file, which defines new resource IDs.
71 | Microsoft Visual C++ reads and updates this file.
72 |
73 | /////////////////////////////////////////////////////////////////////////////
74 | Other notes:
75 |
76 | AppWizard uses "TODO:" to indicate parts of the source code you
77 | should add to or customize.
78 |
79 | If your application uses MFC in a shared DLL, and your application is
80 | in a language other than the operating system's current language, you
81 | will need to copy the corresponding localized resources MFC42XXX.DLL
82 | from the Microsoft Visual C++ CD-ROM onto the system or system32 directory,
83 | and rename it to be MFCLOC.DLL. ("XXX" stands for the language abbreviation.
84 | For example, MFC42DEU.DLL contains resources translated to German.) If you
85 | don't do this, some of the UI elements of your application will remain in the
86 | language of the operating system.
87 |
88 | /////////////////////////////////////////////////////////////////////////////
89 |
--------------------------------------------------------------------------------
/ring3Right/KillMe/StdAfx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // KillMe.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 |
5 | #include "stdafx.h"
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/ring3Right/KillMe/StdAfx.h:
--------------------------------------------------------------------------------
1 | // stdafx.h : include file for standard system include files,
2 | // or project specific include files that are used frequently, but
3 | // are changed infrequently
4 | //
5 |
6 | #if !defined(AFX_STDAFX_H__A9EBE13F_541F_40EC_9278_0136A799432D__INCLUDED_)
7 | #define AFX_STDAFX_H__A9EBE13F_541F_40EC_9278_0136A799432D__INCLUDED_
8 |
9 | #if _MSC_VER > 1000
10 | #pragma once
11 | #endif // _MSC_VER > 1000
12 |
13 | #define VC_EXTRALEAN // Exclude rarely-used stuff from Windows headers
14 |
15 | #include // MFC core and standard components
16 | #include // MFC extensions
17 | #include // MFC Automation classes
18 | #include // MFC support for Internet Explorer 4 Common Controls
19 | #ifndef _AFX_NO_AFXCMN_SUPPORT
20 | #include // MFC support for Windows Common Controls
21 | #endif // _AFX_NO_AFXCMN_SUPPORT
22 |
23 |
24 | //{{AFX_INSERT_LOCATION}}
25 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line.
26 |
27 | #endif // !defined(AFX_STDAFX_H__A9EBE13F_541F_40EC_9278_0136A799432D__INCLUDED_)
28 |
--------------------------------------------------------------------------------
/ring3Right/KillMe/kwindef.h:
--------------------------------------------------------------------------------
1 | #ifndef KWINDEF_H_
2 | #define KWINDEF_H_
3 |
4 |
5 | /*
6 | * you'll find a list of NTSTATUS status codes in the DDK header
7 | * ntstatus.h (\WINDDK\2600.1106\inc\ddk\wxp\)
8 | */
9 | #define NT_SUCCESS(status) ((NTSTATUS)(status)>=0)
10 | #define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L)
11 | #define STATUS_ACCESS_DENIED ((NTSTATUS)0xC0000022L)
12 |
13 | /*
14 | *************************************************************************
15 | * ntddk.h
16 | */
17 | typedef LONG NTSTATUS;
18 | typedef ULONG ACCESS_MASK;
19 | /*
20 | * ntdef.h
21 | *************************************************************************
22 | */
23 |
24 | /*
25 | *************************************************************************
26 | * <> - Gary Nebbett
27 | */
28 |
29 | typedef enum _SYSTEM_INFORMATION_CLASS
30 | {
31 | SystemHandleInformation = 16
32 | } SYSTEM_INFORMATION_CLASS;
33 |
34 | /*
35 | *Information Class 16
36 | */
37 | typedef struct _SYSTEM_HANDLE_INFORMATION
38 | {
39 | ULONG ProcessId;
40 | UCHAR ObjectTypeNumber;
41 | UCHAR Flags;
42 | USHORT Handle;
43 | PVOID Object;
44 | ACCESS_MASK GrantedAccess;
45 | } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
46 |
47 | typedef struct _MEMORY_CHUNKS {
48 | ULONG Address;
49 | PVOID Data;
50 | ULONG Length;
51 | }MEMORY_CHUNKS, *PMEMORY_CHUNKS;
52 |
53 |
54 | typedef NTSTATUS ( __stdcall *ZWQUERYSYSTEMINFORMATION ) ( IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
55 | IN OUT PVOID SystemInformation,
56 | IN ULONG SystemInformationLength,
57 | OUT PULONG ReturnLength OPTIONAL );
58 |
59 | typedef NTSTATUS ( __stdcall *NTSYSTEMDEBUGCONTROL ) ( IN int nCmd,
60 | IN PVOID pInBuf,
61 | IN ULONG nInLen,
62 | OUT PVOID pOutBuf,
63 | IN ULONG nOutLen,
64 | OUT PULONG nRetLen OPTIONAL);
65 |
66 | #endif
--------------------------------------------------------------------------------
/ring3Right/KillMe/res/KillMe.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/ring3Right/KillMe/res/KillMe.ico
--------------------------------------------------------------------------------
/ring3Right/KillMe/res/KillMe.rc2:
--------------------------------------------------------------------------------
1 | //
2 | // KILLME.RC2 - resources Microsoft Visual C++ does not edit directly
3 | //
4 |
5 | #ifdef APSTUDIO_INVOKED
6 | #error this file is not editable by Microsoft Visual C++
7 | #endif //APSTUDIO_INVOKED
8 |
9 |
10 | /////////////////////////////////////////////////////////////////////////////
11 | // Add manually edited resources here...
12 |
13 | /////////////////////////////////////////////////////////////////////////////
14 |
--------------------------------------------------------------------------------
/ring3Right/KillMe/res/default1.bin:
--------------------------------------------------------------------------------
1 |
2 |
5 |
10 | KillMe Application
11 |
12 |
13 |
20 |
21 |
22 |
23 |
--------------------------------------------------------------------------------
/ring3Right/KillMe/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Developer Studio generated include file.
3 | // Used by KillMe.rc
4 | //
5 | #define IDM_ABOUTBOX 0x0010
6 | #define IDD_ABOUTBOX 100
7 | #define IDS_ABOUTBOX 101
8 | #define IDD_KILLME_DIALOG 102
9 | #define IDR_MAINFRAME 128
10 | #define IDC_BUTTON_PROTECT 1000
11 | #define IDC_BUTTON_RESET 1001
12 | #define IDC_BUTTON_PROTECT2 1002
13 | #define IDC_BUTTON_DISABLE 1003
14 | #define IDC_BUTTON 1004
15 | #define IDC_EXPLORER1 1005
16 |
17 | // Next default values for new objects
18 | //
19 | #ifdef APSTUDIO_INVOKED
20 | #ifndef APSTUDIO_READONLY_SYMBOLS
21 | #define _APS_NEXT_RESOURCE_VALUE 131
22 | #define _APS_NEXT_COMMAND_VALUE 32771
23 | #define _APS_NEXT_CONTROL_VALUE 1006
24 | #define _APS_NEXT_SYMED_VALUE 101
25 | #endif
26 | #endif
27 |
--------------------------------------------------------------------------------
/ring3Right/KillMe/webbrowser2.h:
--------------------------------------------------------------------------------
1 | #if !defined(AFX_WEBBROWSER2_H__C40B0B15_F4C9_4E56_B307_C1BEBF3DE2C9__INCLUDED_)
2 | #define AFX_WEBBROWSER2_H__C40B0B15_F4C9_4E56_B307_C1BEBF3DE2C9__INCLUDED_
3 |
4 | #if _MSC_VER > 1000
5 | #pragma once
6 | #endif // _MSC_VER > 1000
7 | // Machine generated IDispatch wrapper class(es) created by Microsoft Visual C++
8 |
9 | // NOTE: Do not modify the contents of this file. If this class is regenerated by
10 | // Microsoft Visual C++, your modifications will be overwritten.
11 |
12 | /////////////////////////////////////////////////////////////////////////////
13 | // CWebBrowser2 wrapper class
14 |
15 | class CWebBrowser2 : public CWnd
16 | {
17 | protected:
18 | DECLARE_DYNCREATE(CWebBrowser2)
19 | public:
20 | CLSID const& GetClsid()
21 | {
22 | static CLSID const clsid
23 | = { 0x8856f961, 0x340a, 0x11d0, { 0xa9, 0x6b, 0x0, 0xc0, 0x4f, 0xd7, 0x5, 0xa2 } };
24 | return clsid;
25 | }
26 | virtual BOOL Create(LPCTSTR lpszClassName,
27 | LPCTSTR lpszWindowName, DWORD dwStyle,
28 | const RECT& rect,
29 | CWnd* pParentWnd, UINT nID,
30 | CCreateContext* pContext = NULL)
31 | { return CreateControl(GetClsid(), lpszWindowName, dwStyle, rect, pParentWnd, nID); }
32 |
33 | BOOL Create(LPCTSTR lpszWindowName, DWORD dwStyle,
34 | const RECT& rect, CWnd* pParentWnd, UINT nID,
35 | CFile* pPersist = NULL, BOOL bStorage = FALSE,
36 | BSTR bstrLicKey = NULL)
37 | { return CreateControl(GetClsid(), lpszWindowName, dwStyle, rect, pParentWnd, nID,
38 | pPersist, bStorage, bstrLicKey); }
39 |
40 | // Attributes
41 | public:
42 |
43 | // Operations
44 | public:
45 | void GoBack();
46 | void GoForward();
47 | void GoHome();
48 | void GoSearch();
49 | void Navigate(LPCTSTR URL, VARIANT* Flags, VARIANT* TargetFrameName, VARIANT* PostData, VARIANT* Headers);
50 | void Refresh();
51 | void Refresh2(VARIANT* Level);
52 | void Stop();
53 | LPDISPATCH GetApplication();
54 | LPDISPATCH GetParent();
55 | LPDISPATCH GetContainer();
56 | LPDISPATCH GetDocument();
57 | BOOL GetTopLevelContainer();
58 | CString GetType();
59 | long GetLeft();
60 | void SetLeft(long nNewValue);
61 | long GetTop();
62 | void SetTop(long nNewValue);
63 | long GetWidth();
64 | void SetWidth(long nNewValue);
65 | long GetHeight();
66 | void SetHeight(long nNewValue);
67 | CString GetLocationName();
68 | CString GetLocationURL();
69 | BOOL GetBusy();
70 | void Quit();
71 | void ClientToWindow(long* pcx, long* pcy);
72 | void PutProperty(LPCTSTR Property_, const VARIANT& vtValue);
73 | VARIANT GetProperty_(LPCTSTR Property_);
74 | CString GetName();
75 | long GetHwnd();
76 | CString GetFullName();
77 | CString GetPath();
78 | BOOL GetVisible();
79 | void SetVisible(BOOL bNewValue);
80 | BOOL GetStatusBar();
81 | void SetStatusBar(BOOL bNewValue);
82 | CString GetStatusText();
83 | void SetStatusText(LPCTSTR lpszNewValue);
84 | long GetToolBar();
85 | void SetToolBar(long nNewValue);
86 | BOOL GetMenuBar();
87 | void SetMenuBar(BOOL bNewValue);
88 | BOOL GetFullScreen();
89 | void SetFullScreen(BOOL bNewValue);
90 | void Navigate2(VARIANT* URL, VARIANT* Flags, VARIANT* TargetFrameName, VARIANT* PostData, VARIANT* Headers);
91 | long QueryStatusWB(long cmdID);
92 | void ExecWB(long cmdID, long cmdexecopt, VARIANT* pvaIn, VARIANT* pvaOut);
93 | void ShowBrowserBar(VARIANT* pvaClsid, VARIANT* pvarShow, VARIANT* pvarSize);
94 | long GetReadyState();
95 | BOOL GetOffline();
96 | void SetOffline(BOOL bNewValue);
97 | BOOL GetSilent();
98 | void SetSilent(BOOL bNewValue);
99 | BOOL GetRegisterAsBrowser();
100 | void SetRegisterAsBrowser(BOOL bNewValue);
101 | BOOL GetRegisterAsDropTarget();
102 | void SetRegisterAsDropTarget(BOOL bNewValue);
103 | BOOL GetTheaterMode();
104 | void SetTheaterMode(BOOL bNewValue);
105 | BOOL GetAddressBar();
106 | void SetAddressBar(BOOL bNewValue);
107 | BOOL GetResizable();
108 | void SetResizable(BOOL bNewValue);
109 | };
110 |
111 | //{{AFX_INSERT_LOCATION}}
112 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line.
113 |
114 | #endif // !defined(AFX_WEBBROWSER2_H__C40B0B15_F4C9_4E56_B307_C1BEBF3DE2C9__INCLUDED_)
115 |
--------------------------------------------------------------------------------
/ring3Right/WriteMemory/WriteMemory.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/ring3Right/WriteMemory/WriteMemory.cpp
--------------------------------------------------------------------------------
/ring3Right/WriteMemory/WriteMemory.dsp:
--------------------------------------------------------------------------------
1 | # Microsoft Developer Studio Project File - Name="WriteMemory" - Package Owner=<4>
2 | # Microsoft Developer Studio Generated Build File, Format Version 6.00
3 | # ** DO NOT EDIT **
4 |
5 | # TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
6 |
7 | CFG=WriteMemory - Win32 Debug
8 | !MESSAGE This is not a valid makefile. To build this project using NMAKE,
9 | !MESSAGE use the Export Makefile command and run
10 | !MESSAGE
11 | !MESSAGE NMAKE /f "WriteMemory.mak".
12 | !MESSAGE
13 | !MESSAGE You can specify a configuration when running NMAKE
14 | !MESSAGE by defining the macro CFG on the command line. For example:
15 | !MESSAGE
16 | !MESSAGE NMAKE /f "WriteMemory.mak" CFG="WriteMemory - Win32 Debug"
17 | !MESSAGE
18 | !MESSAGE Possible choices for configuration are:
19 | !MESSAGE
20 | !MESSAGE "WriteMemory - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
21 | !MESSAGE "WriteMemory - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
22 | !MESSAGE
23 |
24 | # Begin Project
25 | # PROP AllowPerConfigDependencies 0
26 | # PROP Scc_ProjName ""
27 | # PROP Scc_LocalPath ""
28 | CPP=cl.exe
29 | MTL=midl.exe
30 | RSC=rc.exe
31 |
32 | !IF "$(CFG)" == "WriteMemory - Win32 Release"
33 |
34 | # PROP BASE Use_MFC 0
35 | # PROP BASE Use_Debug_Libraries 0
36 | # PROP BASE Output_Dir "Release"
37 | # PROP BASE Intermediate_Dir "Release"
38 | # PROP BASE Target_Dir ""
39 | # PROP Use_MFC 0
40 | # PROP Use_Debug_Libraries 0
41 | # PROP Output_Dir "Release"
42 | # PROP Intermediate_Dir "Release"
43 | # PROP Target_Dir ""
44 | # ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "WRITEMEMORY_EXPORTS" /YX /FD /c
45 | # ADD CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "WRITEMEMORY_EXPORTS" /YX /FD /c
46 | # ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
47 | # ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
48 | # ADD BASE RSC /l 0x804 /d "NDEBUG"
49 | # ADD RSC /l 0x804 /d "NDEBUG"
50 | BSC32=bscmake.exe
51 | # ADD BASE BSC32 /nologo
52 | # ADD BSC32 /nologo
53 | LINK32=link.exe
54 | # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /machine:I386
55 | # ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /machine:I386
56 |
57 | !ELSEIF "$(CFG)" == "WriteMemory - Win32 Debug"
58 |
59 | # PROP BASE Use_MFC 0
60 | # PROP BASE Use_Debug_Libraries 1
61 | # PROP BASE Output_Dir "Debug"
62 | # PROP BASE Intermediate_Dir "Debug"
63 | # PROP BASE Target_Dir ""
64 | # PROP Use_MFC 0
65 | # PROP Use_Debug_Libraries 1
66 | # PROP Output_Dir "Debug"
67 | # PROP Intermediate_Dir "Debug"
68 | # PROP Target_Dir ""
69 | # ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "WRITEMEMORY_EXPORTS" /YX /FD /GZ /c
70 | # ADD CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /D "WRITEMEMORY_EXPORTS" /YX /FD /GZ /c
71 | # ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
72 | # ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
73 | # ADD BASE RSC /l 0x804 /d "_DEBUG"
74 | # ADD RSC /l 0x804 /d "_DEBUG"
75 | BSC32=bscmake.exe
76 | # ADD BASE BSC32 /nologo
77 | # ADD BSC32 /nologo
78 | LINK32=link.exe
79 | # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /debug /machine:I386 /pdbtype:sept
80 | # ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /dll /debug /machine:I386 /pdbtype:sept
81 |
82 | !ENDIF
83 |
84 | # Begin Target
85 |
86 | # Name "WriteMemory - Win32 Release"
87 | # Name "WriteMemory - Win32 Debug"
88 | # Begin Group "Source Files"
89 |
90 | # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
91 | # End Group
92 | # Begin Group "Header Files"
93 |
94 | # PROP Default_Filter "h;hpp;hxx;hm;inl"
95 | # End Group
96 | # Begin Group "Resource Files"
97 |
98 | # PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
99 | # End Group
100 | # End Target
101 | # End Project
102 |
--------------------------------------------------------------------------------
/ring3Right/WriteMemory/WriteMemory.dsw:
--------------------------------------------------------------------------------
1 | Microsoft Developer Studio Workspace File, Format Version 6.00
2 | # WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
3 |
4 | ###############################################################################
5 |
6 | Project: "WriteMemory"=".\WriteMemory.dsp" - Package Owner=<4>
7 |
8 | Package=<5>
9 | {{{
10 | }}}
11 |
12 | Package=<4>
13 | {{{
14 | }}}
15 |
16 | ###############################################################################
17 |
18 | Global:
19 |
20 | Package=<5>
21 | {{{
22 | }}}
23 |
24 | Package=<3>
25 | {{{
26 | }}}
27 |
28 | ###############################################################################
29 |
30 |
--------------------------------------------------------------------------------
/ring3Right/WriteMemory/WriteMemory.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/ring3Right/WriteMemory/WriteMemory.h
--------------------------------------------------------------------------------
/ring3Right/WriteMemory/WriteMemory.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/ring3Right/WriteMemory/WriteMemory.rc
--------------------------------------------------------------------------------
/ring3Right/WriteMemory/WriteMemory.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 9.00
3 | # Visual Studio 2005
4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "WriteMemory", "WriteMemory.vcproj", "{A19BFD1D-560E-4970-A3F3-9E16383CFB11}"
5 | EndProject
6 | Global
7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
8 | Debug|Win32 = Debug|Win32
9 | Release|Win32 = Release|Win32
10 | EndGlobalSection
11 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
12 | {A19BFD1D-560E-4970-A3F3-9E16383CFB11}.Debug|Win32.ActiveCfg = Debug|Win32
13 | {A19BFD1D-560E-4970-A3F3-9E16383CFB11}.Debug|Win32.Build.0 = Debug|Win32
14 | {A19BFD1D-560E-4970-A3F3-9E16383CFB11}.Release|Win32.ActiveCfg = Release|Win32
15 | {A19BFD1D-560E-4970-A3F3-9E16383CFB11}.Release|Win32.Build.0 = Release|Win32
16 | EndGlobalSection
17 | GlobalSection(SolutionProperties) = preSolution
18 | HideSolutionNode = FALSE
19 | EndGlobalSection
20 | EndGlobal
21 |
--------------------------------------------------------------------------------
/ring3Right/WriteMemory/WriteMemory.vcproj.ST.Administrator.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/ring3Right/WriteMemory/WriteMemory.vcproj.VM_QYZ2003.Administrator.user:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
35 |
36 |
39 |
63 |
64 |
65 |
66 |
--------------------------------------------------------------------------------
/ring3Right/WriteMemory/_WriteMemory.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/ring3Right/WriteMemory/_WriteMemory.h
--------------------------------------------------------------------------------
/ring3Right/WriteMemory/kwindef.h:
--------------------------------------------------------------------------------
1 | #ifndef KWINDEF_H_
2 | #define KWINDEF_H_
3 |
4 |
5 | /*
6 | * you'll find a list of NTSTATUS status codes in the DDK header
7 | * ntstatus.h (\WINDDK\2600.1106\inc\ddk\wxp\)
8 | */
9 | #define NT_SUCCESS(status) ((NTSTATUS)(status)>=0)
10 | #define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L)
11 | #define STATUS_ACCESS_DENIED ((NTSTATUS)0xC0000022L)
12 |
13 | /*
14 | *************************************************************************
15 | * ntddk.h
16 | */
17 | typedef LONG NTSTATUS;
18 | typedef ULONG ACCESS_MASK;
19 | /*
20 | * ntdef.h
21 | *************************************************************************
22 | */
23 |
24 | /*
25 | *************************************************************************
26 | * <> - Gary Nebbett
27 | */
28 |
29 | typedef enum _SYSTEM_INFORMATION_CLASS
30 | {
31 | SystemHandleInformation = 16
32 | } SYSTEM_INFORMATION_CLASS;
33 |
34 | /*
35 | *Information Class 16
36 | */
37 | typedef struct _SYSTEM_HANDLE_INFORMATION
38 | {
39 | ULONG ProcessId;
40 | UCHAR ObjectTypeNumber;
41 | UCHAR Flags;
42 | USHORT Handle;
43 | PVOID Object;
44 | ACCESS_MASK GrantedAccess;
45 | } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
46 |
47 | typedef struct _MEMORY_CHUNKS {
48 | ULONG Address;
49 | PVOID Data;
50 | ULONG Length;
51 | }MEMORY_CHUNKS, *PMEMORY_CHUNKS;
52 |
53 |
54 | typedef NTSTATUS ( __stdcall *ZWQUERYSYSTEMINFORMATION ) ( IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
55 | IN OUT PVOID SystemInformation,
56 | IN ULONG SystemInformationLength,
57 | OUT PULONG ReturnLength OPTIONAL );
58 |
59 | typedef NTSTATUS ( __stdcall *NTSYSTEMDEBUGCONTROL ) ( IN int nCmd,
60 | IN PVOID pInBuf,
61 | IN ULONG nInLen,
62 | OUT PVOID pOutBuf,
63 | IN ULONG nOutLen,
64 | OUT PULONG nRetLen OPTIONAL);
65 |
66 | #endif
--------------------------------------------------------------------------------
/ring3Right/WriteMemory/resource.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/ring3Right/WriteMemory/resource.h
--------------------------------------------------------------------------------
/ring3Right/WriteMemory/stdafx.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/ring3Right/WriteMemory/stdafx.cpp
--------------------------------------------------------------------------------
/ring3Right/WriteMemory/stdafx.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/ring3Right/WriteMemory/stdafx.h
--------------------------------------------------------------------------------
/ring3Right/bin/release/WriteMemory.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/ring3Right/bin/release/WriteMemory.dll
--------------------------------------------------------------------------------
/ring3Right/bin/release/killMe.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/ring3Right/bin/release/killMe.exe
--------------------------------------------------------------------------------
/ring3Right/说明.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sg-first/Process-prevent-killed/0cb0a0ba726111e224f3c77dc1ca197e26cecf75/ring3Right/说明.txt
--------------------------------------------------------------------------------