unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, untProcessEventThr, PsAPI, ComCtrls, StrUtils;
type
TForm1 = class(TForm)
btnHide: TButton;
edtProcessName: TEdit;
procedure FormClose(Sender: TObject; var Action: TCloseAction,',',');
procedure btnHideClick(Sender: TObject,',',');
private
{ Private declarations }
public
{ Public declarations }
m_hCommDevice:THandle;
m_hCommEvent:THandle;
end;
var
Form1: TForm1;
implementation
uses Unit2, untConst;
{$R *.dfm}
procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction,',',');
var
dwReturn:DWORD ;
begin
if(m_hCommDevice <> 0) then
begin
if(m_hCommEvent <> 0) then
begin
DeviceIoControl(m_hCommDevice, IO_DEREFERENCE_EVENT, nil, 0, nil, 0, dwReturn, nil,',',');
CloseHandle(m_hCommEvent,',',');
end;
CloseHandle(m_hCommDevice,',',');
end;
end;
procedure TForm1.btnHideClick(Sender: TObject,',',');
var
dwReturn: DWORD;
proname:array [0..1023] of char;
begin
//创建设备
try
m_hCommDevice := CreateFile('\\.\HideProcess', GENERIC_READ or GENERIC_WRITE, FILE_SHARE_READ, nil,
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0,',',');
except
MessageBox(Handle, '创建设备失败', '隐藏进程启动', MB_OK + MB_ICONWARNING,',',');
end;
//创建事件
try
m_hCommEvent := CreateEvent(nil, false, false, nil,',',');
except
CloseHandle(m_hCommDevice,',',');
MessageBox(Handle, '创建事件失败', '隐藏进程启动', MB_OK + MB_ICONWARNING,',',');
end;
//发送事件句柄给驱动
DeviceIoControl(m_hCommDevice, IO_REFERENCE_EVENT, pointer(m_hCommEvent), 0, nil, 0, dwReturn, nil,',',');
StrPCopy(@proname, Trim(edtProcessName.Text),',',');
DeviceIoControl(m_hCommDevice, IO_PASSBUF, @proname, sizeof(proname), nil, 0, dwReturn, nil,',',');
end;
end.
关键字词:
