C# LVM_DELETEITEM 来自列表视图
C# LVM_DELETEITEM from listview
所以,我正在用 C# 编程,我试图从 SysListView32 获取项目 ID,然后发送 LVM_DELETEITEM 消息以从列表视图中删除该项目。
我的代码:
using System;
using System.Collections;
using System.Collections.Generic;
using System.Data;
using System.Diagnostics;
using Microsoft.Win32.SafeHandles;
using System.Runtime.InteropServices;
using System.Text;
using System.ComponentModel;
using System.Windows.Forms;
namespace projone
{
class Hooker
{
[DllImport("user32.dll", EntryPoint = "FindWindowA")]
private static extern Int32 apiFindWindow(string lpClassName, string lpWindowName);
[DllImport("user32.dll", EntryPoint = "FindWindowExA")]
private static extern Int32 apiFindWindowEx(Int32 hWnd1, Int32 hWnd2, string lpsz1, string lpsz2);
[DllImport("user32.dll", EntryPoint = "SendMessageA")]
private static extern Int32 apiSendMessage(int hWnd, int wMsg, int wParam, int lParam);
[DllImport("user32.dll", EntryPoint = "GetDesktopWindow")]
private static extern Int32 apiGetDesktopWindow();
static Int32 LVM_FIRST = 4096;
static Int32 LVM_DELETEITEM = LVM_FIRST + 8;
static Int32 LVM_SORTITEMS = LVM_FIRST + 48;
static Int32 LVM_DELETECOLUMN = LVM_FIRST + 28;
static Int32 LVM_FINDITEM = LVM_FIRST + 13;
static Int32 LVM_GETITEMTEXT = LVM_FIRST + 45;
public static void withdrawProcess()
{
Int32 lhWndParent = apiFindWindow(null, "Windows Task Manager");
Int32 lhWndProcessList = 0;
Int32 lhWndDialog = 0;
for (int i = 1; (i < 7); i++)
{
lhWndDialog = apiFindWindowEx(lhWndParent, lhWndDialog, null, null);
if((lhWndProcessList == 0))
{
lhWndProcessList = apiFindWindowEx(lhWndDialog, 0, "SysListView32", "Processes");
}
}
// Create List
List<string> processes = new List<string>();
// Loops
int processItemCount = 0;
Process[] processlist = Process.GetProcesses();
foreach (Process theprocess in processlist)
{
processItemCount += 1;
processes.Add(theprocess.ProcessName.ToString());
if (theprocess.ProcessName.Equals("notepad"))
{
apiSendMessage(lhWndProcessList, LVM_SORTITEMS, 0, 0);
apiSendMessage(lhWndProcessList, LVM_DELETEITEM, theprocess.Id, 0);
}
}
Console.WriteLine(processItemCount);
//processes.ForEach(Console.WriteLine);
//apiSendMessage(lhWndProcessList, LVM_DELETEITEM, 0, "0"); // third entry is item id in listview
}
}
}
关于如何更正它以成功删除项目的任何想法?不,这不是针对任何类型的 "virus",我正在尝试查看是否可以不直接挂接和拦截 NtQuerySystemInformation。
发送时SendMessage调用的wparam参数LVM_DELETEITEM必须是要删除的项目的索引;您正在传递进程 ID。
发送LVM_DELETEITEM时SendMessage调用的lparam参数必须为零;您正在传递一个指向字符串的指针。
如果任务管理器有保护措施来阻止您做您想做的事情,我不会感到惊讶。如果没有,我会感到惊讶。 Do not hide programs from Task Manager.
所以,我正在用 C# 编程,我试图从 SysListView32 获取项目 ID,然后发送 LVM_DELETEITEM 消息以从列表视图中删除该项目。
我的代码:
using System;
using System.Collections;
using System.Collections.Generic;
using System.Data;
using System.Diagnostics;
using Microsoft.Win32.SafeHandles;
using System.Runtime.InteropServices;
using System.Text;
using System.ComponentModel;
using System.Windows.Forms;
namespace projone
{
class Hooker
{
[DllImport("user32.dll", EntryPoint = "FindWindowA")]
private static extern Int32 apiFindWindow(string lpClassName, string lpWindowName);
[DllImport("user32.dll", EntryPoint = "FindWindowExA")]
private static extern Int32 apiFindWindowEx(Int32 hWnd1, Int32 hWnd2, string lpsz1, string lpsz2);
[DllImport("user32.dll", EntryPoint = "SendMessageA")]
private static extern Int32 apiSendMessage(int hWnd, int wMsg, int wParam, int lParam);
[DllImport("user32.dll", EntryPoint = "GetDesktopWindow")]
private static extern Int32 apiGetDesktopWindow();
static Int32 LVM_FIRST = 4096;
static Int32 LVM_DELETEITEM = LVM_FIRST + 8;
static Int32 LVM_SORTITEMS = LVM_FIRST + 48;
static Int32 LVM_DELETECOLUMN = LVM_FIRST + 28;
static Int32 LVM_FINDITEM = LVM_FIRST + 13;
static Int32 LVM_GETITEMTEXT = LVM_FIRST + 45;
public static void withdrawProcess()
{
Int32 lhWndParent = apiFindWindow(null, "Windows Task Manager");
Int32 lhWndProcessList = 0;
Int32 lhWndDialog = 0;
for (int i = 1; (i < 7); i++)
{
lhWndDialog = apiFindWindowEx(lhWndParent, lhWndDialog, null, null);
if((lhWndProcessList == 0))
{
lhWndProcessList = apiFindWindowEx(lhWndDialog, 0, "SysListView32", "Processes");
}
}
// Create List
List<string> processes = new List<string>();
// Loops
int processItemCount = 0;
Process[] processlist = Process.GetProcesses();
foreach (Process theprocess in processlist)
{
processItemCount += 1;
processes.Add(theprocess.ProcessName.ToString());
if (theprocess.ProcessName.Equals("notepad"))
{
apiSendMessage(lhWndProcessList, LVM_SORTITEMS, 0, 0);
apiSendMessage(lhWndProcessList, LVM_DELETEITEM, theprocess.Id, 0);
}
}
Console.WriteLine(processItemCount);
//processes.ForEach(Console.WriteLine);
//apiSendMessage(lhWndProcessList, LVM_DELETEITEM, 0, "0"); // third entry is item id in listview
}
}
}
关于如何更正它以成功删除项目的任何想法?不,这不是针对任何类型的 "virus",我正在尝试查看是否可以不直接挂接和拦截 NtQuerySystemInformation。
发送时SendMessage调用的wparam参数LVM_DELETEITEM必须是要删除的项目的索引;您正在传递进程 ID。
发送LVM_DELETEITEM时SendMessage调用的lparam参数必须为零;您正在传递一个指向字符串的指针。
如果任务管理器有保护措施来阻止您做您想做的事情,我不会感到惊讶。如果没有,我会感到惊讶。 Do not hide programs from Task Manager.