易语言hideprocess源码
时间: 2023-10-01 11:00:59 浏览: 66
易语言是一种编程语言,它的hideprocess函数是用来隐藏进程的。下面是hideprocess函数的源码示例:
```
#include <Windows.h>
void HideProcess()
{
// 获取当前进程句柄
HANDLE hProcess = GetCurrentProcess();
// 获取进程信息
PROCESS_BASIC_INFORMATION pbi;
NtQueryInformationProcess(hProcess, ProcessBasicInformation, &pbi, sizeof(PROCESS_BASIC_INFORMATION), NULL);
// 获取PEB地址
PPEB pPeb = pbi.PebBaseAddress;
// 获取PEB中的ProcessParameters地址
PRTL_USER_PROCESS_PARAMETERS pProcessParams = pPeb->ProcessParameters;
// 将CommandLine信息指向一个空字符串
pProcessParams->CommandLine.Length = 0;
pProcessParams->CommandLine.MaximumLength = 0;
pProcessParams->CommandLine.Buffer = L"";
// 将ImagePathName信息指向一个空字符串
pProcessParams->ImagePathName.Length = 0;
pProcessParams->ImagePathName.MaximumLength = 0;
pProcessParams->ImagePathName.Buffer = L"";
// 将DllPath信息指向一个空字符串
pProcessParams->DllPath.Length = 0;
pProcessParams->DllPath.MaximumLength = 0;
pProcessParams->DllPath.Buffer = L"";
// 将WindowName信息指向一个空字符串
pProcessParams->WindowName.Length = 0;
pProcessParams->WindowName.MaximumLength = 0;
pProcessParams->WindowName.Buffer = L"";
}
```
以上是hideprocess函数的源码,它实现了隐藏进程的功能。hideprocess通过获取当前进程句柄,然后获取进程的PEB信息,进而获取到ProcessParameters的地址。接着将ProcessParameters中的CommandLine、ImagePathName、DllPath、WindowName等信息都指向一个空字符串,隐藏了进程的相关信息,从而达到隐藏进程的效果。
以上就是hideprocess函数的源码和简要解释,希望对你有所帮助。