Troubleshooting process protection through the WH_CBT type Hook and NINDEX for GWL_WndProc.
Implement example download:
Attachment [SafeProcess.rar]: http://blog.blogchina.com/UPLOAD/2004-12-20/20041220143803647829.rar
1. Find whether the Windows Task Manager window exists through the Timer process or other means. :: FindWindow (NULL, "Windows Task Manager") If existed, enter the second step.
2. Set a WH_CBT type hook g_cbthook = setWindowsHooKex (WH_CBT, (HookProc) CBTPROC, G_HINSTANCE, NULL; HCBT_ACBTIVATE and HCBT_DESTROYWND two types of messages are processed in (hookProc) CBTPROC.
// The CBT Hook Proc (Computer Based Training Hook LRESULT CALLBACK CBTPROC (LParam lparam) {char sztext [256]; char szwindowtext [32]; hwnd hwnd;
MEMSET (SzwindowText, Null, SizeOf (SzwindowText)); STRCPY (SzWindowText, "Task Manager Warning");
switch (nCode) {case HCBT_ACTIVATE: hWnd = (HWND) wParam; GetWindowText (hWnd, szText, 256); if (strcmp (szText, szWindowText) == 0) {if {g_hWnd = Wnd; g_orgProc = ((bSetWindowLong!) WNDPROC) SetWindowLong (hWnd, GWL_WNDPROC, (LONG) NewWndProc); bSetWindowLong = TRUE;}} break; case HCBT_DESTROYWND: hWnd = (HWND) wParam; GetWindowText (hWnd, szText, 256); if (strcmp (szText, szWindowText) = = 0) {setWindowlong (g_hwnd, gwl_wndproc, (long) g_orgproc); g_hwnd = null; bsetwindowlong = false;} Break;} Return Callne Xthookex (NULL, NCODE, WPARAM, LPARAM);} // end of the hook procedure3. NewWndProc If the user clicks on the OK button, you can join your own processing, which is invalid.
LRESULT CALLBACK NewWndProc (HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam) {switch (uMsg) {case WM_COMMAND: if ((wParam == 0x06) && (HIWORD (wParam) == BN_CLICKED)) {/ * Add your own Procedure * / return 0;} Break; default: Break;} Return CallWindowProc (g_orgproc, hwnd, umsg, wparam, lparam);
