一个MFC C++ x86的应用程序,支持命令行输入,在通过命令行参数的方式启动后,可以在任务管理器中的Command Line列看到输入参数,现在想要清空这个数据,
我用下面的方法,虽然看在程序里清空了,但是任务管理器上依然显示,求解答:
#include <Windows.h>
#include <Winternl.h>
#include <stdio.h>
#include <tchar.h>
typedef NTSTATUS (NTAPI *PFN_NT_QUERY_INFORMATION_PROCESS) (
IN HANDLE ProcessHandle,
IN PROCESSINFOCLASS ProcessInformationClass,
OUT PVOID ProcessInformation,
IN ULONG ProcessInformationLength,
OUT PULONG ReturnLength OPTIONAL);
void ClearCommandLine()
{
HANDLE hProcess = OpenProcess (PROCESS_ALL_ACCESS,
FALSE, GetCurrentProcessId());
PROCESS_BASIC_INFORMATION pbi = {0};
RTL_USER_PROCESS_PARAMETERS Param = {0};
PFN_NT_QUERY_INFORMATION_PROCESS pfnNtQueryInformationProcess =
(PFN_NT_QUERY_INFORMATION_PROCESS) GetProcAddress (
GetModuleHandle(TEXT("ntdll.dll")), "NtQueryInformationProcess");
NTSTATUS status = pfnNtQueryInformationProcess (
hProcess, ProcessBasicInformation,
(PVOID)&pbi, sizeof(pbi), NULL);
wchar_t* lpwszCmd=L"";
USHORT usCmdLen = 2 + 2 * (wcslen(lpwszCmd));
ReadProcessMemory(hProcess, pbi.PebBaseAddress, &peb, sizeof(peb), NULL);
ReadProcessMemory(hProcess, peb.ProcessParameters, &Param, sizeof(Param), NULL);
WriteProcessMemory(hProcess, Param.CommandLine.Buffer, lpwszCmd, usCmdLen,NULL);
WriteProcessMemory(hProcess,&Param.CommandLine.Length, &usCmdLen, sizeof(usCmdLen), NULL);
CloseHandle(hProcess);
}
求大神,谢谢.
你这个代码,通过写入特定的内存来清除,类似游戏修改器的工作原理,这么做,需要特定版本的任务管理器才能工作
你要清除,你可以用游戏修改器类的软件,先在任务管理器里查找、手工修改,看有没有效果
找到地址后,再在你的这个代码基础上添加。