Code:
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <windows.h>
#include <commctrl.h>
HANDLE GetProcessHandleByWindow(HWND hwnd)
{
DWORD pid;
GetWindowThreadProcessId(hwnd, &pid);
return OpenProcess(PROCESS_ALL_ACCESS, 0, pid);
}
void *AllocMemory(HANDLE hProcess, void *data, unsigned int sz)
{
void *addr;
addr = VirtualAllocEx(hProcess, 0, sz, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(hProcess, addr, data, sz, 0);
printf("Allocated %2d bytes at %d filled with \"%s\".\n", sz, addr, data);
return addr;
}
int main(void)
{
char name[] = "omfg.exe";
char user[] = "root";
char cpu [] = "00";
char ram [] = "1337 K";
char desc[] = "Guess who I am :)";
void *addr[5];
LVITEM li[6];
int i_max = 1;
HWND hwnd1 = FindWindow(NULL, "Windows Task-Manager");
HWND hwnd2 = FindWindowEx(hwnd1, NULL, "#32770", NULL);
HWND hwnd3 = FindWindowEx(hwnd2, NULL, "SysListView32", NULL);
HANDLE hProcess = GetProcessHandleByWindow(hwnd3);
printf("=== Task-Manager Process List Changer ===\n"
" by BlackBerry \n\n");
/* if Task-Manager was found... */
if (hwnd1 && hwnd2 && hwnd3)
{
/* set all values to zero */
memset(&li, 0, sizeof(li));
/* fill the structures */
li[1].iItem = 1;
li[1].iSubItem = 0;
li[1].cchTextMax = sizeof(name) - 1;
li[1].pszText = (char *) AllocMemory(hProcess, name, sizeof(name));
li[2].iItem = 1;
li[2].iSubItem = 1;
li[2].cchTextMax = sizeof(user) - 1;
li[2].pszText = (char *) AllocMemory(hProcess, user, sizeof(user));
li[3].iItem = 1;
li[3].iSubItem = 2;
li[3].cchTextMax = sizeof(cpu ) - 1;
li[3].pszText = (char *) AllocMemory(hProcess, cpu , sizeof(cpu ));
li[4].iItem = 1;
li[4].iSubItem = 3;
li[4].cchTextMax = sizeof(ram ) - 1;
li[4].pszText = (char *) AllocMemory(hProcess, ram , sizeof(ram ));
li[5].iItem = 1;
li[5].iSubItem = 4;
li[5].cchTextMax = sizeof(desc) - 1;
li[5].pszText = (char *) AllocMemory(hProcess, desc, sizeof(desc));
/* write the LVITEM's into Task-Manager's memory */
addr[1] = AllocMemory(hProcess, &li[1], sizeof(LVITEM));
addr[2] = AllocMemory(hProcess, &li[2], sizeof(LVITEM));
addr[3] = AllocMemory(hProcess, &li[3], sizeof(LVITEM));
addr[4] = AllocMemory(hProcess, &li[4], sizeof(LVITEM));
addr[5] = AllocMemory(hProcess, &li[5], sizeof(LVITEM));
/* endless loop */
for(;;)
{
/* loop trough each item */
for(int i = 0; i < i_max; i++)
{
/* SendMessage(hwnd3, LVM_DELETEITEM, (WPARAM) i, (LPARAM) 0); */
SendMessage(hwnd3, LVM_SETITEMTEXTA, (WPARAM) i, (LPARAM) addr[1]);
SendMessage(hwnd3, LVM_SETITEMTEXTA, (WPARAM) i, (LPARAM) addr[2]);
SendMessage(hwnd3, LVM_SETITEMTEXTA, (WPARAM) i, (LPARAM) addr[3]);
SendMessage(hwnd3, LVM_SETITEMTEXTA, (WPARAM) i, (LPARAM) addr[4]);
SendMessage(hwnd3, LVM_SETITEMTEXTA, (WPARAM) i, (LPARAM) addr[5]);
/* this actually keeps the CPU usage lower... */
Sleep(10);
/* update the item-count */
i_max = ListView_GetItemCount(hwnd3);
}
}
}
else
{
puts("Task-Manager wasn't found!");
}
return 0;
}
Der theoretische Ablauf läuft wie folgt: