原理不多說了,不明白的直接看http://bbs.pediy.com/showthread.php?t=159346
該程序演示了在Win7如何禁止快捷鍵,程序中有一處硬編碼,但估計win7都差不多,如果不行的話請大家按照自己的真實情況修改相應偏移,反正我是測試成功了。
貼張屏蔽Win+L演示程序截圖
演示程序是64位,由於沒32位 win7系統做測試,所有不知道具體偏移。
發一下具體代碼,Win+L的ID爲5、Ctrl+Shift+Esc的ID爲4、Ctrl+Alt+Del的ID爲0
/* 由進程名獲取PID */ DWORD GetPidByProcessName(LPCTSTR pszName) { PROCESSENTRY32 pe32; HANDLE hSnapshot; hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (hSnapshot == INVALID_HANDLE_VALUE) return -1; pe32.dwSize = sizeof(PROCESSENTRY32); if( !Process32First( hSnapshot, &pe32 ) ) { CloseHandle(hSnapshot); return -1; } do { if(lstrcmpi(pe32.szExeFile, pszName) == 0) { CloseHandle(hSnapshot); return pe32.th32ProcessID; } } while ( Process32Next(hSnapshot, &pe32) ); CloseHandle(hSnapshot); return -1; } /* 禁止Win+L熱鍵,參數bDisable表示是否禁止 */ BOOL DisableHotKey(BOOL bDisable) { UCHAR uchOrigCode[] = {0x05}; UCHAR uchHookCode[] = {0x25}; UCHAR uchReadCode[] = {0x00}; LPVOID lpReadAddress; DWORD dwPID; HANDLE hProcess; HMODULE lphModule[512]; DWORD_PTR dwReturn; DWORD dwOldProtect; INT i; //查找winlogon.exe進程PID if(!(dwPID = GetPidByProcessName(_T("winlogon.exe")))) return FALSE; //打開進程 if(!(hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPID))) return FALSE; //枚舉進程模塊 if(!EnumProcessModules(hProcess, lphModule, sizeof(lphModule), (LPDWORD)&dwReturn)) { CloseHandle(hProcess); return FALSE; } //進程加載基址加上偏移 lpReadAddress = (LPVOID)((LPSTR)lphModule[0] + 0x1710D); if(bDisable) { //讀取原地址字節 if(!ReadProcessMemory(hProcess, lpReadAddress, uchReadCode, sizeof(uchReadCode), &dwReturn)) { CloseHandle(hProcess); return FALSE; } //判斷是否是要修改的字節 for(i=0; i<sizeof(uchReadCode)/sizeof(UCHAR); i++) { if(uchReadCode[i] != uchOrigCode[i]) { CloseHandle(hProcess); return FALSE; } } //將Win+L的ID從5改成25 VirtualProtectEx(hProcess, lpReadAddress, sizeof(uchHookCode), PAGE_EXECUTE_WRITECOPY, &dwOldProtect); WriteProcessMemory(hProcess, lpReadAddress, uchHookCode, sizeof(uchHookCode), &dwReturn); VirtualProtectEx(hProcess, lpReadAddress, sizeof(uchHookCode), dwOldProtect, &dwOldProtect); } else { //讀取原地址字節 if(!ReadProcessMemory(hProcess, lpReadAddress, uchReadCode, sizeof(uchReadCode), &dwReturn)) { CloseHandle(hProcess); return FALSE; } //判斷是否是要修改的字節 for(i=0; i<sizeof(uchReadCode)/sizeof(UCHAR); i++) { if(uchReadCode[i] != uchHookCode[i]) { CloseHandle(hProcess); return FALSE; } } //恢復 VirtualProtectEx(hProcess, lpReadAddress, sizeof(uchOrigCode), PAGE_EXECUTE_WRITECOPY, &dwOldProtect); WriteProcessMemory(hProcess, lpReadAddress, uchOrigCode, sizeof(uchOrigCode), &dwReturn); VirtualProtectEx(hProcess, lpReadAddress, sizeof(uchOrigCode), dwOldProtect, &dwOldProtect); } CloseHandle(hProcess); return TRUE; }