Commit 24ba6291 by Iteravse

初始化,添加工具

parents
//go:build windows
// +build windows
package main
import (
"fmt"
"github.com/TheTitanrain/w32"
"golang.org/x/sys/windows"
"syscall"
"unsafe"
)
var (
modntdll = windows.NewLazySystemDLL("ntdll.dll")
procNtSuspendProcess = modntdll.NewProc("NtSuspendProcess")
procNtResumeProcess = modntdll.NewProc("NtResumeProcess")
)
func setPrivilege(privilegeName string, enable bool) error {
var token windows.Token
currentProcess := windows.CurrentProcess()
err := windows.OpenProcessToken(currentProcess, windows.TOKEN_ADJUST_PRIVILEGES|windows.TOKEN_QUERY, &token)
if err != nil {
return err
}
defer token.Close()
// Lookup the LUID for the privilege.
var luid windows.LUID
err = windows.LookupPrivilegeValue(nil, syscall.StringToUTF16Ptr(privilegeName), &luid)
if err != nil {
return err
}
// Define the privilege adjustment.
var tp windows.Tokenprivileges
tp.PrivilegeCount = 1
tp.Privileges[0].Luid = luid
if enable {
tp.Privileges[0].Attributes = windows.SE_PRIVILEGE_ENABLED
} else {
tp.Privileges[0].Attributes = 0
}
// Adjust the token privilege.
return windows.AdjustTokenPrivileges(token, false, &tp, 0, nil, nil)
}
func suspendProcess(processID uint32) error {
hProcess, err := windows.OpenProcess(windows.PROCESS_SUSPEND_RESUME, false, processID)
if err != nil {
return err
}
defer windows.CloseHandle(hProcess)
r1, _, err := procNtSuspendProcess.Call(uintptr(hProcess))
if r1 != 0 {
return err
}
return nil
}
func resumeProcess(processID uint32) error {
hProcess, err := windows.OpenProcess(windows.PROCESS_SUSPEND_RESUME, false, processID)
if err != nil {
return err
}
defer windows.CloseHandle(hProcess)
r1, _, err := procNtResumeProcess.Call(uintptr(hProcess))
if r1 != 0 {
return err
}
return nil
}
func findProcessIDByName(processName string) (uint32, error) {
snapshot, err := windows.CreateToolhelp32Snapshot(windows.TH32CS_SNAPPROCESS, 0)
if err != nil {
return 0, err
}
defer windows.CloseHandle(snapshot)
var entry windows.ProcessEntry32
entry.Size = uint32(unsafe.Sizeof(entry))
if err = windows.Process32First(snapshot, &entry); err != nil {
return 0, err
}
for {
name := syscall.UTF16ToString(entry.ExeFile[:])
if name == processName {
return entry.ProcessID, nil
}
err = windows.Process32Next(snapshot, &entry)
if err != nil {
if err == windows.ERROR_NO_MORE_FILES {
break
} else {
return 0, err
}
}
}
return 0, fmt.Errorf("process not found")
}
var (
user32 = syscall.NewLazyDLL("user32.dll")
registerHotKey = user32.NewProc("RegisterHotKey")
)
func GoStopHot() {
kernel32 := syscall.NewLazyDLL("kernel32.dll")
user32 := syscall.NewLazyDLL("user32.dll")
setWindowsHookEx := user32.NewProc("SetWindowsHookExA")
callNextHookEx := user32.NewProc("CallNextHookEx")
getMessage := user32.NewProc("GetMessageW")
getAsyncKeyState := user32.NewProc("GetAsyncKeyState")
whKeyboardLL := 13
wmKeydown := 256
wmSyskeydown := 260
Finish := make(chan bool)
defer func() {
close(Finish)
}()
var hookProc = func(nCode int, wParam uintptr, lParam uintptr) uintptr {
if nCode >= 0 {
kbd := (*w32.KBDLLHOOKSTRUCT)(unsafe.Pointer(lParam))
if wParam == uintptr(wmKeydown) || wParam == uintptr(wmSyskeydown) {
// Block WINDOWS key and ALT key
if kbd.VkCode == 91 || kbd.VkCode == 92 || kbd.VkCode == 164 || kbd.VkCode == 165 {
return 1
}
}
ctrlState, _, _ := getAsyncKeyState.Call(17)
shiftState, _, _ := getAsyncKeyState.Call(16)
fmt.Println("数据采集中", int(ctrlState), int(shiftState), kbd.VkCode)
if int(ctrlState) > 0 && int(shiftState) > 0 && kbd.VkCode == 84 {
Finish <- true
return 1 // Prevent further processing of this key combination
}
}
retVal, _, _ := callNextHookEx.Call(0, uintptr(nCode), wParam, lParam)
return retVal
}
hookID, _, _ := setWindowsHookEx.Call(
uintptr(whKeyboardLL),
syscall.NewCallback(hookProc),
uintptr(0),
uintptr(0),
)
msg := &w32.MSG{}
for {
select {
case mss := <-Finish:
fmt.Println(mss)
break
default:
getMessage.Call(uintptr(unsafe.Pointer(msg)), uintptr(0), 0, 0)
}
}
syscall.Syscall6(kernel32.NewProc("UnhookWindowsHookEx").Addr(), 1, hookID, 0, 0, 0, 0, 0)
}
func main() {
// Consider the implications and legal aspects before attempting to modify system behavior.
err := setPrivilege("SeDebugPrivilege", true)
if err != nil {
fmt.Printf("Error setting privilege: %v\n", err)
return
}
// Example usage to suspend and resume a hypothetical process with PID
// WARNING: Use with extreme caution; targeting the wrong process or misuse can destabilize or crash your system.
processName := "winlogon.exe"
processID, err := findProcessIDByName(processName)
if err != nil {
fmt.Printf("Failed to find process: %s, error: %v\n", processName, err)
return
}
err = resumeProcess(processID)
if err != nil {
fmt.Printf("Error resuming process: %v\n", err)
return
}
fmt.Println("Suspending process...")
err = suspendProcess(processID)
if err != nil {
fmt.Printf("Error suspending process: %v\n", err)
return
}
// Your code to work while the process is suspended goes here.
fmt.Println("ctrl alt delete已挂起,按键恢复")
go GoStopHot()
defer func() {
err = resumeProcess(processID)
if err != nil {
fmt.Printf("Error resuming process: %v\n", err)
return
}
}()
select {}
}
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
\ No newline at end of file
# This's A MagicBox of GoLang
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment