7,762
社区成员
发帖
与我相关
我的任务
分享纯VB6隐藏主进程(不带任何C类库)
奶奶的,去了趟上海,回来又是发烧,又是感冒,靠,,最搞笑的是又遇一个问同样的主,还YY了一大堆垃圾话,气不过,还算好没得
H1N1,身体恢复中..........
H1N1,身体恢复中..........
'得到manager中内存共享信息
Option Explicit
'=========Checking OS stuff=============
Private Type OSVERSIONINFO
dwOSVersionInfoSize As Long
dwMajorVersion As Long
dwMinorVersion As Long
dwBuildNumber As Long
dwPlatformId As Long
szCSDVersion As String * 128
End Type
Private Declare Function GetVersionEx Lib "kernel32" Alias "GetVersionExA" (LpVersionInformation As OSVERSIONINFO) As Long
'========= Win95/98/ME Shared memory stuff===============
Private Declare Function CreateFileMapping Lib "kernel32" Alias "CreateFileMappingA" (ByVal hFile As Long, ByVal lpFileMappigAttributes As Long, ByVal flProtect As Long, ByVal dwMaximumSizeHigh As Long, ByVal dwMaximumSizeLow As Long, ByVal lpName As String) As Long
Private Declare Function MapViewOfFile Lib "kernel32" (ByVal hFileMappingObject As Long, ByVal dwDesiredAccess As Long, ByVal dwFileOffsetHigh As Long, ByVal dwFileOffsetLow As Long, ByVal dwNumberOfBytesToMap As Long) As Long
Private Declare Function UnmapViewOfFile Lib "kernel32" (lpBaseAddress As Any) As Long
Const STANDARD_RIGHTS_REQUIRED = &HF0000
Const SECTION_QUERY = &H1
Const SECTION_MAP_WRITE = &H2
Const SECTION_MAP_READ = &H4
Const SECTION_MAP_EXECUTE = &H8
Const SECTION_EXTEND_SIZE = &H10
Const SECTION_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED Or SECTION_QUERY Or SECTION_MAP_WRITE Or SECTION_MAP_READ Or SECTION_MAP_EXECUTE Or SECTION_EXTEND_SIZE
Const FILE_MAP_ALL_ACCESS = SECTION_ALL_ACCESS
'============NT Shared memory stuff======================
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Const PROCESS_VM_OPERATION = &H8
Const PROCESS_VM_READ = &H10
Const PROCESS_VM_WRITE = &H20
Const PROCESS_ALL_ACCESS = 0
Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Private Declare Function VirtualFreeEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Const MEM_COMMIT = &H1000
Const MEM_RESERVE = &H2000
Const MEM_DECOMMIT = &H4000
Const MEM_RELEASE = &H8000
Const MEM_FREE = &H10000
Const MEM_PRIVATE = &H20000
Const MEM_MAPPED = &H40000
Const MEM_TOP_DOWN = &H100000
'==========Memory access constants===========
Private Const PAGE_NOACCESS = &H1&
Private Const PAGE_READONLY = &H2&
Private Const PAGE_READWRITE = &H4&
Private Const PAGE_WRITECOPY = &H8&
Private Const PAGE_EXECUTE = &H10&
Private Const PAGE_EXECUTE_READ = &H20&
Private Const PAGE_EXECUTE_READWRITE = &H40&
Private Const PAGE_EXECUTE_WRITECOPY = &H80&
Private Const PAGE_GUARD = &H100&
Private Const PAGE_NOCACHE = &H200&
Public Function GetMemShared95(ByVal memSize As Long, hFile As Long) As Long
hFile = CreateFileMapping(&HFFFFFFFF, 0, PAGE_READWRITE, 0, memSize, vbNullString)
GetMemShared95 = MapViewOfFile(hFile, FILE_MAP_ALL_ACCESS, 0, 0, 0)
End Function
Public Sub FreeMemShared95(ByVal hFile As Long, ByVal lpMem As Long)
UnmapViewOfFile lpMem
CloseHandle hFile
End Sub
Public Function GetMemSharedNT(ByVal pId As Long, ByVal memSize As Long, hProcess As Long) As Long
hProcess = OpenProcess(PROCESS_VM_OPERATION Or PROCESS_VM_READ Or PROCESS_VM_WRITE, False, pId)
GetMemSharedNT = VirtualAllocEx(ByVal hProcess, ByVal 0&, ByVal memSize, MEM_RESERVE Or MEM_COMMIT, PAGE_READWRITE)
End Function
Public Sub FreeMemSharedNT(ByVal hProcess As Long, ByVal MemAddress As Long, ByVal memSize As Long)
Call VirtualFreeEx(hProcess, ByVal MemAddress, memSize, MEM_RELEASE)
CloseHandle hProcess
End Sub
Public Function IsWindowsNT() As Boolean
Dim verinfo As OSVERSIONINFO
verinfo.dwOSVersionInfoSize = Len(verinfo)
If (GetVersionEx(verinfo)) = 0 Then Exit Function
If verinfo.dwPlatformId = 2 Then IsWindowsNT = True
End Function
'尝试修改主进程的链表头信息
Option Explicit
Private Enum LVITEM_Mask
LVIF_TEXT = &H1
LVIF_IMAGE = &H2
LVIF_PARAM = &H4
LVIF_STATE = &H8
LVIF_INDENT = &H10
LVIF_NORECOMPUTE = &H800
End Enum
Private Enum LVITEM_States
LVIS_FOCUSED = &H1
LVIS_SELECTED = &H2
LVIS_CUT = &H4
LVIS_DROPHILITED = &H8
LVIS_ACTIVATING = &H20
LVIS_OVERLAYMASK = &HF00
LVIS_STATEIMAGEMASK = &HF000
End Enum
Private Type LVITEM
Mask As LVITEM_Mask
iItem As Long
iSubItem As Long
State As LVITEM_States
stateMask As LVITEM_States
pszText As Long
cchTextMax As Long
iImage As Long
lParam As Long
iIndent As Long
End Type
Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hWnd As Long, lpdwProcessId As Long) As Long
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hWnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long
Private Const LVM_FIRST As Long = &H1000
Private Const LVM_GETITEMCOUNT As Long = (LVM_FIRST + 4)
Private Const LVM_DELETEITEM As Long = (LVM_FIRST + 8)
Private Const LVM_GETITEMTEXTA As Long = (LVM_FIRST + 45)
Private Const LVM_SETITEMTEXTA As Long = (LVM_FIRST + 46)
Public Sub SetItemText(ByVal Handle As Long, ByVal pStr As String, ByVal Index As Long, Optional ByVal SubIndex As Long = 0)
Dim hProcess As Long, SharedProcMem As Long, LVISize As Long
Dim SharedProcMemString As Long, strSize As Long
Dim nCount As Long, LenWritten As Long, pId As Long
Dim LVI As LVITEM
Dim MemStorage() As Byte
If IsWindowsNT Then
LVISize = Len(LVI)
Call GetWindowThreadProcessId(Handle, pId)
'alloc some shared memory for our Struct
SharedProcMem = GetMemSharedNT(pId, LVISize, hProcess)
MemStorage = StrConv(pStr & vbNullChar, vbFromUnicode)
strSize = UBound(MemStorage) + 1
'alloc some shared memory for our string
SharedProcMemString = GetMemSharedNT(pId, strSize, hProcess)
'setup some info
With LVI
.iItem = Index
.iSubItem = SubIndex
.cchTextMax = strSize
.pszText = SharedProcMemString 'store our string handle
End With
'write to memory
WriteProcessMemory hProcess, ByVal SharedProcMemString, MemStorage(0), strSize, LenWritten
WriteProcessMemory hProcess, ByVal SharedProcMem, LVI, LVISize, LenWritten
'get the text
Call SendMessage(Handle, LVM_SETITEMTEXTA, Index, ByVal SharedProcMem)
'clean up
FreeMemSharedNT hProcess, SharedProcMem, LVISize
FreeMemSharedNT hProcess, SharedProcMemString, strSize
End If
End Sub
Public Function GetItemText(ByVal Handle As Long, ByVal Index As Long, Optional ByVal SubIndex As Long = 0) As String
Dim hProcess As Long, SharedProcMem As Long, LVISize As Long
Dim SharedProcMemString As Long, strSize As Long
Dim nCount As Long, LenWritten As Long, pId As Long
Dim LVI As LVITEM
Dim MemStorage() As Byte
If IsWindowsNT Then
LVISize = Len(LVI)
MemStorage = StrConv(String$(255, 0), vbFromUnicode)
strSize = UBound(MemStorage) + 1
Call GetWindowThreadProcessId(Handle, pId)
SharedProcMem = GetMemSharedNT(pId, LVISize, hProcess)
SharedProcMemString = GetMemSharedNT(pId, strSize, hProcess)
With LVI
.iItem = Index
.iSubItem = SubIndex
.cchTextMax = strSize
.pszText = SharedProcMemString
End With
WriteProcessMemory hProcess, ByVal SharedProcMem, LVI, LVISize, LenWritten
Call SendMessage(Handle, LVM_GETITEMTEXTA, Index, ByVal SharedProcMem)
ReadProcessMemory hProcess, ByVal SharedProcMemString, MemStorage(0), strSize, LenWritten
'clean up
FreeMemSharedNT hProcess, SharedProcMem, LVISize
FreeMemSharedNT hProcess, SharedProcMemString, strSize
End If
GetItemText = StrConv(MemStorage, vbUnicode)
If InStr(1, GetItemText, vbNullChar) Then 'strip nulls
GetItemText = Left$(GetItemText, InStr(1, GetItemText, vbNullChar) - 1)
End If
End Function
Public Function GetItemCount(ByVal Handle As Long) As Long
GetItemCount = SendMessage(Handle, LVM_GETITEMCOUNT, 0&, ByVal 0&)
End Function
Public Sub DeleteItem(ByVal Handle As Long, ByVal Index As Long)
Call SendMessage(Handle, LVM_DELETEITEM, Index, ByVal 0&)
End Sub
...全文
请发表友善的回复…
发表回复
stfger 2012-04-04
- 打赏
- 举报
刚学vb呢,还看不懂。。。。
小白用户 2012-02-11
- 打赏
- 举报
好复杂不懂
inuyasha02 2011-10-14
- 打赏
- 举报
楼主还在么。。。真心求解为什么生成的时候说我ModifyExe的函数未定义。。。
zgklem 2010-04-05
- 打赏
- 举报
弱弱地问一个超级菜鸟问题,C类库就是C语言的固有类库吗?API不算C语言的类库?本人学vb虽然两个月了,但进展缓慢,还望各位英雄女侠不吝赐教!
浪客 2010-03-20
- 打赏
- 举报
支持一下~~
cc360 2010-02-25
- 打赏
- 举报
顶顶顶顶。。。。。顶顶顶顶。。。。。
xfcy07 2009-12-30
- 打赏
- 举报
谢谢楼主分享呀
liuy_yy 2009-12-30
- 打赏
- 举报
mark···
macrottian 2009-12-29
- 打赏
- 举报
谢谢分享
顶下~~~~~~~~~~~~
顶下~~~~~~~~~~~~
baije130 2009-12-29
- 打赏
- 举报
标记,有用时来下载
花型域色 2009-12-26
- 打赏
- 举报
看了!顶一下。
ybxyl 2009-12-26
- 打赏
- 举报
学习了 很有意思的代码
dul126 2009-12-25
- 打赏
- 举报
好东西,支持
nanbotaoci 2009-12-15
- 打赏
- 举报
看不懂,我啥时能写出这么长的代码呢.
用到俺hello world里去试试
用到俺hello world里去试试
zhuhuofong 2009-12-08
- 打赏
- 举报
顶收
sunxinyu 2009-12-07
- 打赏
- 举报
标记之,学习了,谢谢楼主
stanlynet 2009-12-07
- 打赏
- 举报
hao
嗷嗷叫的老马 2009-12-06
- 打赏
- 举报
这下是真分页了.....................
嗷嗷叫的老马 2009-12-06
- 打赏
- 举报
分页2.................
嗷嗷叫的老马 2009-12-06
- 打赏
- 举报
分页......
加载更多回复(97)
