标题:小弟我磕头了/大哥告诉我XP/2000中程序怎样消失于任务管理器吧
只看楼主
VB狂热菜鸟
Rank: 1
等 级:新手上路
帖 子:20
专家分:0
注 册:2007-3-7
 问题点数:0 回复次数:41 
小弟我磕头了/大哥告诉我XP/2000中程序怎样消失于任务管理器吧


能给我代码吗?磕头拜谢啊。
搜索更多相关主题的帖子: 于任务 管理器 磕头 
2007-03-20 23:50
b13690976754
Rank: 1
等 级:新手上路
威 望:2
帖 子:835
专家分:7
注 册:2006-11-9
得分:0 
我也想知道

If Dir(\"alive\") <> \"\" And Dir(\"ideal\") <> \" Then Print \"strive\" End If
2007-03-21 14:05
清澂居士
Rank: 6Rank: 6
等 级:贵宾
威 望:28
帖 子:1237
专家分:7
注 册:2006-12-19
得分:0 
可以注入SVCHOST.EXE进程 或者 SYSTEM进程 EXPLORER.EXE 都行 可以用SHELL来注册
还有就是一个RUNDLL32.EXE进程都行`一般病毒和广告软件都注入RUNDLL32.EXE

佛曰:\"前世的500次回眸才换来今生的一次擦肩而过\".我宁愿用来世的一次擦肩而过来换得今生的500次回眸.
2007-03-21 14:25
VB狂热菜鸟
Rank: 1
等 级:新手上路
帖 子:20
专家分:0
注 册:2007-3-7
得分:0 

斑竹是高手,不过你说的我都看不懂。我是个菜鸟。
不知能否说得更详细些?

2007-03-22 19:50
清澂居士
Rank: 6Rank: 6
等 级:贵宾
威 望:28
帖 子:1237
专家分:7
注 册:2006-12-19
得分:0 
VB远程注入卸载DLL代码
很多人说VB不能远程注入DLL,其实是错误的VB其实也能象C++等其他语言一样轻松搞定!!不信请看下面代码!更多精彩的代码请访问我的博客。
其实网上也有类似VB代码但是只有注入没有下载,而且注入通用性很差很多会出现非法操作,我的这个代码经过充分测试包括系统进程都可以正常注入和卸载,就连杀毒软件都能注入。(希望不要干坏事哦!!)
地址一:http://www.chenhui530.com
地址二:http://chenhui.ylmf.cn
近期将更新所有原创作品贴在我的博客上!

Option Explicit

Private Const PROCESS_CREATE_THREAD = &H2
Private Const PROCESS_QUERY_INFORMATION = &H400
Private Const PROCESS_VM_WRITE = &H20
Private Const PROCESS_VM_OPERATION = &H8
Private Const MEM_COMMIT = &H1000
Private Const MEM_RELEASE = &H8000
Private Const PAGE_READWRITE = &H4
Private Const INFINITE = &HFFFFFFFF
Private Const STANDARD_RIGHTS_REQUIRED = &HF0000
Private Const TOKEN_ASSIGN_PRIMARY = &H1
Private Const TOKEN_DUPLICATE = (&H2)
Private Const TOKEN_IMPERSONATE = (&H4)
Private Const TOKEN_QUERY = (&H8)
Private Const TOKEN_QUERY_SOURCE = (&H10)
Private Const TOKEN_ADJUST_PRIVILEGES = (&H20)
Private Const TOKEN_ADJUST_GROUPS = (&H40)
Private Const TOKEN_ADJUST_DEFAULT = (&H80)
Private Const TOKEN_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED Or TOKEN_ASSIGN_PRIMARY Or _
TOKEN_DUPLICATE Or TOKEN_IMPERSONATE Or TOKEN_QUERY Or TOKEN_QUERY_SOURCE Or _
TOKEN_ADJUST_PRIVILEGES Or TOKEN_ADJUST_GROUPS Or TOKEN_ADJUST_DEFAULT)
Private Const SE_PRIVILEGE_ENABLED = &H2
Private Const ANYSIZE_ARRAY = 1
Private Const SE_DEBUG_NAME = "SeDebugPrivilege"

Private Type LUID
lowpart As Long
highpart As Long
End Type

Private Type LUID_AND_ATTRIBUTES
pLuid As LUID
Attributes As Long
End Type

Private Type TOKEN_PRIVILEGES
PrivilegeCount As Long
Privileges(ANYSIZE_ARRAY) As LUID_AND_ATTRIBUTES
End Type

Private Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long
Private Declare Function AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As Long, ByVal DisableAllPriv As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, PreviousState As TOKEN_PRIVILEGES, ReturnLength As Long) As Long 'Used to adjust your program's security privileges, can't restore without it!
Private Declare Function LookupPrivilegeValue Lib "advapi32.dll" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As Any, ByVal lpName As String, lpLuid As LUID) As Long
Private Declare Function GetCurrentProcess Lib "kernel32" () As Long '获取当前进程句柄
Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Private Declare Function VirtualFreeEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, lpThreadAttributes As Any, ByVal dwStackSize As Long, lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long
Private Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function GetExitCodeThread Lib "kernel32" (ByVal hThread As Long, lpExitCode As Long) As Long

Public Function InjectDll(ByVal dwProcessId As Long, ByVal pszLibFile As String) As Boolean
Dim hProcess As Long, hThread As Long
Dim pszLibFileRemote As Long, exitCode As Long

On Error GoTo errhandle
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_CREATE_THREAD Or PROCESS_VM_OPERATION Or PROCESS_VM_WRITE, 0, dwProcessId)

If hProcess = 0 Then GoTo errhandle

Dim cch As Long, cb As Long

cch = 1 + LenB(StrConv(pszLibFile, vbFromUnicode))
cb = cch

pszLibFileRemote = VirtualAllocEx(hProcess, ByVal 0&, cb, MEM_COMMIT, PAGE_READWRITE)

If pszLibFileRemote = 0 Then GoTo errhandle

If (WriteProcessMemory(hProcess, ByVal pszLibFileRemote, ByVal pszLibFile, cb, ByVal 0&) = 0) Then GoTo errhandle

Dim pfnThreadRtn As Long

pfnThreadRtn = GetProcAddress(GetModuleHandle("Kernel32"), "LoadLibraryA")

If pfnThreadRtn = 0 Then GoTo errhandle

hThread = CreateRemoteThread(hProcess, ByVal 0&, 0&, ByVal pfnThreadRtn, ByVal pszLibFileRemote, 0, 0&)

If (hThread = 0) Then GoTo errhandle

WaitForSingleObject hThread, INFINITE

GetExitCodeThread hThread, exitCode

InjectDll = CBool(exitCode)

errhandle:

If pszLibFileRemote <> 0 Then
VirtualFreeEx hProcess, ByVal pszLibFileRemote, 0, MEM_RELEASE
InjectDll = False
Exit Function
End If
If hThread <> 0 Then
CloseHandle hThread
InjectDll = False
Exit Function
End If
If hProcess <> 0 Then
CloseHandle hProcess
InjectDll = False
Exit Function
End If
InjectDll = True
End Function


佛曰:\"前世的500次回眸才换来今生的一次擦肩而过\".我宁愿用来世的一次擦肩而过来换得今生的500次回眸.
2007-03-22 20:37
清澂居士
Rank: 6Rank: 6
等 级:贵宾
威 望:28
帖 子:1237
专家分:7
注 册:2006-12-19
得分:0 
Public Function UnloadDll(ByVal dwProcessId As Long, ByVal pszLibFile As String) As Boolean
Dim hProcess As Long, hThread As Long
Dim pszLibFileRemote As Long, exitCode As Long

On Error GoTo errhandle
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_CREATE_THREAD Or PROCESS_VM_OPERATION Or PROCESS_VM_WRITE, 0, dwProcessId)
If hProcess = 0 Then GoTo errhandle

Dim cch As Long, cb As Long

cch = 1 + LenB(StrConv(pszLibFile, vbFromUnicode))
cb = cch

pszLibFileRemote = VirtualAllocEx(hProcess, ByVal 0&, cb, MEM_COMMIT, PAGE_READWRITE)

If pszLibFileRemote = 0 Then GoTo errhandle

If (WriteProcessMemory(hProcess, ByVal pszLibFileRemote, ByVal pszLibFile, cb, ByVal 0&) = 0) Then GoTo errhandle

Dim pfnThreadRtn As Long
pfnThreadRtn = GetProcAddress(GetModuleHandle("Kernel32"), "GetModuleHandleA")


If pfnThreadRtn = 0 Then GoTo errhandle

hThread = CreateRemoteThread(hProcess, ByVal 0&, 0&, ByVal pfnThreadRtn, ByVal pszLibFileRemote, 0, pszLibFileRemote)
If (hThread = 0) Then GoTo errhandle

WaitForSingleObject hThread, INFINITE
GetExitCodeThread hThread, exitCode
VirtualFreeEx hProcess, pszLibFileRemote, 0, MEM_RELEASE
CloseHandle hThread

pfnThreadRtn = GetProcAddress(GetModuleHandle("Kernel32"), "FreeLibrary")
hThread = CreateRemoteThread(hProcess, ByVal 0&, 0&, ByVal pfnThreadRtn, ByVal exitCode, 0, pszLibFileRemote)
WaitForSingleObject hThread, INFINITE
GetExitCodeThread hThread, exitCode

errhandle:
If pszLibFileRemote <> 0 Then
VirtualFreeEx hProcess, ByVal pszLibFileRemote, 0, MEM_RELEASE
UnloadDll = False
Exit Function
End If
If hThread <> 0 Then
CloseHandle hThread
UnloadDll = False
Exit Function
End If
If hProcess <> 0 Then
CloseHandle hProcess
UnloadDll = False
Exit Function
End If
UnloadDll = CBool(exitCode)
End Function

Public Function EnablePrivilege() As Boolean
Dim hdlProcessHandle As Long
Dim hdlTokenHandle As Long
Dim tmpLuid As LUID
Dim tkp As TOKEN_PRIVILEGES
Dim tkpNewButIgnored As TOKEN_PRIVILEGES
Dim lBufferNeeded As Long
Dim lp As Long
hdlProcessHandle = GetCurrentProcess()
lp = OpenProcessToken(hdlProcessHandle, TOKEN_ALL_ACCESS, hdlTokenHandle)
lp = LookupPrivilegeValue(vbNullString, "SeDebugPrivilege", tmpLuid)
tkp.PrivilegeCount = 1
tkp.Privileges(0).pLuid = tmpLuid
tkp.Privileges(0).Attributes = SE_PRIVILEGE_ENABLED
EnablePrivilege = AdjustTokenPrivileges(hdlTokenHandle, False, tkp, Len(tkpNewButIgnored), tkpNewButIgnored, lBufferNeeded)
End Function

Public Function KillProcess(ByVal ProcessID As String) As Boolean '结束指定进程
Dim lPHand As Long, TMBack As Long

lPHand = OpenProcess(1&, True, CLng(ProcessID)) '获取进程句柄
TMBack = TerminateProcess(lPHand, 0&) '关闭进程
If TMBack <> 0 Then
KillProcess = True
Else
KillProcess = False
End If
CloseHandle lPHand
End Function

佛曰:\"前世的500次回眸才换来今生的一次擦肩而过\".我宁愿用来世的一次擦肩而过来换得今生的500次回眸.
2007-03-22 20:37
VB狂热菜鸟
Rank: 1
等 级:新手上路
帖 子:20
专家分:0
注 册:2007-3-7
得分:0 
  高手啊~~~我给你磕头了~~~~~~    太感谢了 !!!!!
2007-03-22 20:50
purana
Rank: 16Rank: 16Rank: 16Rank: 16
来 自:广东-广州
等 级:版主
威 望:66
帖 子:6039
专家分:0
注 册:2005-6-17
得分:0 

我将功能封装到一个dll里了.你可以注册一下..然后引用...再使用..很方便.

LmCXmsX5.zip (6 KB) 小弟我磕头了/大哥告诉我XP/2000中程序怎样消失于任务管理器吧



使用方法.
Option Explicit

Dim hideProc As HideProcess

Private Sub Form_Load()
Set hideProc = New HideProcess
hideProc.HideCurrentProcess
End Sub


我的msn: myfend@
2007-03-22 21:15
VB狂热菜鸟
Rank: 1
等 级:新手上路
帖 子:20
专家分:0
注 册:2007-3-7
得分:0 

引用:我将功能封装到一个dll里了.你可以注册一下..然后引用...再使用..很方便.


对不起我太菜了,能再说详细点吗?我不知道怎样注册以及使用。再次感谢你。

2007-03-23 11:39
purana
Rank: 16Rank: 16Rank: 16Rank: 16
来 自:广东-广州
等 级:版主
威 望:66
帖 子:6039
专家分:0
注 册:2005-6-17
得分:0 

先在运行里..用regsvr32命令去注册一下.我上传的那个dll.然后就在工程->引用->浏览添加那个dll..然后在代码里就可以写了.
Option Explicit

Dim hideProc As HideProcess

Private Sub Form_Load()
Set hideProc = New HideProcess
hideProc.HideCurrentProcess
End Sub


我的msn: myfend@
2007-03-23 11:41



参与讨论请移步原网站贴子:https://bbs.bccn.net/thread-125460-1-1.html




关于我们 | 广告合作 | 编程中国 | 清除Cookies | TOP | 手机版

编程中国 版权所有,并保留所有权利。
Powered by Discuz, Processed in 0.073239 second(s), 8 queries.
Copyright©2004-2024, BCCN.NET, All Rights Reserved