问答文章1 问答文章501 问答文章1001 问答文章1501 问答文章2001 问答文章2501 问答文章3001 问答文章3501 问答文章4001 问答文章4501 问答文章5001 问答文章5501 问答文章6001 问答文章6501 问答文章7001 问答文章7501 问答文章8001 问答文章8501 问答文章9001 问答文章9501

VB编写隐藏指定的EXE进程

发布网友 发布时间:2022-04-20 07:33

我来回答

4个回答

热心网友 时间:2023-07-09 19:41

VB隐藏进程

Form中的代码
Private Sub Command1_Click() App.TaskVisible = False '任务栏隐藏 Call HideCurrentProcess '进程隐藏 End Sub

新建一个模块,代码如下:
view plaincopy to clipboardprint?

1. '-------------------------------------------------------------------------------------
2.
3. '模块名称:modHideProcess.bas
4.
5. '
6.
7. '模块功能:在 XP/2K 任务管理器的进程列表中隐藏当前进程
8.
9. '
10.
11. '使用方法:直接调用 HideCurrentProcess()
12.
13. '
14.
15. '模块作者:检索自互联网,原作者不详。
16.
17. '
18.
19. '修改日期:2006/08/26
20.
21. '---------------------------------------------------------------------------------------
22.
23.
24.
25. Option Explicit
26.
27.
28.
29. Private Const STATUS_INFO_LENGTH_MISMATCH = &HC0000004
30.
31. Private Const STATUS_ACCESS_DENIED = &HC0000022
32.
33. Private Const STATUS_INVALID_HandLE = &HC0000008
34.
35. Private Const ERROR_SUCCESS = 0&
36.
37. Private Const SECTION_MAP_WRITE = &H2
38.
39. Private Const SECTION_MAP_READ = &H4
40.
41. Private Const READ_CONTROL = &H20000
42.
43. Private Const WRITE_DAC = &H40000
44.
45. Private Const NO_INHERITANCE = 0
46.
47. Private Const DACL_SECURITY_INFORMATION = &H4
48.
49.
50.
51. Private Type IO_STATUS_BLOCK
52.
53. Status As Long
54.
55. Information As Long
56.
57. End Type
58.
59.
60.
61. Private Type UNICODE_STRING
62.
63. Length As Integer
64.
65. MaximumLength As Integer
66.
67. Buffer As Long
68.
69. End Type
70.
71.
72.
73. Private Const OBJ_INHERIT = &H2
74.
75. Private Const OBJ_PERMANENT = &H10
76.
77. Private Const OBJ_EXCLUSIVE = &H20
78.
79. Private Const OBJ_CASE_INSENSITIVE = &H40
80.
81. Private Const OBJ_OPENIF = &H80
82.
83. Private Const OBJ_OPENLINK = &H100
84.
85. Private Const OBJ_KERNEL_HandLE = &H200
86.
87. Private Const OBJ_VALID_ATTRIBUTES = &H3F2
88.
89.
90.
91. Private Type OBJECT_ATTRIBUTES
92.
93. Length As Long
94.
95. RootDirectory As Long
96.
97. ObjectName As Long
98.
99. Attributes As Long
100.
101. SecurityDeor As Long
102.
103. SecurityQualityOfService As Long
104.
105. End Type
106.
107.
108.
109. Private Type ACL
110.
111. AclRevision As Byte
112.
113. Sbz1 As Byte
114.
115. AclSize As Integer
116.
117. AceCount As Integer
118.
119. Sbz2 As Integer
120.
121. End Type
122.
123.
124.
125. Private Enum ACCESS_MODE
126.
127. NOT_USED_ACCESS
128.
129. GRANT_ACCESS
130.
131. SET_ACCESS
132.
133. DENY_ACCESS
134.
135. REVOKE_ACCESS
136.
137. SET_AUDIT_SUCCESS
138.
139. SET_AUDIT_FAILURE
140.
141. End Enum
142.
143.
144.
145. Private Enum MULTIPLE_TRUSTEE_OPERATION
146.
147. NO_MULTIPLE_TRUSTEE
148.
149. TRUSTEE_IS_IMPERSONATE
150.
151. End Enum
152.
153.
154.
155. Private Enum TRUSTEE_FORM
156.
157. TRUSTEE_IS_SID
158.
159. TRUSTEE_IS_NAME
160.
161. End Enum
162.
163.
164.
165. Private Enum TRUSTEE_TYPE
166.
167. TRUSTEE_IS_UNKNOWN
168.
169. TRUSTEE_IS_USER
170.
171. TRUSTEE_IS_GROUP
172.
173. End Enum
174.
175.
176.
177. Private Type TRUSTEE
178.
179. pMultipleTrustee As Long
180.
181. MultipleTrusteeOperation As MULTIPLE_TRUSTEE_OPERATION
182.
183. TrusteeForm As TRUSTEE_FORM
184.
185. TrusteeType As TRUSTEE_TYPE
186.
187. ptstrName As String
188.
189. End Type
190.
191.
192.
193. Private Type EXPLICIT_ACCESS
194.
195. grfAccessPermissions As Long
196.
197. grfAccessMode As ACCESS_MODE
198.
199. grfInheritance As Long
200.
201. TRUSTEE As TRUSTEE
202.
203. End Type
204.
205.
206.
207. Private Type AceArray
208.
209. List() As EXPLICIT_ACCESS
210.
211. End Type
212.
213.
214.
215. Private Enum SE_OBJECT_TYPE
216.
217. SE_UNKNOWN_OBJECT_TYPE = 0
218.
219. SE_FILE_OBJECT
220.
221. SE_SERVICE
222.
223. SE_PRINTER
224.
225. SE_REGISTRY_KEY
226.
227. SE_LMSHARE
228.
229. SE_KERNEL_OBJECT
230.
231. SE_WINDOW_OBJECT
232.
233. SE_DS_OBJECT
234.
235. SE_DS_OBJECT_ALL
236.
237. SE_PROVIDER_DEFINED_OBJECT
238.
239. SE_WMIGUID_OBJECT
240.
241. End Enum
242.
243.
244.
245. Private Declare Function SetSecurityInfo Lib "advapi32.dll" (ByVal Handle As Long, ByVal ObjectType As SE_OBJECT_TYPE, ByVal SecurityInfo As Long, ppsidOwner As Long, ppsidGroup As Long, ppDacl As Any, ppSacl As Any) As Long
246.
247. Private Declare Function GetSecurityInfo Lib "advapi32.dll" (ByVal Handle As Long, ByVal ObjectType As SE_OBJECT_TYPE, ByVal SecurityInfo As Long, ppsidOwner As Long, ppsidGroup As Long, ppDacl As Any, ppSacl As Any, ppSecurityDeor As Long) As Long
248.
249.
250.
251. Private Declare Function SetEntriesInAcl Lib "advapi32.dll" Alias "SetEntriesInAclA" (ByVal cCountOfExplicitEntries As Long, pListOfExplicitEntries As EXPLICIT_ACCESS, ByVal OldAcl As Long, NewAcl As Long) As Long
252.
253. Private Declare Sub BuildExplicitAccessWithName Lib "advapi32.dll" Alias "BuildExplicitAccessWithNameA" (pExplicitAccess As EXPLICIT_ACCESS, ByVal pTrusteeName As String, ByVal AccessPermissions As Long, ByVal AccessMode As ACCESS_MODE, ByVal Inheritance As Long)
254.
255.
256.
257. Private Declare Sub RtlInitUnicodeString Lib "NTDLL.DLL" (DestinationString As UNICODE_STRING, ByVal SourceString As Long)
258.
259. Private Declare Function ZwOpenSection Lib "NTDLL.DLL" (SectionHandle As Long, ByVal DesiredAccess As Long, ObjectAttributes As Any) As Long
260.
261. Private Declare Function LocalFree Lib "kernel32" (ByVal hMem As Any) As Long
262.
263. Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
264.
265. Private Declare Function MapViewOfFile Lib "kernel32" (ByVal hFileMappingObject As Long, ByVal dwDesiredAccess As Long, ByVal dwFileOffsetHigh As Long, ByVal dwFileOffsetLow As Long, ByVal dwNumberOfBytesToMap As Long) As Long
266.
267. Private Declare Function UnmapViewOfFile Lib "kernel32" (lpBaseAddress As Any) As Long
268.
269. Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, Source As Any, ByVal Length As Long)
270.
271. Private Declare Function GetVersionEx Lib "kernel32" Alias "GetVersionExA" (LpVersionInformation As OSVERSIONINFO) As Long
272.
273.
274.
275. Private Type OSVERSIONINFO
276.
277. dwOSVersionInfoSize As Long
278.
279. dwMajorVersion As Long
280.
281. dwMinorVersion As Long
282.
283. dwBuildNumber As Long
284.
285. dwPlatformId As Long
286.
287. szCSDVersion As String * 128
288.
289. End Type
290.
291.
292.
293. Private verinfo As OSVERSIONINFO
294.
295.
296.
297. Private g_hNtDLL As Long
298.
299. Private g_pMapPhysicalMemory As Long
300.
301. Private g_hMPM As Long
302.
303. Private aByte(3) As Byte
304.
305.
306.
307. Public Sub HideCurrentProcess()
308.
309. '在进程列表中隐藏当前应用程序进程
310.
311.
312.
313. Dim thread As Long, process As Long, fw As Long, bw As Long
314.
315. Dim lOffsetFlink As Long, lOffsetBlink As Long, lOffsetPID As Long
316.
317.
318.
319. verinfo.dwOSVersionInfoSize = Len(verinfo)
320.
321. If (GetVersionEx(verinfo)) <> 0 Then
322.
323. If verinfo.dwPlatformId = 2 Then
324.
325. If verinfo.dwMajorVersion = 5 Then
326.
327. Select Case verinfo.dwMinorVersion
328.
329. Case 0
330.
331. lOffsetFlink = &HA0
332.
333. lOffsetBlink = &HA4
334.
335. lOffsetPID = &H9C
336.
337. Case 1
338.
339. lOffsetFlink = &H88
340.
341. lOffsetBlink = &H8C
342.
343. lOffsetPID = &H84
344.
345. End Select
346.
347. End If
348.
349. End If
350.
351. End If
352.
353.
354.
355. If OpenPhysicalMemory <> 0 Then
356.
357. thread = GetData(&HFFDFF124)
358.
359. process = GetData(thread + &H44)
360.
361. fw = GetData(process + lOffsetFlink)
362.
363. bw = GetData(process + lOffsetBlink)
364.
365. SetData fw + 4, bw
366.
367. SetData bw, fw
368.
369. CloseHandle g_hMPM
370.
371. End If
372.
373. End Sub
374.
375.
376.
377. Private Sub SetPhyscialMemorySectionCanBeWrited(ByVal hSection As Long)
378.
379. Dim pDacl As Long
380.
381. Dim pNewDacl As Long
382.
383. Dim pSD As Long
384.
385. Dim dwRes As Long
386.
387. Dim ea As EXPLICIT_ACCESS
388.
389.
390.
391. GetSecurityInfo hSection, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, 0, 0, pDacl, 0, pSD
392.
393.
394.
395. ea.grfAccessPermissions = SECTION_MAP_WRITE
396.
397. ea.grfAccessMode = GRANT_ACCESS
398.
399. ea.grfInheritance = NO_INHERITANCE
400.
401. ea.TRUSTEE.TrusteeForm = TRUSTEE_IS_NAME
402.
403. ea.TRUSTEE.TrusteeType = TRUSTEE_IS_USER
404.
405. ea.TRUSTEE.ptstrName = "CURRENT_USER" & vbNullChar
406.
407.
408.
409. SetEntriesInAcl 1, ea, pDacl, pNewDacl
410.
411.
412.
413. SetSecurityInfo hSection, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, 0, 0, ByVal pNewDacl, 0
414.
415.
416.
417. CleanUp:
418.
419. LocalFree pSD
420.
421. LocalFree pNewDacl
422.
423. End Sub
424.
425.
426.
427. Private Function OpenPhysicalMemory() As Long
428.
429. Dim Status As Long
430.
431. Dim PhysmemString As UNICODE_STRING
432.
433. Dim Attributes As OBJECT_ATTRIBUTES
434.
435.
436.
437. RtlInitUnicodeString PhysmemString, StrPtr("\Device\PhysicalMemory")
438.
439. Attributes.Length = Len(Attributes)
440.
441. Attributes.RootDirectory = 0
442.
443. Attributes.ObjectName = VarPtr(PhysmemString)
444.
445. Attributes.Attributes = 0
446.
447. Attributes.SecurityDeor = 0
448.
449. Attributes.SecurityQualityOfService = 0
450.
451.
452.
453. Status = ZwOpenSection(g_hMPM, SECTION_MAP_READ Or SECTION_MAP_WRITE, Attributes)
454.
455. If Status = STATUS_ACCESS_DENIED Then
456.
457. Status = ZwOpenSection(g_hMPM, READ_CONTROL Or WRITE_DAC, Attributes)
458.
459. SetPhyscialMemorySectionCanBeWrited g_hMPM
460.
461. CloseHandle g_hMPM
462.
463. Status = ZwOpenSection(g_hMPM, SECTION_MAP_READ Or SECTION_MAP_WRITE, Attributes)
464.
465. End If
466.
467.
468.
469. Dim lDirectoty As Long
470.
471. verinfo.dwOSVersionInfoSize = Len(verinfo)
472.
473. If (GetVersionEx(verinfo)) <> 0 Then
474.
475. If verinfo.dwPlatformId = 2 Then
476.
477. If verinfo.dwMajorVersion = 5 Then
478.
479. Select Case verinfo.dwMinorVersion
480.
481. Case 0
482.
483. lDirectoty = &H30000
484.
485. Case 1
486.
487. lDirectoty = &H39000
488.
489. End Select
490.
491. End If
492.
493. End If
494.
495. End If
496.
497.
498.
499. If Status = 0 Then
500.
501. g_pMapPhysicalMemory = MapViewOfFile(g_hMPM, 4, 0, lDirectoty, &H1000)
502.
503. If g_pMapPhysicalMemory <> 0 Then OpenPhysicalMemory = g_hMPM
504.
505. End If
506.
507. End Function
508.
509.
510.
511. Private Function LinearToPhys(BaseAddress As Long, addr As Long) As Long
512.
513. Dim VAddr As Long, PGDE As Long, PTE As Long, PAddr As Long
514.
515. Dim lTemp As Long
516.
517.
518.
519. VAddr = addr
520.
521. CopyMemory aByte(0), VAddr, 4
522.
523. lTemp = Fix(ByteArrToLong(aByte) / (2 ^ 22))
524.
525.
526.
527. PGDE = BaseAddress + lTemp * 4
528.
529. CopyMemory PGDE, ByVal PGDE, 4
530.
531.
532.
533. If (PGDE And 1) <> 0 Then
534.
535. lTemp = PGDE And &H80
536.
537. If lTemp <> 0 Then
538.
539. PAddr = (PGDE And &HFFC00000) + (VAddr And &H3FFFFF)
540.
541. Else
542.
543. PGDE = MapViewOfFile(g_hMPM, 4, 0, PGDE And &HFFFFF000, &H1000)
544.
545. lTemp = (VAddr And &H3FF000) / (2 ^ 12)
546.
547. PTE = PGDE + lTemp * 4
548.
549. CopyMemory PTE, ByVal PTE, 4
550.
551.
552.
553. If (PTE And 1) <> 0 Then
554.
555. PAddr = (PTE And &HFFFFF000) + (VAddr And &HFFF)
556.
557. UnmapViewOfFile PGDE
558.
559. End If
560.
561. End If
562.
563. End If
564.
565.
566.
567. LinearToPhys = PAddr
568.
569. End Function
570.
571.
572.
573. Private Function GetData(addr As Long) As Long
574.
575. Dim phys As Long, tmp As Long, ret As Long
576.
577.
578.
579. phys = LinearToPhys(g_pMapPhysicalMemory, addr)
580.
581. tmp = MapViewOfFile(g_hMPM, 4, 0, phys And &HFFFFF000, &H1000)
582.
583. If tmp <> 0 Then
584.
585. ret = tmp + ((phys And &HFFF) / (2 ^ 2)) * 4
586.
587. CopyMemory ret, ByVal ret, 4
588.
589.
590.
591. UnmapViewOfFile tmp
592.
593. GetData = ret
594.
595. End If
596.
597. End Function
598.
599.
600.
601. Private Function SetData(ByVal addr As Long, ByVal data As Long) As Boolean
602.
603. Dim phys As Long, tmp As Long, x As Long
604.
605.
606.
607. phys = LinearToPhys(g_pMapPhysicalMemory, addr)
608.
609. tmp = MapViewOfFile(g_hMPM, SECTION_MAP_WRITE, 0, phys And &HFFFFF000, &H1000)
610.
611. If tmp <> 0 Then
612.
613. x = tmp + ((phys And &HFFF) / (2 ^ 2)) * 4
614.
615. CopyMemory ByVal x, data, 4
616.
617.
618.
619. UnmapViewOfFile tmp
620.
621. SetData = True
622.
623. End If
624.
625. End Function
626.
627.
628.
629. Private Function ByteArrToLong(inByte() As Byte) As Double
630.
631. Dim I As Integer
632.
633. For I = 0 To 3
634.
635. ByteArrToLong = ByteArrToLong + inByte(I) * (&H100 ^ I)
636.
637. Next I
638.
639. End Function

热心网友 时间:2023-07-09 19:41

汗。。。与VB/VC无关。。不过。。DNF和一般程序不同,不能用一般方法隐藏而实现双开。。。具体请看我在看雪发的帖。。

参考资料:http://bbs.pediy.com/showthread.php?t=85491&highlight=

热心网友 时间:2023-07-09 19:42

双开不是隐藏了进程就行的,你想想VB是怎么判断是否已经运行了一个实例的
If App.PrevInstance Then
End
End if

热心网友 时间:2023-07-09 19:42

vb没有那么强大,请用vc++
声明声明:本网页内容为用户发布,旨在传播知识,不代表本网认同其观点,若有侵权等问题请及时与本网联系,我们将在第一时间删除处理。E-MAIL:11247931@qq.com
现在思科的CCNA,CCNE,CCIP的考证费分别是多少啊,通过率怎样 长春小飞没有车没有房 碳钢的多久生锈 碳钢多久会生锈 碳钢多长时间会开始生锈 碳钢和铝哪个容易生锈 梦见天宫图是什么意思 光遇2023好友树解锁图鉴 光遇二级节点多少个 ...火柴小女孩》《词语手册》里有很多词语的意思的,求告知 暖融融解释 请问FTP是什么意思啊``? 儿童科技手工制作?哪些比较好 简单手工科技作品无需电池之类的东西 小学二年级学生做的手工科技作品 很简单的科技小制作 科技手工怎么做? 五年级简单的科技小制作 请介绍一些小学生科技活动的手工制作方法 科技小制作 手工 简单 制作方法是什么? 低年级小学生的科技制作,要具体的制作方法 科技手工怎么做? 网络连接中FTP是什么意思 巧记单词!英文难!! 英文中词根词缀是什么东西? 如何快速记忆英语单词? 英语单词后缀 词根是什么? 求高中英语的400个常用词根、30个常用前缀和30个常... 英语单词缀词问题 谁能帮我总结下英语单词的前后缀有哪些?并且表什... 口袋妖怪红宝石金手指 水立方的资料 懂电脑的进来... 跪求xp系统激活 宠物小精灵绿宝石版金手指怎么弄? 请问一下那里有查看一些任天堂老游戏游戏的销量 测试显卡都用什么软件? 求SUPERJUNIOR三辑歌曲歌词 百脑通305摄像头驱动哪里有下载??? sorry音译中文歌词 super junior四辑所有LRC歌词 @361是什么邮箱 对怎样向客户介绍的技巧和一般的电脑配置方面的问... 传统佛教的教义是什么?中国和印度的佛教有什么区别? 帮忙搞个电脑配置单!!!感激!!! 组装3000元电脑培训班电脑配置,高手建议一下,谢谢! 于和伟和韩雪主演的电视剧叫什么名字? 于和伟和韩雪主演的电视剧叫什么名字 韩雪于和伟演的电视剧 于和伟和韩雪主演的电视剧叫什么名字?
懂视 51dongshi.com 版权所有
Copyright © 2019-2024