VB 实现进程隐藏
今天的动画是:VB之系统进程显示器[包含木马的隐藏进程]
为了动画效果,我做了一次了
效果不是很好,因为有点复杂
开始吧
本例的控件有:
label 三个 commandButton 两个 忘记还有个Timer 设个3000吧
另外用来显示进程的ListView控件 还要去部件里弄 昨天没睡好,,打错字了别见怪
我们来设置这个listview控件 右键哦,,选属性,,看好吧
再点 列首 点插入 弄三个就够了
怎么设置的,请看我操作吧 我按顺序来,一个一个的来
加代码,
定义变量,声明API (这里我也看不太懂,只是知道原理,书上没解释. 可能就是用来
显示系统进程用的. 其它功能我也乱七八糟的加一片,反正是研究研究 ~_~)
'一组API函数需要的常量
Option Explicit
Private Const PROCESS_PRIORITY_IDLE = 4
Private Const PROCESS_PRIORITY_NORMAL = 8
Private Const PROCESS_PRIORITY_HIGH = 13
Private Const PROCESS_PRIORITY_REALTIME = 24
Private Const PROCESS_TERMINATE = &H1&
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal dwFlags As Long, ByVal dwIdProc As Long) As Long
Private Declare Function Process32First Lib "kernel32" (ByVal hndl As Long, ByRef pstru As ProcessEntry) As Boolean
Private Declare Function Process32Next Lib "kernel32" (ByVal hndl As Long, ByRef pstru As ProcessEntry) As Boolean
'打开任务
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function GetExitCodeProcess Lib "kernel32" (ByVal hProcess As Long, lpExitCode As Long) As Long
Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hnd As Long) As Boolean '关闭句柄
'一个保存进程信息的结构
Private Type ProcessEntry
dwSize As Long
peUsage As Long
peProcessID As Long
peDefaultHeapID As Long
peModuleID As Long
peThreads As Long
peParentProcessID As Long
pePriority As Long
dwFlags As Long
szExeFile As String * 260
End Type
Dim hnd As Long ' 任务句柄
Dim lRet As Long ' API 函数的返回值
Dim lExitCode As Long ' 结速代码
Dim SelectedProc As Long '选择进程
Dim SelectedProcTitle As String '选择进程名称
Sub RefreshTasks()
Dim iIdx As Integer
Dim bRet As Boolean
Dim lSnapShot As Long
Dim tmpPE As ProcessEntry
Dim intProcesses As Integer
Dim intThreads As Integer
Dim tmpProcName As String
Dim tmpPriority As String
ListView1.ListItems.Clear
lSnapShot = CreateToolhelp32Snapshot(&H2, 0)
tmpPE.dwSize = Len(tmpPE)
bRet = Process32First(lSnapShot, tmpPE)
Do Until bRet = False
tmpProcName =
LCase(Mid(tmpPE.szExeFile, InStrRev(tmpPE.szExeFile, "\", Len(tmpPE.szExeFile)) + 1, Len(tmpPE.szExeFile) - InStrRev(tmpPE.szExeFile, "\", 1)))
tmpProcName = Left(tmpProcName, InStr(1, tmpProcName, Chr(0)) - 1)
Select Case tmpPE.pePriority
Case PROCESS_PRIORITY_IDLE
tmpPriority = "Idle"
Case PROCESS_PRIORITY_NORMAL
tmpPriority = "Normal"
Case PROCESS_PRIORITY_REALTIME
tmpPriority = "Realtime"
Case PROCESS_PRIORITY_HIGH
tmpPriority = "High"
End Select
With ListView1.ListItems.Add(, , tmpProcName)
.SubItems(1) = tmpPriority
.SubItems(2) = tmpPE.peProcessID
.SubItems(3) = tmpPE.peThreads
End With
intProcesses = intProcesses + 1
intThreads = intThreads + tmpPE.peThreads
bRet = Process32Next(lSnapShot, tmpPE)
Loop
Label1.Caption = "任务:" & intProcesses
Label2.Caption = "线程:" & intThreads
End Sub
第一个按钮:
Private Sub Command1_Click()
RefreshTasks
Command1.Caption = IIf(Command1.Caption = "启动刷新", "停止刷新", "启动刷新")
Timer1.Enabled = Not Timer1.Enabled
End Sub
第二个按钮:
Private Sub Command2_Click()
Dim OkOrCancel As Long
If SelectedProc <> 0 Then
If MsgBox("是否确定中止 " & SelectedProcTitle & " 任务", 1) = vbOK Then EndProcess SelectedProc
Else
MsgBox "请选择一个任务!"
End If
End Sub
窗体:
Private Sub Form_Load()
With ListView1
.ColumnHeaders(1).Width = .Width / 3
.ColumnHeaders(2).Width = .Width / 6
.ColumnHeaders(3).Width = .Width / 5
.ColumnHeaders(4).Width = .Width / 6
End With
RefreshTasks
End Sub
listview控件:
Private Sub ListView1_ItemClick(ByVal Item As MSComctlLib.ListItem)
SelectedProc = Item.SubItems(2)
SelectedProcTitle = Item
Label3.Caption = SelectedProcTitle
End Sub
时间:
Private Sub Timer1_Timer()
RefreshTasks
End Sub
Sub EndProcess(strProcess As Long)
hnd = OpenProcess(PROCESS_TERMINATE, 0, strProcess)
lRet = GetExitCodeProcess(hnd, lExitCode)
lRet = TerminateProcess(hnd, lExitCode)
lRet = CloseHandle(hnd)
End Sub
OK 就这样了,功能由大家的见识去加吧,比如监视,,算啦``打字没心情
由于我还没安VB,不能生成.exe,所以没法做试验,如果大家觉得有问题的话,可以加我
我的群:14193459 刚建的,也不需要太多人,因为人多吵,如果你有心加的话,那就请
加吧,,我12小时在线等待 -_-~! 教程就到这里咯``,对了,他编了个隐藏进程的,,我试过了,不过,有些系统不支,所以我没拿上来``换了种方法