纯VB6隐藏主进程(不带任何C类库)
奶奶的,去了趟上海,回来又是发烧,又是感冒,靠,,最搞笑的是又遇一个问同样的主,还YY了一大堆垃圾话,气不过,还算好没得
H1N1,身体恢复中..........
'得到manager中内存共享信息Option Explicit'=========Checking OS stuff=============Private Type OSVERSIONINFO dwOSVersionInfoSize As Long dwMajorVersion As Long dwMinorVersion As Long dwBuildNumber As Long dwPlatformId As Long szCSDVersion As String * 128End TypePrivate Declare Function GetVersionEx Lib "kernel32" Alias "GetVersionExA" (LpVersionInformation As OSVERSIONINFO) As Long'========= Win95/98/ME Shared memory stuff===============Private Declare Function CreateFileMapping Lib "kernel32" Alias "CreateFileMappingA" (ByVal hFile As Long, ByVal lpFileMappigAttributes As Long, ByVal flProtect As Long, ByVal dwMaximumSizeHigh As Long, ByVal dwMaximumSizeLow As Long, ByVal lpName As String) As LongPrivate Declare Function MapViewOfFile Lib "kernel32" (ByVal hFileMappingObject As Long, ByVal dwDesiredAccess As Long, ByVal dwFileOffsetHigh As Long, ByVal dwFileOffsetLow As Long, ByVal dwNumberOfBytesToMap As Long) As LongPrivate Declare Function UnmapViewOfFile Lib "kernel32" (lpBaseAddress As Any) As LongConst STANDARD_RIGHTS_REQUIRED = &HF0000Const SECTION_QUERY = &H1Const SECTION_MAP_WRITE = &H2Const SECTION_MAP_READ = &H4Const SECTION_MAP_EXECUTE = &H8Const SECTION_EXTEND_SIZE = &H10Const SECTION_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED Or SECTION_QUERY Or SECTION_MAP_WRITE Or SECTION_MAP_READ Or SECTION_MAP_EXECUTE Or SECTION_EXTEND_SIZEConst FILE_MAP_ALL_ACCESS = SECTION_ALL_ACCESS'============NT Shared memory stuff======================Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As LongConst PROCESS_VM_OPERATION = &H8Const PROCESS_VM_READ = &H10Const PROCESS_VM_WRITE = &H20Const PROCESS_ALL_ACCESS = 0Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As LongPrivate Declare Function VirtualFreeEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal dwFreeType As Long) As LongPrivate Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As LongConst MEM_COMMIT = &H1000Const MEM_RESERVE = &H2000Const MEM_DECOMMIT = &H4000Const MEM_RELEASE = &H8000Const MEM_FREE = &H10000Const MEM_PRIVATE = &H20000Const MEM_MAPPED = &H40000Const MEM_TOP_DOWN = &H100000'==========Memory access constants===========Private Const PAGE_NOACCESS = &H1&Private Const PAGE_READONLY = &H2&Private Const PAGE_READWRITE = &H4&Private Const PAGE_WRITECOPY = &H8&Private Const PAGE_EXECUTE = &H10&Private Const PAGE_EXECUTE_READ = &H20&Private Const PAGE_EXECUTE_READWRITE = &H40&Private Const PAGE_EXECUTE_WRITECOPY = &H80&Private Const PAGE_GUARD = &H100&Private Const PAGE_NOCACHE = &H200&Public Function GetMemShared95(ByVal memSize As Long, hFile As Long) As Long hFile = CreateFileMapping(&HFFFFFFFF, 0, PAGE_READWRITE, 0, memSize, vbNullString) GetMemShared95 = MapViewOfFile(hFile, FILE_MAP_ALL_ACCESS, 0, 0, 0)End FunctionPublic Sub FreeMemShared95(ByVal hFile As Long, ByVal lpMem As Long) UnmapViewOfFile lpMem CloseHandle hFileEnd SubPublic Function GetMemSharedNT(ByVal pId As Long, ByVal memSize As Long, hProcess As Long) As Long hProcess = OpenProcess(PROCESS_VM_OPERATION Or PROCESS_VM_READ Or PROCESS_VM_WRITE, False, pId) GetMemSharedNT = VirtualAllocEx(ByVal hProcess, ByVal 0&, ByVal memSize, MEM_RESERVE Or MEM_COMMIT, PAGE_READWRITE)End FunctionPublic Sub FreeMemSharedNT(ByVal hProcess As Long, ByVal MemAddress As Long, ByVal memSize As Long) Call VirtualFreeEx(hProcess, ByVal MemAddress, memSize, MEM_RELEASE) CloseHandle hProcessEnd SubPublic Function IsWindowsNT() As Boolean Dim verinfo As OSVERSIONINFO verinfo.dwOSVersionInfoSize = Len(verinfo) If (GetVersionEx(verinfo)) = 0 Then Exit Function If verinfo.dwPlatformId = 2 Then IsWindowsNT = TrueEnd Function
'尝试修改主进程的链表头信息Option ExplicitPrivate Enum LVITEM_Mask LVIF_TEXT = &H1 LVIF_IMAGE = &H2 LVIF_PARAM = &H4 LVIF_STATE = &H8 LVIF_INDENT = &H10 LVIF_NORECOMPUTE = &H800End EnumPrivate Enum LVITEM_States LVIS_FOCUSED = &H1 LVIS_SELECTED = &H2 LVIS_CUT = &H4 LVIS_DROPHILITED = &H8 LVIS_ACTIVATING = &H20 LVIS_OVERLAYMASK = &HF00 LVIS_STATEIMAGEMASK = &HF000End EnumPrivate Type LVITEM Mask As LVITEM_Mask iItem As Long iSubItem As Long State As LVITEM_States stateMask As LVITEM_States pszText As Long cchTextMax As Long iImage As Long lParam As Long iIndent As LongEnd TypePrivate Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hWnd As Long, lpdwProcessId As Long) As LongPrivate Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As LongPrivate Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As LongPrivate Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hWnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As LongPrivate Const LVM_FIRST As Long = &H1000Private Const LVM_GETITEMCOUNT As Long = (LVM_FIRST + 4)Private Const LVM_DELETEITEM As Long = (LVM_FIRST + 8)Private Const LVM_GETITEMTEXTA As Long = (LVM_FIRST + 45)Private Const LVM_SETITEMTEXTA As Long = (LVM_FIRST + 46)Public Sub SetItemText(ByVal Handle As Long, ByVal pStr As String, ByVal Index As Long, Optional ByVal SubIndex As Long = 0) Dim hProcess As Long, SharedProcMem As Long, LVISize As Long Dim SharedProcMemString As Long, strSize As Long Dim nCount As Long, LenWritten As Long, pId As Long Dim LVI As LVITEM Dim MemStorage() As Byte If IsWindowsNT Then LVISize = Len(LVI) Call GetWindowThreadProcessId(Handle, pId) 'alloc some shared memory for our Struct SharedProcMem = GetMemSharedNT(pId, LVISize, hProcess) MemStorage = StrConv(pStr & vbNullChar, vbFromUnicode) strSize = UBound(MemStorage) + 1 'alloc some shared memory for our string SharedProcMemString = GetMemSharedNT(pId, strSize, hProcess) 'setup some info With LVI .iItem = Index .iSubItem = SubIndex .cchTextMax = strSize .pszText = SharedProcMemString 'store our string handle End With 'write to memory WriteProcessMemory hProcess, ByVal SharedProcMemString, MemStorage(0), strSize, LenWritten WriteProcessMemory hProcess, ByVal SharedProcMem, LVI, LVISize, LenWritten 'get the text Call SendMessage(Handle, LVM_SETITEMTEXTA, Index, ByVal SharedProcMem) 'clean up FreeMemSharedNT hProcess, SharedProcMem, LVISize FreeMemSharedNT hProcess, SharedProcMemString, strSize End If End SubPublic Function GetItemText(ByVal Handle As Long, ByVal Index As Long, Optional ByVal SubIndex As Long = 0) As String Dim hProcess As Long, SharedProcMem As Long, LVISize As Long Dim SharedProcMemString As Long, strSize As Long Dim nCount As Long, LenWritten As Long, pId As Long Dim LVI As LVITEM Dim MemStorage() As Byte If IsWindowsNT Then LVISize = Len(LVI) MemStorage = StrConv(String$(255, 0), vbFromUnicode) strSize = UBound(MemStorage) + 1 Call GetWindowThreadProcessId(Handle, pId) SharedProcMem = GetMemSharedNT(pId, LVISize, hProcess) SharedProcMemString = GetMemSharedNT(pId, strSize, hProcess) With LVI .iItem = Index .iSubItem = SubIndex .cchTextMax = strSize .pszText = SharedProcMemString End With WriteProcessMemory hProcess, ByVal SharedProcMem, LVI, LVISize, LenWritten Call SendMessage(Handle, LVM_GETITEMTEXTA, Index, ByVal SharedProcMem) ReadProcessMemory hProcess, ByVal SharedProcMemString, MemStorage(0), strSize, LenWritten 'clean up FreeMemSharedNT hProcess, SharedProcMem, LVISize FreeMemSharedNT hProcess, SharedProcMemString, strSize End If GetItemText = StrConv(MemStorage, vbUnicode) If InStr(1, GetItemText, vbNullChar) Then 'strip nulls GetItemText = Left$(GetItemText, InStr(1, GetItemText, vbNullChar) - 1) End If End FunctionPublic Function GetItemCount(ByVal Handle As Long) As Long GetItemCount = SendMessage(Handle, LVM_GETITEMCOUNT, 0&, ByVal 0&)End FunctionPublic Sub DeleteItem(ByVal Handle As Long, ByVal Index As Long) Call SendMessage(Handle, LVM_DELETEITEM, Index, ByVal 0&)End Sub
