VB 简单反调试模块

yeuego

浏览: 167799 次
性别:
来自: 广州

最近访客更多访客>>

leadtoit

lanyan_lan

仁生之狼

lalahei

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

博客分类：

嘿嘿，忽悠人还是不错的。

Option Explicit

Public Const PROCESS_VM_READ = &H10
Public Const TH32CS_SNAPPROCESS = &H2
Public Const PROCESS_QUERY_INFORMATION = &H400
Public Const PROCESS_TERMINATE = &H1

Public Declare Function Process32First Lib "kernel32" (ByVal hSnapshot As Long, lppe As PROCESSENTRY32) As Long
Public Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal dwFlags As Long, ByVal th32ProcessID As Long) As Long
Public Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, ByVal lpThreadAttributes As Long, ByVal dwStackSize As Long, ByVal lpStartAddress As Long, ByVal lpParameter As Long, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long
Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Public Declare Function Process32Next Lib "kernel32" (ByVal hSapshot As Long, lppe As PROCESSENTRY32) As Long
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Public Declare Function GetCurrentProcessId Lib "kernel32" () As Long
Public Declare Function GetModuleFileNameExA Lib "psapi.dll" (ByVal hProcess As Long, ByVal hModule As Long, ByVal lpFilename As String, ByVal nSize As Long) As Long
Public Declare Function GetWindowsDirectory Lib "kernel32" Alias "GetWindowsDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long
Public Type PROCESSENTRY32
dwSize As Long
cntUseage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
swFlags As Long
szExeFile As String * 1024
End Type

Public Sub GetProcessId() '判斷父進程是不Explorer.exe

Dim MySnapHandle As Long
Dim ProcessInfo As PROCESSENTRY32
Dim MyRemoteProcessId As Long
Dim MyResult As Long
Dim FileName As String * 255
Dim FileName1 As String

MySnapHandle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)

ProcessInfo.dwSize = Len(ProcessInfo)

If Process32First(MySnapHandle, ProcessInfo) <> 0 Then

Do

If ProcessInfo.th32ProcessID = GetCurrentProcessId() Then

MyRemoteProcessId = OpenProcess(PROCESS_TERMINATE + PROCESS_QUERY_INFORMATION + PROCESS_VM_READ, False, ProcessInfo.th32ParentProcessID)

MyResult = GetModuleFileNameExA(MyRemoteProcessId, 0, FileName, 255)

FileName1 = Left(FileName, MyResult)

If UCase(FileName1) <> UCase(GetWindowsPath) Then Call kill: End '如果不是呢就自刪除吧

End If

Loop While Process32Next(MySnapHandle, ProcessInfo) <> 0

End If

CloseHandle MySnapHandle

End Sub

Public Function GetWindowsPath() As String '取Explorer.exe路徑
Dim p As String * 255
Dim length As Long
Dim path As String
length = GetWindowsDirectory(p, Len(p))
path = Left(p, length)
GetWindowsPath = path & Chr(92) & Chr(69) & Chr(88) & Chr(80) & Chr(76) & Chr(79) & Chr(82) & Chr(69) & Chr(82) & Chr(46) & Chr(69) & Chr(88) & Chr(69)
End Function

Public Sub Main()
On Error Resume Next
Call GetProcessId
'Form1.Show '顯窗口或怎麼樣.隨你啦
End Sub

Public Sub kill() '自我刪除
On Error Resume Next
Dim s As String
s = App.path
If Right(s, 1) <> "\" Then s = s & "\"
Open s & "kill.bat" For Output As #1
Print #1, ":redel"
Print #1, "del " & Chr(34) & s & App.EXEName & ".exe" & Chr(34)
Print #1, "if exist " & Chr(34) & s & App.EXEName & ".exe" & Chr(34) & " goto redel"
Print #1, "del %0"
Print #1,
Close #1
Shell Chr(34) & s & "kill.bat" & Chr(34), vbHide
End Sub

分享到：

VB 创建SYSTEM用户进程 | 一些有用的未公开API的VB声明

2011-03-09 10:25
浏览 889
评论(0)
分类:研发管理
查看更多

发表评论

您还没有登录,请您登录后再发表评论

最近访客更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论

VB 简单反调试模块

评论

发表评论

相关推荐

最近访客 更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论

VB 简单反调试模块

评论

发表评论

相关推荐

vb 启动外部程序并且模拟鼠标点击

VB 列出SQL数据库中所有表及字段信息

VB 纯代码实现Timer控件的功能

VB 控制音量

拦截 VB TextBox 双击消息

VB 获取/设置屏幕分辨率

VB 将数据快速导入EXCEL

VB 建立快捷方式

VB 获取快捷方式原文件路径

VB 的一组字符串转换函数

VB 在浏览目录时指定初始目录

VB 获得鼠标滚轮的事件

VB 比较两组字符串

VB 用API下载文件实例

VB 窗口处理技巧大全

VB 实现屏幕右下角浮出式消息窗口，透明淡出效果。

VB Filter 函数用法

VB 在EXPLORER进程崩溃之后重建托盘图标

Shell 调用程序后等待该程序结束后返回继续

VB 最简单的WAV声音或音乐文件播放的代码

最近访客更多访客>>