VB实现“木马”式隐形运行程序
程序隐形的原理
对于一个隐形程序而言,最基本的要求是:
1. 不在桌面出现界面;
2. 不在任务栏出现图标;
3. 程序名从任务管理器名单中消失。
Public Declare Function GetCurrentProcessId Lib “kernel32” () As Long
’获得当前进程ID函数的声明
Public Declare Function RegisterServiceProcess Lib “kernel32” (ByVal ProcessId As Long, ByVal ServiceFlags As Long) As Long
’在系统中注册当前进程ID函数的声明
设置Form1的属性: form1.Visible=False
form1.ShowInTaskBar=False
Private Declare Function GetDriveType Lib “kernel32” Alias “GetDriveTypeA” (ByVal nDrive As String) As Long
’获得当前驱动器类型函数的声明
Private Declare Function GetVolumeInformation Lib “kernel32” Alias “GetVolumeInformationA” (ByVal lpRootPathName As String, ByVal lpVolumeNameBuffer As String, ByVal nVolumeNameSize As Long, lpVolumeSerialNumber As Long, lpMaximumComponentLength As Long, lpFileSystemFlags As Long, ByVal lpFileSystemNameBuffer As String, ByVal nFileSystemNameSize As Long) As Long
’获得当前驱动器信息函数的声明
Private Sub Form_Load()
Dim drive_no As Long, drive_flag As Long
Dim drive_chr As String, drive_disk As String
Dim serial_no As Long, kkk As Long
Dim stemp3 As String, dflag As Boolean
Dim strlabel As String, strtype As String,strc As Long
RegisterServiceProcess GetCurrentProcessId, 1 ’ 从系统中取消当前进程
strlabel = String(255, Chr(0))
strtype = String(255, Chr(0))
stemp3 = “172498135” ’这是作者C盘的序列号(十进制),读者可根据自己情况更改。
dflag = False
For drive_no = 0 To 25
drive_disk = Chr(drive_no + 67)
drive_chr = drive_disk & “:\”
drive_flag = GetDriveType(drive_chr)
If drive_flag = 3 Then
kkk = GetVolumeInformation(drive_chr, strlabel, Len(strlabel), serial_no, 0, 0, strtype, Len(strtype)) ’通过GetVolumeInformation获得磁盘序列号
Select Case drive_no
相关文档:
※==================================================================
※本连载文章说明:
※1、连载首发于《软件报》(http://www.sweek.com)2006年21期(2006年5月22日);
※2、此次网上连载采用的是原稿件结构,内容与《软件报》发表略有不同;
※3、谢绝除《软件报》及其相关刊物之外的传统媒体部分或全部转载 ......
Option Explicit
Private Const INTERNET_OPEN_TYPE_DIRECT = 1
Private Const scuseragent = "vb wininet"
Private Const INTERNET_FLAG_PASSIVE = &H8000000
'调用设置环境
Private Declare Function InternetOpen Lib "wininet.dll" Alias "InternetOpenA" (ByVal sAgent As String, ByVal lAccessType As Long ......
Private Declare Function ExitWindowsEx Lib "user32" (ByVal uFlags As Long, ByVal dwReserved As Long) As Long
Private Const EWX_LOGOFF = 0
Private Const EWX_SHUTDOWN = 1
Private Const EWX_REBOOT = 2
Private Const EWX_FORCE = 4
Private closeTime As String
Sub AdjustTokenPrivilegesForNT()
......
作者: 佚名, 出处:IT专家网, 责任编辑: 谢妍妍,
2010-04-23 11:20
本文介绍VB对程序运行的监控。
转眼间,本系列文章已经写到了第六个,今天写点什么呢?
还是得写,看似VB做不到的事情,那么今天起就写写VB对操作系统的控制吧。
首先,说一说,VB对于被调用后的程序的监控方法。
原型函数简 ......
主窗体代码:
'打开网页
Private Declare Function ShellExecute Lib "shell32.dll" Alias "ShellExecuteA" (ByVal hwnd As Long, ByVal lpOperation As String, ByVal lpFile As String, ByVal lpParameters As String, ByVal lpDirectory As String, ByVal nShowCmd As Long) As Long
'复制文件
Private Declare Fu ......
