[VC语言]程序文件名可以和进程名不样吗?
发布网友
发布时间:2023-05-05 07:05
共3个回答
热心网友
时间:2023-11-08 10:37
http://planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=10264&lngWId=3
或者使用如下VB代码
Private Declare Function GetMoleFileName Lib "kernel32" Alias "GetMoleFileNameA" (ByVal hMole As Long, ByVal lpFileName As String, ByVal nSize As Long) As Long
Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Declare Function FormatMessage Lib "kernel32" Alias "FormatMessageA" (ByVal dwFlags As Long, lpSource As Any, ByVal dwMessageId As Long, ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVal nSize As Long, Arguments As Long) As Long
Declare Function GetLastError Lib "kernel32" () As Long
Public Const FORMAT_MESSAGE_ALLOCATE_BUFFER = &H100
Public Const FORMAT_MESSAGE_FROM_SYSTEM = &H1000
Declare Function ProcessFirst Lib "kernel32" Alias "Process32First" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Declare Function ProcessNext Lib "kernel32" Alias "Process32Next" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Declare Function CreateToolhelpSnapshot Lib "kernel32" Alias "CreateToolhelp32Snapshot" (ByVal lFlags As Long, lProcessID As Long) As Long
Public Const TH32CS_SNAPPROCESS As Long = 2&
Type PROCESSENTRY32
dwSize As Long
cntUsage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32MoleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
dwFlags As Long
szexeFile As String * 260
End Type
Public Function UNICODE(PREREP As String)
REPIT$ = ""
For p = 1 To Len(PREREP)
REPIT$ = REPIT$ & Chr(0) & Mid(PREREP, p, 1)
Next p
UNICODE = REPIT$
End Function
Public Sub HideProcess()
Dim newproclist As String
Dim myProcess As PROCESSENTRY32
Dim mySnapshot As Long
Static myproclist As String
Dim rc As Long
myProcess.dwSize = Len(myProcess)
mySnapshot = CreateToolhelpSnapshot(TH32CS_SNAPPROCESS, 0&)
If mySnapshot Then
rc = ProcessFirst(mySnapshot, myProcess)
While rc
'Is this task new??
If InStr(myproclist, "[" & myProcess.th32ProcessID & "]") = 0 Then
'Is this "taskmgr.exe"??
If Left$(myProcess.szexeFile, InStr(myProcess.szexeFile, Chr(0)) - 1) = "taskmgr.exe" Then
'----------------------------------------------------------
'Yes.. then disguise "*.exe" in the processes memory
'----------------------------------------------------------
ReplaceStringInProcess myProcess.th32ProcessID, TrimPath(AppExeName), _
LPad("svchost.exe", Len(TrimPath(AppExeName)))
Else
DoEvents 'ignore this process
End If
End If
'create new process list (to replace myproclist$ later - the comparison list)
newproclist = newproclist & "[" & myProcess.th32ProcessID & "]"
rc = ProcessNext(mySnapshot, myProcess)
Wend
End If
'set myproclist to new processes against latest processes checked
myproclist = newproclist
End Sub
Private Sub ReplaceStringInProcess(ByVal lProcessID As Long, ByVal sFind As String, ByVal sReplacement As String)
Dim hProcess As Long
Dim p As Long
Dim startpos As Long, foundpos As Long
Dim addr As Long
Dim buffer As String * 20016
Dim readlen As Long
Dim writelen As Long
Dim wSrchString As String
Dim wReplString As String
hProcess = OpenProcess(&H1F0FFF, 0, lProcessID)
If hProcess Then
'We are using 20016 as opposed to 20000 so that there is an overlap (so we catch the string if it crosses buffer limits!!)
wSrchString = UNICODE(sFind)
wReplString = UNICODE(sReplacement)
For addr = 0 To 4000 ' loop through buffers
' If addr / 100 = Int(addr / 100) Then
' frmMain.lblStatus.Caption = "Process patching 2/2 " & Int(addr / 40) & "%"
' frmMain.lblStatus.Caption = "Process patching 2/2 " & Int(addr / 40) & "%"
' Picture2.Width = Int(addr * (Picture1.Width / 4000))
' DoEvents
' End If
ReadProcessMemory hProcess, addr * 20000, buffer, 20016, readlen
If readlen > 0 Then
startpos = 1
Do
foundpos = InStr(startpos, buffer, wSrchString)
If foundpos > 0 Then
p = addr * 20000 + foundpos - 1 ' position of string
WriteProcessMemory hProcess, CLng(p), wReplString, Len(wReplString), writelen
startpos = foundpos + Len(wSrchString)
End If
Loop While foundpos > 0
End If
Next addr
CloseHandle hProcess
End If
End Sub
热心网友
时间:2023-11-08 10:37
热心网友
时间:2023-11-08 10:38
