读书人
栏目

收藏一个列举进程的代码,能列举出一般

发布时间: 2012-01-13 22:43:29 作者: rapoo

收藏一个列举进程的代码,能列举出一般的隐藏进程......
这个代码里面使用的关键API并不是常见的CreateToolhelp32Snapshot那一套API.

它使用的是位于psapi.dll里的EnumProcesses函数

具体代码如下:

'工程需要一个窗体,上面添加一个按钮,一个列表框控件,名称不改,默认.

Option Explicit

Private Declare Function EnumProcesses Lib "psapi.dll " (ByRef lpidProcess As Long, ByVal cb As Long, ByRef cbNeeded As Long) As Long
Private Declare Function OpenProcess Lib "kernel32.dll " (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function EnumProcessModules Lib "psapi.dll " (ByVal hProcess As Long, ByRef lphModule As Long, ByVal cb As Long, ByRef lpcbNeeded As Long) As Long
Private Declare Function GetModuleFileNameEx Lib "psapi.dll " Alias "GetModuleFileNameExA " (ByVal hProcess As Long, ByVal hModule As Long, ByVal lpFilename As String, ByVal nSize As Long) As Long
Private Declare Function CloseHandle Lib "kernel32.dll " (ByVal hObject As Long) As Long
Private Declare Function GetProcessImageFileName Lib "psapi.dll " Alias "GetProcessImageFileNameA " (ByVal hProcess As Long, ByVal lpImageFileName As String, ByVal nSize As Long) As Long

Private Const PROCESS_QUERY_INFORMATION As Long = (&H400)
Private Const PROCESS_VM_READ As Long = (&H10)

Private Sub Form_Load()
Command1.Caption = "Refresh "
Command1_Click
End Sub

Private Sub Command1_Click()
Dim aProcesses(1023) As Long, cProcesses As Long
Dim cbNeeded As Long, PidFor As Long, hModule As Long
Dim hProcess As Long, sHide As Boolean
Dim i As Long, szName As String

On Error Resume Next

List1.Clear
If EnumProcesses(aProcesses(0), 4& * 1024, cbNeeded) <> 0 Then
cProcesses = cbNeeded \ 4&
For PidFor = &HC& To &HFFFF& Step 4&
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_READ, 0, PidFor)
If hProcess <> 0 Then


sHide = True
szName = " <Unknown> " + Space(1024 - 9)
For i = 0 To cProcesses - 1
If PidFor = aProcesses(i) Then
sHide = False
Exit For
End If
Next i
If EnumProcessModules(hProcess, hModule, 4&, 0&) <> 0 Then
GetModuleFileNameEx hProcess, hModule, szName, 1024
szName = Left(szName, InStr(1, szName, vbNullChar) - 1)
szName = CStr(PidFor) + vbTab + szName
If sHide Then szName = szName + vbTab + "--[Hidden]-- "
List1.AddItem szName
Else
GetProcessImageFileName hProcess, szName, 1024
szName = Left(szName, InStr(1, szName, vbNullChar) - 1)
szName = CStr(PidFor) + vbTab + szName + vbTab + "--[Zombie]-- "
List1.AddItem szName


End If
CloseHandle hProcess
End If
Next PidFor
End If
End Sub

使用了之前我收集的隐藏进程DLL与隐藏进程BAS进行了测试,的确可以在系统自带任务管理器里看不见的情况下,正确列举出隐藏进程.

不知道这个API实现的原理是什么....?

工程文件打包下载:

http://www.m5home.com/blog/blogview.asp?logID=458

http://m5home.vicp.net/blog/blogview.asp?logID=458

PS:

一次登录只有十分可给,有点少...一下子就光光了:(

又没人肯结帖结多点分给我,嘿嘿:)

[解决办法]
........
老马 你跟不上时代了啊

读书人网 >VB

热点推荐

触屏版 | 电脑版

读书人网 m.reader8.net