想反编译VB6.0写的东西?你得多动动脑袋了!!!
VB6.0因为其编写方便,而被一些人一直称是"垃圾"计算机语言,今天在这里和大家共享几个反反编译的办法,希望对大家有用!
'--------------------------------------------------
1.检测程序是否被各类debug程式所加载研究!
- VB code
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal dwFlags As Long, ByVal th32ProcessID As Long) As LongPrivate Declare Function Process32First Lib "kernel32" (ByVal hSnapShot As Long, lppe As PROCESSENTRY32) As LongPrivate Declare Function Process32Next Lib "kernel32" (ByVal hSnapShot As Long, lppe As PROCESSENTRY32) As LongPrivate Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As LongPrivate Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal blnheritHandle As Long, ByVal dwAppProcessId As Long) As Long Const MAX_PATH As Integer = 260Const TH32CS_SNAPPROCESS As Long = 2&Private Type PROCESSENTRY32 dwSize As Long cntUsage As Long th32ProcessID As Long th32DefaultHeapID As Long th32ModuleID As Long cntThreads As Long th32ParentProcessID As Long pcPriClassBase As Long dwFlags As Long szExeFile As String * 1024End TypePrivate Sub Command1_Click()If Opencsrss = True ThenMsgBox "发现调试器,请关闭", , "警告"ElseMsgBox "没有发现调试", , "恭喜"End IfEnd Sub Private Function Opencsrss() As Boolean'发现调试器返回TRUE,没有发现则返回FALSE On Error GoTo mapleDim Process As PROCESSENTRY32Dim hSnapShot As LongDim l1 As LongDim flag As BooleanDim mName As StringDim i As IntegerDim pid As Long, WOW As Long '注意这2个变量就用来存放2个IDhSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0&) '建立进程快照 If hSnapShot Then Process.dwSize = 1060 If (Process32First(hSnapShot, Process)) Then '遍历第一个进程,获得PROCESSENTRY32结构 Do i = InStr(1, Process.szExeFile, Chr(0)) '获得映像名称 mName = LCase(Left(Process.szExeFile, i - 1)) '并转换成小写 If mName = "csrss.exe" Then '是不是WOW.exe WOW = Process.th32ProcessID '获得进程ID End If Loop Until (Process32Next(hSnapShot, Process) < 1) '遍历所有进程直到返回值为False End If l1 = CloseHandle(hSnapShot) End If If WOW <> 0 Then Dim jiejie As Long jiejie = OpenProcess(1&, -1&, WOW) '测试打开能力 If jiejie <> 0 Then Opencsrss = True Else Opencsrss = False End If End IfExit Functionmaple:Opencsrss = False End Function
代码很简单,大家看着玩!
2.timer反调试
- VB code
Private Sub Command1_Click() '假设这里是我们的注册过程,我们隔三差五随意将以下代码复制粘帖'------------------------------Dim ctime As DoubleDim dtime As Doublectime = Timerdtime = TimerIf dtime - ctime = 0 ThenMsgBox dtime - ctime, , "正常运行,经历时间:"'实际软件中,应该彻底隐蔽这些提示消息ElseMsgBox dtime - ctime, , "发现调试器,经历时间:"End If End Sub
为什么用timer??很简单,当别人开始调试的时候,莫非他是千只眼,一眼千行?? :)
3.对于运行环境进行检测
- VB code
Private Declare Sub GetStartupInfo Lib "kernel32" Alias "GetStartupInfoA" (lpStartupInfo As STARTUPINFO) Private Type STARTUPINFO '(createprocess) cb As Long lpReserved As Long lpDesktop As Long lpTitle As Long dwX As Long dwY As Long dwXSize As Long dwYSize As Long dwXCountChars As Long dwYCountChars As Long dwFillAttribute As Long dwFlags As Long wShowWindow As Integer cbReserved2 As Integer lpReserved2 As Long hStdInput As Long hStdOutput As Long hStdError As LongEnd Type Private Sub Command1_Click()If StartAnti = True ThenMsgBox "发现调试器,请关闭", , "警告"ElseMsgBox "没有发现调试器", , "通过"End IfEnd Sub Private Sub Form_Load()If StartAnti = True ThenMsgBox "发现调试器,请关闭", , "警告"ElseMsgBox "没有发现调试器", , "通过"End IfEnd Sub Private Function StartAnti() As BooleanDim Huanjing As STARTUPINFOGetStartupInfo HuanjingIf Huanjing.dwX <> 0 Or Huanjing.dwY <> 0 Or Huanjing.dwXCountChars <> 0 Or Huanjing.dwYCountChars <> 0 Or Huanjing.dwFillAttribute <> 0 Or Huanjing.dwXSize <> 0 Or Huanjing.dwYSize <> 0 ThenStartAnti = TrueElseStartAnti = FalseEnd IfEnd Function
4.检查我们的程序是否在正常的父进程中运行
- VB code
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal dwFlags As Long, ByVal th32ProcessID As Long) As LongPrivate Declare Function Process32First Lib "kernel32" (ByVal hSnapShot As Long, lppe As PROCESSENTRY32) As LongPrivate Declare Function Process32Next Lib "kernel32" (ByVal hSnapShot As Long, lppe As PROCESSENTRY32) As LongPrivate Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As LongPrivate Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal blnheritHandle As Long, ByVal dwAppProcessId As Long) As LongPrivate Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As LongConst MAX_PATH As Integer = 260Const TH32CS_SNAPPROCESS As Long = 2&Private Type PROCESSENTRY32 dwSize As Long cntUsage As Long th32ProcessID As Long th32DefaultHeapID As Long th32ModuleID As Long cntThreads As Long th32ParentProcessID As Long pcPriClassBase As Long dwFlags As Long szExeFile As String * 1024End Type Private Sub Form_Load()FujinchengEnd Sub Private Sub Fujincheng() '这个过程是检测父进程的父进程是否是EXPLORE的父进程Dim Process As PROCESSENTRY32Dim hSnapShot As LongDim XNN As LongDim flag As BooleanDim mName As StringDim i As IntegerDim pid As Long, explorer As Long '注意这2个变量就用来存放2个ID hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0&) '建立进程快照'搜索explorer.exe进程,并获得其ID If hSnapShot Then Process.dwSize = 1060 If (Process32First(hSnapShot, Process)) Then '遍历第一个进程,获得PROCESSENTRY32结构 Do i = InStr(1, Process.szExeFile, Chr(0)) '获得映像名称 mName = LCase(Left(Process.szExeFile, i - 1)) '并转换成小写 If mName = "explorer.exe" Then '是不是explorer.exe explorer = Process.th32ProcessID ElseIf mName = LCase(App.EXEName & ".exe") Then '是不是自己 pid = Process.th32ParentProcessID '获得父进程ID Else flag = False End If Loop Until (Process32Next(hSnapShot, Process) < 1) '遍历所有进程直到返回值为False End If XNN = CloseHandle(hSnapShot) End If Dim Openit As Long Openit = OpenProcess(1&, -1&, pid) If pid <> explorer Then MsgBox "发现父进程调试", , "警告": TerminateProcess Openit, 0 End Sub
正常的父进程可是windows的主进程哦:EXPLORE,,别搞错了:)
[解决办法]
收藏!
[解决办法]
收藏!
[解决办法]
收藏先....
[解决办法]
学习!!!
[解决办法]
学习中
[解决办法]
牛
[解决办法]
学习了
[解决办法]
老实说,我不认为有能力反编译代码的人会对我的程序有兴趣,按照他们的能力,写一个同样功能的程序不会比反编译我的程序更麻烦.
而且用UPX什么的对EXE做一下压缩再加密会更小更方便.
[解决办法]
支持一下
[解决办法]
牛
[解决办法]
VB6程序脱壳是最简单的。。。
[解决办法]
学习~
[解决办法]
我的程序都没几个人用呢,哪会有人破解- -!
[解决办法]
顶.......
[解决办法]
mark
[解决办法]
牛啊,支持!!
[解决办法]
学习
[解决办法]
非常好,大大地好!
[解决办法]
上有政策 下有对策....
[解决办法]
从LZ这篇文章学到了很多关于windows进程的知识。
谢谢。