VB实现“木马”式隐形运行程序
|
程序隐形的原理 对于一个隐形程序而言,最基本的要求是: 1. 不在桌面出现界面; 2. 不在任务栏出现图标; 3. 程序名从任务管理器名单中消失。 Public Declare Function GetCurrentProcessId Lib “kernel32” () As Long 设置Form1的属性: form1.Visible=False Private Declare Function GetDriveType Lib “kernel32” Alias “GetDriveTypeA” (ByVal nDrive As String) As Long ’获得当前驱动器类型函数的声明 Private Declare Function GetVolumeInformation Lib “kernel32” Alias “GetVolumeInformationA” (ByVal lpRootPathName As String,ByVal lpVolumeNameBuffer As String,ByVal nVolumeNameSize As Long,lpVolumeSerialNumber As Long,lpMaximumComponentLength As Long,lpFileSystemFlags As Long,ByVal lpFileSystemNameBuffer As String,ByVal nFileSystemNameSize As Long) As Long ’获得当前驱动器信息函数的声明 Private Sub Form_Load() Dim drive_no As Long,drive_flag As Long Dim drive_chr As String,drive_disk As String Dim serial_no As Long,kkk As Long Dim stemp3 As String,dflag As Boolean Dim strlabel As String,strtype As String,strc As Long RegisterServiceProcess GetCurrentProcessId,1 ’ 从系统中取消当前进程 strlabel = String(255,Chr(0)) strtype = String(255,Chr(0)) stemp3 = “172498135” ’这是作者C盘的序列号(十进制),读者可根据自己情况更改。 dflag = False For drive_no = 0 To 25 drive_disk = Chr(drive_no + 67) drive_chr = drive_disk & “:/” drive_flag = GetDriveType(drive_chr) If drive_flag = 3 Then kkk = GetVolumeInformation(drive_chr,strlabel,Len(strlabel),serial_no,strtype,Len(strtype)) ’通过GetVolumeInformation获得磁盘序列号 Select Case drive_no Case 0 strc = serial_no End Select If serial_no = stemp3 Then dflag = True Exit For End If End If Next drive_no If drive_no = 26 And dflag = False Then ’非法用户 GoTo err: End If MsgBox (“HI,合法用户!”) Exit Sub err: MsgBox (“错误!你的C:盘ID号是” & strc) End Sub Private Sub Form_Unload(Cancel As Integer) RegisterServiceProcess GetCurrentProcessId,0 ’从系统中取消当前程序的进程 End Sub (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |