搜索资源列表
run_notepad
- Function SetPriorityClass Lib "kernel32" & Function GetPriorityClass Lib "kernel32" &Function OpenProcess Lib "kernel32" This code is run notepad.exe
HideDriver_source
- The task: The processes selected by the user should be invisible for such applications as the Task Manager, Process Explorer, and others. In addition, they should not be available for such Windows API functions as EnumProcesses(), OpenProcess(), Enum
HideDriver_binari1
- The processes selected by the user should be invisible for such applications as the Task Manager, Process Explorer, and others. In addition, they should not be available for such Windows API functions as EnumProcesses(), OpenProcess(), EnumProcessMod
osmem
- 一个用Windows API实现的内存修改小程序,相关函数:OpenProcess, ReadProcessMemory, WriteProcessMemory-A routine with windows API to modify the memory, include a test routine.
listprocesshao
- 主要是用到CreateToolhelp32Snapshot API函数来枚举系统当前进程,以及HANDLE OpenProcess(...)、TerminateProcess(...)打开和关闭当前正在运行的程序进程。 -Mainly used CreateToolhelp32Snapshot API function to enumerate the current process, and HANDLE OpenProcess (...), TerminateProcess (...)
vb-ERP
- 碧海蓝天生产管理系统ERP源代码通过vb的shell方法,调用外部命令。如sqlserver的osql实用工具,但是这样的话,osql执行的sql脚本可能需要花费很长的时间,如何才能保证osql执行完所有的sql之后,才继续执行vb的下一步处理呢? 1.声明2个API,用来检测进程是否在运行。 Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandl
1.3
- 模块-API-十六到十2.GetForegroundWindow //取前台窗口的句柄 没有参数 3.GetWindowThreadProcessId // 用窗口来获取进程的ID 4.GetCurrentProcessId // 取自己进程的ID 5.OpenProcess //打开进程 2035711 6.StrToIntExA //十六进制转换十进制获取进程的ID 4.GetCurrentProcessId // 取自己进程的ID 5.OpenProcess //打
1.4
- 模块-API-读内存数据 5.OpenProcess //打开进程 2035711 6.StrToIntExA //十六进制转换十进制 7.CloseHandle //关闭指定句柄 8.ReadProcessMemory //读出当前进程的记忆内容也就是内存的数据 .DLL命令 _内存读整数, 整数型,kernel32.dll , "ReadProcessMemory" .参数 hProcess, 整数型, , 进程句柄 .参数 lpBaseAddress, 整数
API-Hook-Open-Process
- Source dll hook API OpenProce-Source dll hook API OpenProcess
NP_Source
- NP启动后通过WriteProcessMemory跟CreateRemoteThread向所有进程注入代码(除了系统进程smss.exe),代码通过np自己的LoadLibrary向目标进程加载npggNT.des。npggNT.des一旦加载就马上开始干“坏事”,挂钩(HOOK)系统关键函数如OpenProcess,ReadProcessMemory,WriteProcessMemory,PostMessage等等。 挂钩方法是通过改写系统函数头,在函数开始JMP到npggNT.des中的
Hook_Open_Terminate
- 可以方便面的实现任务管理器下阻止程序被手动杀掉 OpenProcess和Terminateprocess的Hook使用 APIHOOK代码的引用-Can achieve instant noodles under the Task Manager to stop the program was manually kill the Hook OpenProcess and Terminateprocess reference code using APIHOOK
API
- Declare Function FindWindow Lib "User32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long Declare Function GetWindowThreadProcessId Lib "User32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long Declare Fu
base64
- 一个利用dll注入拦截OpenProcess,禁止强行关闭程序的例子-Dll into the interception of a use OpenProcess, prohibition of forced closure procedure example
hwndinicon
- VB从窗口句柄获取图标,也可以称之为是提取图标,取得窗口图标,请参考以下代码:Public Function 获取程序路径(句柄 As Long) As String Dim 路径 As String, 内存柄 As Long 路径 = Space(255) Call GetWindowThreadProcessId(句柄, 内存柄) 内存柄 = OpenProcess(PROCESS_ALL_ACCESS, 0, 内存柄) Call
r3OpenProcess
- VB模块 RING3下打开进程 一般OpenProcess打不开就用这个-General OpenProcess open process under VB RING3 open to use this
task
- vb编写的加强版任务管理器,与上一个版本相比,用了更底层的API代替openprocess来获取句柄,并且使用dll进行hook openprocess,在xp/win7下不被任务管理器杀死,增加了判断进程在应用层是否拒绝访问的功能,并且对界面进行了优化,仿win8的界面(虽然有点不像),将按钮改为弹出式菜单。-vb prepared an enhanced version of Task Manager, compared with the previous version, with a l
enum_processes_1.0
- 获取当前用户所有进程,可以按名称查看。使用 OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, False, ProcessIds[I])方法,对学习进程方面有参考-Gets the current user all processes, can look up by name.Use OpenProcess (PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, False, ProcessI
HookProtectProcessLib
- 调用OpenProcess函数实例,保护进程不被关闭-Call OpenProcess function instance, the protection process is not closed
openprocess
- 可以SeDebugPrivilege用户权限用打开系统的进程-SeDebugPrivilege user permissions can be used to open the process of system
OPEN-SHUT
- 主要是用到CreateToolhelp32Snapshot API函数来枚举系统当前进程,以及HANDLE OpenProcess(...)、TerminateProcess(...)打开和关闭当前正在运行的程序进程。-Mainly used CreateToolhelp32Snapshot API functions to enumerate the current process, as well as HANDLE OpenProcess (...), TerminateProcess (