VC隐藏进程资料

《VC隐藏进程资料》由会员上传分享，免费在线阅读，更多相关内容在工程资料-天天文库。

1、头文件：////////////////////////////////////////HideProcess.hBOOLHideProcess();CPP源文件：///////////////////////////////////////////////////////////////////////////////HideProcess.cpp#include#include#include#include"HideProcess.h"#defineNT_SUCCESS(Status)((NTSTATUS)(Sta

2、tus)>=0)#defineSTATUS_INFO_LENGTH_MISMATCH((NTSTATUS)0xC0000004L)#defineSTATUS_ACCESS_DENIED((NTSTATUS)0xC0000022L)typedefLONGNTSTATUS;typedefstruct_IO_STATUS_BLOCK{NTSTATUSStatus;ULONGInformation;}IO_STATUS_BLOCK,*PIO_STATUS_BLOCK;typedefstruct_UNICODE_STRING{USHORTLength;USHORTMaximumLength;P

3、WSTRBuffer;}UNICODE_STRING,*PUNICODE_STRING;#defineOBJ_INHERIT0x00000002L#defineOBJ_PERMANENT0x00000010L#defineOBJ_EXCLUSIVE0x00000020L#defineOBJ_CASE_INSENSITIVE0x00000040L#defineOBJ_OPENIF0x00000080L#defineOBJ_OPENLINK0x00000100L#defineOBJ_KERNEL_HANDLE0x00000200L#defineOBJ_VALID_ATTRIBUTES0x

4、000003F2Ltypedefstruct_OBJECT_ATTRIBUTES{ULONGLength;HANDLERootDirectory;PUNICODE_STRINGObjectName;ULONGAttributes;PVOIDSecurityDescriptor;PVOIDSecurityQualityOfService;}OBJECT_ATTRIBUTES,*POBJECT_ATTRIBUTES;typedefNTSTATUS(CALLBACK*ZWOPENSECTION)(OUTPHANDLESectionHandle,INACCESS_MASKDesiredAcc

5、ess,INPOBJECT_ATTRIBUTESObjectAttributes);typedefVOID(CALLBACK*RTLINITUNICODESTRING)(INOUTPUNICODE_STRINGDestinationString,INPCWSTRSourceString);RTLINITUNICODESTRINGRtlInitUnicodeString;ZWOPENSECTIONZwOpenSection;HMODULEg_hNtDLL=NULL;PVOIDg_pMapPhysicalMemory=NULL;HANDLEg_hMPM=NULL;OSVERSIONINF

6、Og_osvi;//---------------------------------------------------------------------------BOOLInitNTDLL(){g_hNtDLL=LoadLibrary("ntdll.dll");if(NULL==g_hNtDLL)returnFALSE;RtlInitUnicodeString=(RTLINITUNICODESTRING)GetProcAddress(g_hNtDLL,"RtlInitUnicodeString");ZwOpenSection=(ZWOPENSECTION)GetProcAdd

7、ress(g_hNtDLL,"ZwOpenSection");returnTRUE;}//---------------------------------------------------------------------------VOIDCloseNTDLL(){if(NULL!=g_hNtDLL)FreeLibrary(g_hNtDLL);g_hNtDLL=NULL;}//------------------------------------