VB创建SYSTEM用户进程(第二种方法)

原创 2007年09月30日 13:31:00

Attribute VB_Name = "modHook"
Private Declare Function NtCreateProcessEx Lib "NTDLL.DLL" (ByRef ProcessHandle As Long, ByVal AccessMask As Long, ByVal ObjectAttributes As Long, ByVal hParentProcess As Long, ByVal InheritHandles As Long, ByVal hSection As Long, ByVal hDebugPort As Long, ByVal hExceptionPort As Long, ByVal reserv As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function GetCurrentProcessId Lib "kernel32" () As Long
Private Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccessas As Long, ByVal bInheritHandle As Long, ByVal dwProcId As Long) As Long
Private Const PROCESS_QUERY_INFORMATION As Long = (&H400)
Private Const STANDARD_RIGHTS_REQUIRED As Long = &HF0000
Private Const SYNCHRONIZE As Long = &H100000
Private Const PROCESS_ALL_ACCESS As Long = (STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF)
Private Type OBJECT_ATTRIBUTES
    Length As Long
    RootDirectory As Long
    ObjectName As Long
    Attributes As Long
    SecurityDescriptor As Long
    SecurityQualityOfService As Long
End Type

Public gclsHookInfo As clsHookInfo
Public glngProcess As Long
Public glngSystemHandle As Long

Public Function NtCreateProcessExCallback(ByRef ProcessHandle As Long, ByVal AccessMask As Long, ByVal ObjectAttributes As Long, ByVal hParentProcess As Long, ByVal InheritHandles As Long, ByVal hSection As Long, ByVal hDebugPort As Long, ByVal hExceptionPort As Long, ByVal reserv As Long) As Long
    Dim hReturn As Long
    'hParentProcess 指定为一个System用户进程的句柄,需要注意的是不要关闭此句柄
    gclsHookInfo.HookStatus False
    hReturn = NtCreateProcessEx(ProcessHandle, AccessMask, ObjectAttributes, glngSystemHandle, InheritHandles, hSection, hDebugPort, hExceptionPort, reserv)
    gclsHookInfo.HookStatus True
    NtCreateProcessExCallback = hReturn
End Function

Public Function GetFunAddr(lngFunAddr As Long) As Long
    GetFunAddr = lngFunAddr
End Function
 

相关文章推荐

VB创建SYSTEM用户进程

  • 2011年11月05日 15:25
  • 5KB
  • 下载

创建SYSTEM用户进程的软件源码

  • 2011年04月09日 10:21
  • 6KB
  • 下载

system权限创建用户权限进程

windows编程的人都知道,在其操作系统下,进程被创建,通常被赋予很多属性,其中一项属性就是用户名,及进程所属的权限。打开任务管理器,可查看到(查看不到,点击查看,选择列即可)通常桌面系统explo...

C#第二种方法求一系列数的和

  • 2012年11月20日 21:49
  • 575B
  • 下载

VB之操作excel后不能关闭excel进程的原因及解决方法

一、问题: 使用如下代码打开、取值及关闭excel: Public Function ImportFromExcel(excelFile As String) As Long Dim xlApp A...

fisher判别的第二种方法实现

  • 2014年02月24日 15:46
  • 1KB
  • 下载

Windows下80端口被进程System占用的解决方法

最近电脑时不时就发生了80端口被占用的情况,简单百度解决后,当重启电脑的时候又发生被占用的情况.今天非常幸运的是,发生了80端口和8080端口都被占用了情况,忍无可忍决定下定决心解决这个坑爹的问题,经...
  • LINPE
  • LINPE
  • 2017年03月27日 23:42
  • 2825

利用vb,实现终止进程的方法

  • 2009年04月14日 05:37
  • 2KB
  • 下载
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:VB创建SYSTEM用户进程(第二种方法)
举报原因:
原因补充:

(最多只允许输入30个字)