2007年12月_chenhui530

原创 VB PE导出/输入表演示(读文件版)

frmMain.fmVERSION 5.00Begin VB.Form frmMain BorderStyle = 1 Fixed Single Caption = "PE导出/输入表演示" ClientHeight = 5655 ClientLeft = 45 ClientTop = 435

2007-12-31 12:32:00 4662 4

原创 VB PE导出/输入表演示(文件影射版)

frmMain.fmOption ExplicitPrivate Declare Sub InitCommonControls Lib "comctl32.dll" ()Private Function IsArraryInitialize(strArray() As String) As Boolean On Error GoTo ErrHandle Dim i As Lon

2007-12-30 21:41:00 2107

原创 VB PE导出/输入表演示(进程版)

frmMain.frmOption ExplicitPrivate Declare Sub InitCommonControls Lib "comctl32.dll" ()Private Function IsArraryInitialize(strArray() As String) As Boolean On Error GoTo ErrHandle Dim i As Lo

2007-12-30 21:39:00 2535

原创 VC PE导出/输入表演示(进程版)

// GetProcessTable.cpp : Defines the entry point for the console application.//#include "stdafx.h"#include "windows.h"#include "stdio.h"typedef LONG NTSTATUS;#define STATUS_SUCCESS (0)#define NT_SUC

2007-12-30 18:06:00 1903

原创 VC PE导出/输入表演示(读文件版)

// GetPeTable.cpp : Defines the entry point for the console application.//#include "stdafx.h"#include "windows.h"#include "stdio.h"VOID PrintImportTable(LPSTR strPath);VOID PrintExportTable(LPSTR

2007-12-30 12:31:00 2300

原创 VC PE导出/输入表演示(文件影射版本)

此程序为VC版PE导出/输入表演示程序,大家可以体会一下VC与VB版的不同之处.// GetPeInfo.cpp : Defines the entry point for the console application.//#include "stdafx.h"#include "windows.h"#include "stdio.h"typedef PVOID(WINAPI *IM

2007-12-30 09:28:00 2890 1

原创 PE导出/输入表演示

本程序代码演示怎么遍历导出/输入表.下面是完整源码.frmMain.fmVERSION 5.00Begin VB.Form frmMain BorderStyle = 1 Fixed Single Caption = "PE导出/输入表演示" ClientHeight = 5655 ClientLeft = 45

2007-12-29 08:44:00 2362 2

原创获取QQ群用户列表

frmMain VERSION 5.00Begin VB.Form frmMain Caption = "Form1" ClientHeight = 3090 ClientLeft = 60 ClientTop = 450 ClientWidth = 4680 LinkTopic =

2007-12-20 19:44:00 5251 7

原创利用WMI轻松打造WINDOWS任务管理器

一些WMI应用技巧,其中有监视的创建终止监视等操作代码如下：Option Explicit显示XP风格函数Private Declare Sub InitCommonControls Lib "comctl32.dll" ()显示消息函数Private Declare Function MessageBox Lib "user32" Alias "MessageBoxA" (ByVal h

2007-12-14 12:53:00 2906 2

原创一个小技巧关于PrevInstance的

我们时常会看到某些软件有这样的功能.当程序已经运行的时候再运行这个程序程序会把以前运行的主界面显示在前台来.下面代码就是这个功能.VERSION 5.00Begin VB.Form frmMain Caption = "李小俊是个猪头" ClientHeight = 3195 ClientLeft = 60 ClientTop

2007-12-14 12:46:00 1725

原创 VB 卸载USB设备/解锁文件

这次索性贴完整源码,希望能对大家有所帮助.frmMain.frmVERSION 5.00Begin VB.Form frmMain BorderStyle = 1 Fixed Single Caption = "Usb卸载程序" ClientHeight = 2445 ClientLeft = 45 Clie

2007-12-13 12:40:00 13385 15

原创通过API HOOK 创建SYSTEM用户进程

clsHookInfo.clsVERSION 1.0 CLASSBEGIN MultiUse = -1 True Persistable = 0 NotPersistable DataBindingBehavior = 0 vbNone DataSourceBehavior = 0 vbNone MTSTransactionMode = 0 NotAn

2007-12-13 10:26:00 5612 10

原创获取进程命令行之三

Option ExplicitPrivate Type CLIENT_ID UniqueProcess As Long UniqueThread As LongEnd TypePrivate Const SYNCHRONIZE As Long = &H100000Private Const STANDARD_RIGHTS_REQUIRED As Long = &HF0000P

2007-12-11 13:32:00 1893

原创获取进程命令行之二

Option ExplicitPrivate Type CLIENT_ID UniqueProcess As Long UniqueThread As LongEnd TypePrivate Const SYNCHRONIZE As Long = &H100000Private Const STANDARD_RIGHTS_REQUIRED As Long = &HF000

2007-12-10 23:52:00 1900

原创获取进程命令行之一

Private Type CLIENT_ID UniqueProcess As Long UniqueThread As LongEnd TypePrivate Const SYNCHRONIZE As Long = &H100000Private Const STANDARD_RIGHTS_REQUIRED As Long = &HF0000Private Declar

2007-12-10 23:15:00 2377

原创获取进程用户

网上有个代码可以获取进程用户，但是当用户为非System和Admin用户的时候没发获取其进程用户。跟踪程序最后发现关键在Sid上后面查了相关API查了很久才发现WTSEnumerateProcesses可以获取，效率不是很高，希望能找到更好的获取进程sid的函数。 Private Type WTS_PROCESS_INFO SessionID As Long ProcessID

2007-12-10 23:09:00 3122 2

chenhui530的专栏