程序代码:
'打开winlogon进程
'------------------------------------
hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, hPId)
Debug.Assert hProcess
If hProcess Then
'------------------------------------
'初始注入代码
'------------------------------------
Call InitShellCode
'------------------------------------
'远端进程分配内存
'------------------------------------
lRemoteAddr = VirtualAllocEx(hProcess, 0, SHELL_CODE_LENGTH, MEM_COMMIT, PAGE_EXECUTE_READWRITE)
Debug.Assert lRemoteAddr
'------------------------------------
'写入 shell 代码
'------------------------------------
If lRemoteAddr Then
InsertAsmCode = WriteProcessMemory(hProcess, lRemoteAddr, mlShellCode(0), SHELL_CODE_LENGTH, 0)
Else
Exit Function
End If
'------------------------------------
'创建远程线程
'------------------------------------
hRemoteThread = CreateRemoteThread(hProcess, 0, 0, lRemoteAddr + SHELL_FUNCOFFSET, 0, 0, hRemoteThreadID)
Debug.Assert hRemoteThread
If hRemoteThread Then Call CloseHandle(hRemoteThread)
'------------------------------------
'等待远程线程执行完毕并取回结果信息
'------------------------------------
Do
If ReadProcessMemory(hProcess, lRemoteAddr, lDbResult(0), 8, lResult) = 1 Then
If lDbResult(0) = 0 Then
InsertAsmCode = lDbResult(1)
Exit Do
End If
Else
Debug.Assert False
End If
Loop
'------------------------------------
'释放远端进程内存
'------------------------------------
Call VirtualFreeEx(hProcess, lRemoteAddr, SHELL_CODE_LENGTH, MEM_DECOMMIT)
End If
End Function
'============================================
' 初始线程代码
'============================================
Private Function InitShellCode() As Long
Const kernel32 As String = "kernel32.dll"
Dim hDll As Long
'------------------------------------
'提取注入代码所需的API函数
'------------------------------------
hDll = LoadLibrary(StrPtr(kernel32)):
Debug.Assert hDll
mlShellCode(0) = GetProcAddress(hDll, "LoadLibraryW")
mlShellCode(1) = GetProcAddress(hDll, "GetProcAddress")
Call FreeLibrary(hDll)
'---------------------------
' 以下代码由 MASM32 产生
mlShellCode(2) = &H690057
mlShellCode(3) = &H6C006E
mlShellCode(4) = &H67006F
mlShellCode(5) = &H6E006F
mlShellCode(6) = &H0&
mlShellCode(7) = &H0&
mlShellCode(8) = &H0&
mlShellCode(9) = &HE8530000
mlShellCode(10) = &H0&
mlShellCode(11) = &H3CEB815B
mlShellCode(12) = &HE8004010
mlShellCode(13) = &H278&
mlShellCode(14) = &H1018938D
mlShellCode(15) = &HFF520040
mlShellCode(16) = &H40103293
mlShellCode(17) = &H75C00B00
mlShellCode(18) = &H682C&
mlShellCode(19) = &H6A0200
mlShellCode(20) = &H938D006A
mlShellCode(21) = &H401018
mlShellCode(22) = &H2A93FF52
mlShellCode(23) = &HB004010
mlShellCode(24) = &H6A1A74C0
mlShellCode(25) = &H42938D00
mlShellCode(26) = &H52004011
mlShellCode(27) = &H2E93FF50
mlShellCode(28) = &HEB004010
mlShellCode(29) = &H89C03308
mlShellCode(30) = &H40101483
mlShellCode(31) = &H89C03300
mlShellCode(32) = &H40101083
mlShellCode(33) = &HC35B00
mlShellCode(34) = &H0&
mlShellCode(35) = &H0&
mlShellCode(36) = &H0&
mlShellCode(37) = &H48000000
mlShellCode(38) = &H6F006F00
mlShellCode(39) = &H53006B00
mlShellCode(40) = &H73007900
mlShellCode(41) = &H65004B00
mlShellCode(42) = &H7900&
mlShellCode(43) = &HEC8B5500
mlShellCode(44) = &HE853&
mlShellCode(45) = &H815B0000
mlShellCode(46) = &H4010C6EB
mlShellCode(47) = &HC7D8100
mlShellCode(48) = &H312&
mlShellCode(49) = &H838D1975
mlShellCode(50) = &H4010A7
mlShellCode(51) = &HA393FF50
mlShellCode(52) = &HB004010
mlShellCode(53) = &H330874C0
mlShellCode(54) = &HC95B40C0
mlShellCode(55) = &HFF0010C2
mlShellCode(56) = &H75FF1475
mlShellCode(57) = &HC75FF10
mlShellCode(58) = &HFF0875FF
mlShellCode(59) = &H401097B3
mlShellCode(60) = &H9F93FF00
mlShellCode(61) = &H5B004010
mlShellCode(62) = &H10C2C9
mlShellCode(63) = &H0&
mlShellCode(64) = &H0&
mlShellCode(65) = &H0&
mlShellCode(66) = &H0&
mlShellCode(67) = &H0&
mlShellCode(68) = &H0&
mlShellCode(69) = &H0&
mlShellCode(70) = &H0&
mlShellCode(71) = &H410053
mlShellCode(72) = &H200053
mlShellCode(73) = &H690077
mlShellCode(74) = &H64006E
mlShellCode(75) = &H77006F
mlShellCode(76) = &H8B550000
mlShellCode(77) = &HF8C481EC
mlShellCode(78) = &H53FFFFFD
mlShellCode(79) = &HE857&
mlShellCode(80) = &H815B0000
mlShellCode(81) = &H401152EB
mlShellCode(82) = &H1046800
mlShellCode(83) = &H858D0000
mlShellCode(84) = &HFFFFFDF8
mlShellCode(85) = &H875FF50
mlShellCode(86) = &H111893FF
mlShellCode(87) = &H858D0040
mlShellCode(88) = &HFFFFFDF8
mlShellCode(89) = &H2C938D50
mlShellCode(90) = &H52004011
mlShellCode(91) = &H111493FF
mlShellCode(92) = &HC00B0040
mlShellCode(93) = &H75686275
mlShellCode(94) = &H6A000000
mlShellCode(95) = &H2893FF00
mlShellCode(96) = &HB004011
mlShellCode(97) = &H8B4374C0
mlShellCode(98) = &H75B960F8
mlShellCode(99) = &H8D000000
mlShellCode(100) = &H401097B3
mlShellCode(101) = &H61A4F300
mlShellCode(102) = &H75FFFC6A
mlShellCode(103) = &H1C93FF08
mlShellCode(104) = &H89004011
mlShellCode(105) = &H18938D07
mlShellCode(106) = &H52004010
mlShellCode(107) = &H111093FF
mlShellCode(108) = &HD78B0040
mlShellCode(109) = &H26C281
mlShellCode(110) = &H6A520000
mlShellCode(111) = &H875FFFC
mlShellCode(112) = &H112093FF
mlShellCode(113) = &HC0330040
mlShellCode(114) = &H93FF06EB
mlShellCode(115) = &H401124
mlShellCode(116) = &H10148389
mlShellCode(117) = &H3EB0040
mlShellCode(118) = &H5F40C033
mlShellCode(119) = &H8C2C95B
mlShellCode(120) = &H65006B00
mlShellCode(121) = &H6E007200
mlShellCode(122) = &H6C006500
mlShellCode(123) = &H32003300
mlShellCode(124) = &H64002E00
mlShellCode(125) = &H6C006C00
mlShellCode(126) = &H75000000
mlShellCode(127) = &H65007300
mlShellCode(128) = &H33007200
mlShellCode(129) = &H2E003200
mlShellCode(130) = &H6C006400
mlShellCode(131) = &H6C00&
mlShellCode(132) = &H6F6C4700
mlShellCode(133) = &H466C6162
mlShellCode(134) = &H41646E69
mlShellCode(135) = &H576D6F74
mlShellCode(136) = &H6F6C4700
mlShellCode(137) = &H416C6162
mlShellCode(138) = &H74416464
mlShellCode(139) = &H576D6F
mlShellCode(140) = &H7274736C
mlShellCode(141) = &H69706D63
mlShellCode(142) = &H6C470057
mlShellCode(143) = &H6C61626F
mlShellCode(144) = &H6F6C6C41
mlShellCode(145) = &H65470063
mlShellCode(146) = &H73614C74
mlShellCode(147) = &H72724574
mlShellCode(148) = &H4F00726F
mlShellCode(149) = &H446E6570
mlShellCode(150) = &H746B7365
mlShellCode(151) = &H57706F
mlShellCode(152) = &H6D756E45
mlShellCode(153) = &H6B736544
mlShellCode(154) = &H57706F74
mlShellCode(155) = &H6F646E69
mlShellCode(156) = &H47007377
mlShellCode(157) = &H69577465
mlShellCode(158) = &H776F646E
mlShellCode(159) = &H74786554
mlShellCode(160) = &H65470057
mlShellCode(161) = &H6E695774
mlShellCode(162) = &H4C776F64
mlShellCode(163) = &H57676E6F
mlShellCode(164) = &H74655300
mlShellCode(165) = &H646E6957
mlShellCode(166) = &H6F4C776F
mlShellCode(167) = &H57676E
mlShellCode(168) = &H6C6C6143
mlShellCode(169) = &H646E6957
mlShellCode(170) = &H7250776F
mlShellCode(171) = &H57636F
mlShellCode(172) = &HE860&
mlShellCode(173) = &H815B0000
mlShellCode(174) = &H4012C6EB
mlShellCode(175) = &HF1838D00
mlShellCode(176) = &H50004011
mlShellCode(177) = &H101093FF
mlShellCode(178) = &HF88B0040
mlShellCode(179) = &H124A838D
mlShellCode(180) = &H57500040
mlShellCode(181) = &H101493FF
mlShellCode(182) = &H83890040
mlShellCode(183) = &H401128
mlShellCode(184) = &H1256838D
mlShellCode(185) = &H57500040
mlShellCode(186) = &H101493FF
mlShellCode(187) = &H83890040
mlShellCode(188) = &H401124
mlShellCode(189) = &H1231838D
mlShellCode(190) = &H57500040
mlShellCode(191) = &H101493FF
mlShellCode(192) = &H83890040
mlShellCode(193) = &H401110
mlShellCode(194) = &H1221838D
mlShellCode(195) = &H57500040
mlShellCode(196) = &H101493FF
mlShellCode(197) = &H83890040
mlShellCode(198) = &H4010A3
mlShellCode(199) = &H10328389
mlShellCode(200) = &H838D0040
mlShellCode(201) = &H401240
mlShellCode(202) = &H93FF5750
mlShellCode(203) = &H401014
mlShellCode(204) = &H11148389
mlShellCode(205) = &H838D0040
mlShellCode(206) = &H40120B
mlShellCode(207) = &H1093FF50
mlShellCode(208) = &H8B004010
mlShellCode(209) = &H63838DF8
mlShellCode(210) = &H50004012
mlShellCode(211) = &H1493FF57
mlShellCode(212) = &H89004010
mlShellCode(213) = &H40102A83
mlShellCode(214) = &H70838D00
mlShellCode(215) = &H50004012
mlShellCode(216) = &H1493FF57
mlShellCode(217) = &H89004010
mlShellCode(218) = &H40102E83
mlShellCode(219) = &H83838D00
mlShellCode(220) = &H50004012
mlShellCode(221) = &H1493FF57
mlShellCode(222) = &H89004010
mlShellCode(223) = &H40111883
mlShellCode(224) = &H92838D00
mlShellCode(225) = &H50004012
mlShellCode(226) = &H1493FF57
mlShellCode(227) = &H89004010
mlShellCode(228) = &H40111C83
mlShellCode(229) = &HA1838D00
mlShellCode(230) = &H50004012
mlShellCode(231) = &H1493FF57
mlShellCode(232) = &H89004010
mlShellCode(233) = &H40112083
mlShellCode(234) = &HB0838D00
mlShellCode(235) = &H50004012
mlShellCode(236) = &H1493FF57
mlShellCode(237) = &H89004010
mlShellCode(238) = &H40109F83
mlShellCode(239) = &H90C36100
End Function
'-------------------------------------------
' 根据可执行文件的名称取回进程ID
' 参数:可执行文件名(含扩展名)
' 返回:进程ID。0表示无
'-------------------------------------------
Private Function GetProcessIdFromName(ByVal sName As String) As Long
Dim hSnapshot As Long
Dim lpPE As PROCESSENTRY32W
Dim lpWinlogon As Long
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
Debug.Assert hSnapshot
lpPE.dwSize = Len(lpPE)
If Process32First(hSnapshot, lpPE) Then
lpWinlogon = StrPtr(sName)
Do
If lstrcmpi(lpPE.szExeFile(1), lpWinlogon) = 0 Then
GetProcessIdFromName = lpPE.h32ProcessID
Exit Do
End If
If Process32Next(hSnapshot, lpPE) = 0 Then Exit Do
Loop
End If
Call CloseHandle(hSnapshot)
End Function
'------------------------------------
hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, hPId)
Debug.Assert hProcess
If hProcess Then
'------------------------------------
'初始注入代码
'------------------------------------
Call InitShellCode
'------------------------------------
'远端进程分配内存
'------------------------------------
lRemoteAddr = VirtualAllocEx(hProcess, 0, SHELL_CODE_LENGTH, MEM_COMMIT, PAGE_EXECUTE_READWRITE)
Debug.Assert lRemoteAddr
'------------------------------------
'写入 shell 代码
'------------------------------------
If lRemoteAddr Then
InsertAsmCode = WriteProcessMemory(hProcess, lRemoteAddr, mlShellCode(0), SHELL_CODE_LENGTH, 0)
Else
Exit Function
End If
'------------------------------------
'创建远程线程
'------------------------------------
hRemoteThread = CreateRemoteThread(hProcess, 0, 0, lRemoteAddr + SHELL_FUNCOFFSET, 0, 0, hRemoteThreadID)
Debug.Assert hRemoteThread
If hRemoteThread Then Call CloseHandle(hRemoteThread)
'------------------------------------
'等待远程线程执行完毕并取回结果信息
'------------------------------------
Do
If ReadProcessMemory(hProcess, lRemoteAddr, lDbResult(0), 8, lResult) = 1 Then
If lDbResult(0) = 0 Then
InsertAsmCode = lDbResult(1)
Exit Do
End If
Else
Debug.Assert False
End If
Loop
'------------------------------------
'释放远端进程内存
'------------------------------------
Call VirtualFreeEx(hProcess, lRemoteAddr, SHELL_CODE_LENGTH, MEM_DECOMMIT)
End If
End Function
'============================================
' 初始线程代码
'============================================
Private Function InitShellCode() As Long
Const kernel32 As String = "kernel32.dll"
Dim hDll As Long
'------------------------------------
'提取注入代码所需的API函数
'------------------------------------
hDll = LoadLibrary(StrPtr(kernel32)):
Debug.Assert hDll
mlShellCode(0) = GetProcAddress(hDll, "LoadLibraryW")
mlShellCode(1) = GetProcAddress(hDll, "GetProcAddress")
Call FreeLibrary(hDll)
'---------------------------
' 以下代码由 MASM32 产生
mlShellCode(2) = &H690057
mlShellCode(3) = &H6C006E
mlShellCode(4) = &H67006F
mlShellCode(5) = &H6E006F
mlShellCode(6) = &H0&
mlShellCode(7) = &H0&
mlShellCode(8) = &H0&
mlShellCode(9) = &HE8530000
mlShellCode(10) = &H0&
mlShellCode(11) = &H3CEB815B
mlShellCode(12) = &HE8004010
mlShellCode(13) = &H278&
mlShellCode(14) = &H1018938D
mlShellCode(15) = &HFF520040
mlShellCode(16) = &H40103293
mlShellCode(17) = &H75C00B00
mlShellCode(18) = &H682C&
mlShellCode(19) = &H6A0200
mlShellCode(20) = &H938D006A
mlShellCode(21) = &H401018
mlShellCode(22) = &H2A93FF52
mlShellCode(23) = &HB004010
mlShellCode(24) = &H6A1A74C0
mlShellCode(25) = &H42938D00
mlShellCode(26) = &H52004011
mlShellCode(27) = &H2E93FF50
mlShellCode(28) = &HEB004010
mlShellCode(29) = &H89C03308
mlShellCode(30) = &H40101483
mlShellCode(31) = &H89C03300
mlShellCode(32) = &H40101083
mlShellCode(33) = &HC35B00
mlShellCode(34) = &H0&
mlShellCode(35) = &H0&
mlShellCode(36) = &H0&
mlShellCode(37) = &H48000000
mlShellCode(38) = &H6F006F00
mlShellCode(39) = &H53006B00
mlShellCode(40) = &H73007900
mlShellCode(41) = &H65004B00
mlShellCode(42) = &H7900&
mlShellCode(43) = &HEC8B5500
mlShellCode(44) = &HE853&
mlShellCode(45) = &H815B0000
mlShellCode(46) = &H4010C6EB
mlShellCode(47) = &HC7D8100
mlShellCode(48) = &H312&
mlShellCode(49) = &H838D1975
mlShellCode(50) = &H4010A7
mlShellCode(51) = &HA393FF50
mlShellCode(52) = &HB004010
mlShellCode(53) = &H330874C0
mlShellCode(54) = &HC95B40C0
mlShellCode(55) = &HFF0010C2
mlShellCode(56) = &H75FF1475
mlShellCode(57) = &HC75FF10
mlShellCode(58) = &HFF0875FF
mlShellCode(59) = &H401097B3
mlShellCode(60) = &H9F93FF00
mlShellCode(61) = &H5B004010
mlShellCode(62) = &H10C2C9
mlShellCode(63) = &H0&
mlShellCode(64) = &H0&
mlShellCode(65) = &H0&
mlShellCode(66) = &H0&
mlShellCode(67) = &H0&
mlShellCode(68) = &H0&
mlShellCode(69) = &H0&
mlShellCode(70) = &H0&
mlShellCode(71) = &H410053
mlShellCode(72) = &H200053
mlShellCode(73) = &H690077
mlShellCode(74) = &H64006E
mlShellCode(75) = &H77006F
mlShellCode(76) = &H8B550000
mlShellCode(77) = &HF8C481EC
mlShellCode(78) = &H53FFFFFD
mlShellCode(79) = &HE857&
mlShellCode(80) = &H815B0000
mlShellCode(81) = &H401152EB
mlShellCode(82) = &H1046800
mlShellCode(83) = &H858D0000
mlShellCode(84) = &HFFFFFDF8
mlShellCode(85) = &H875FF50
mlShellCode(86) = &H111893FF
mlShellCode(87) = &H858D0040
mlShellCode(88) = &HFFFFFDF8
mlShellCode(89) = &H2C938D50
mlShellCode(90) = &H52004011
mlShellCode(91) = &H111493FF
mlShellCode(92) = &HC00B0040
mlShellCode(93) = &H75686275
mlShellCode(94) = &H6A000000
mlShellCode(95) = &H2893FF00
mlShellCode(96) = &HB004011
mlShellCode(97) = &H8B4374C0
mlShellCode(98) = &H75B960F8
mlShellCode(99) = &H8D000000
mlShellCode(100) = &H401097B3
mlShellCode(101) = &H61A4F300
mlShellCode(102) = &H75FFFC6A
mlShellCode(103) = &H1C93FF08
mlShellCode(104) = &H89004011
mlShellCode(105) = &H18938D07
mlShellCode(106) = &H52004010
mlShellCode(107) = &H111093FF
mlShellCode(108) = &HD78B0040
mlShellCode(109) = &H26C281
mlShellCode(110) = &H6A520000
mlShellCode(111) = &H875FFFC
mlShellCode(112) = &H112093FF
mlShellCode(113) = &HC0330040
mlShellCode(114) = &H93FF06EB
mlShellCode(115) = &H401124
mlShellCode(116) = &H10148389
mlShellCode(117) = &H3EB0040
mlShellCode(118) = &H5F40C033
mlShellCode(119) = &H8C2C95B
mlShellCode(120) = &H65006B00
mlShellCode(121) = &H6E007200
mlShellCode(122) = &H6C006500
mlShellCode(123) = &H32003300
mlShellCode(124) = &H64002E00
mlShellCode(125) = &H6C006C00
mlShellCode(126) = &H75000000
mlShellCode(127) = &H65007300
mlShellCode(128) = &H33007200
mlShellCode(129) = &H2E003200
mlShellCode(130) = &H6C006400
mlShellCode(131) = &H6C00&
mlShellCode(132) = &H6F6C4700
mlShellCode(133) = &H466C6162
mlShellCode(134) = &H41646E69
mlShellCode(135) = &H576D6F74
mlShellCode(136) = &H6F6C4700
mlShellCode(137) = &H416C6162
mlShellCode(138) = &H74416464
mlShellCode(139) = &H576D6F
mlShellCode(140) = &H7274736C
mlShellCode(141) = &H69706D63
mlShellCode(142) = &H6C470057
mlShellCode(143) = &H6C61626F
mlShellCode(144) = &H6F6C6C41
mlShellCode(145) = &H65470063
mlShellCode(146) = &H73614C74
mlShellCode(147) = &H72724574
mlShellCode(148) = &H4F00726F
mlShellCode(149) = &H446E6570
mlShellCode(150) = &H746B7365
mlShellCode(151) = &H57706F
mlShellCode(152) = &H6D756E45
mlShellCode(153) = &H6B736544
mlShellCode(154) = &H57706F74
mlShellCode(155) = &H6F646E69
mlShellCode(156) = &H47007377
mlShellCode(157) = &H69577465
mlShellCode(158) = &H776F646E
mlShellCode(159) = &H74786554
mlShellCode(160) = &H65470057
mlShellCode(161) = &H6E695774
mlShellCode(162) = &H4C776F64
mlShellCode(163) = &H57676E6F
mlShellCode(164) = &H74655300
mlShellCode(165) = &H646E6957
mlShellCode(166) = &H6F4C776F
mlShellCode(167) = &H57676E
mlShellCode(168) = &H6C6C6143
mlShellCode(169) = &H646E6957
mlShellCode(170) = &H7250776F
mlShellCode(171) = &H57636F
mlShellCode(172) = &HE860&
mlShellCode(173) = &H815B0000
mlShellCode(174) = &H4012C6EB
mlShellCode(175) = &HF1838D00
mlShellCode(176) = &H50004011
mlShellCode(177) = &H101093FF
mlShellCode(178) = &HF88B0040
mlShellCode(179) = &H124A838D
mlShellCode(180) = &H57500040
mlShellCode(181) = &H101493FF
mlShellCode(182) = &H83890040
mlShellCode(183) = &H401128
mlShellCode(184) = &H1256838D
mlShellCode(185) = &H57500040
mlShellCode(186) = &H101493FF
mlShellCode(187) = &H83890040
mlShellCode(188) = &H401124
mlShellCode(189) = &H1231838D
mlShellCode(190) = &H57500040
mlShellCode(191) = &H101493FF
mlShellCode(192) = &H83890040
mlShellCode(193) = &H401110
mlShellCode(194) = &H1221838D
mlShellCode(195) = &H57500040
mlShellCode(196) = &H101493FF
mlShellCode(197) = &H83890040
mlShellCode(198) = &H4010A3
mlShellCode(199) = &H10328389
mlShellCode(200) = &H838D0040
mlShellCode(201) = &H401240
mlShellCode(202) = &H93FF5750
mlShellCode(203) = &H401014
mlShellCode(204) = &H11148389
mlShellCode(205) = &H838D0040
mlShellCode(206) = &H40120B
mlShellCode(207) = &H1093FF50
mlShellCode(208) = &H8B004010
mlShellCode(209) = &H63838DF8
mlShellCode(210) = &H50004012
mlShellCode(211) = &H1493FF57
mlShellCode(212) = &H89004010
mlShellCode(213) = &H40102A83
mlShellCode(214) = &H70838D00
mlShellCode(215) = &H50004012
mlShellCode(216) = &H1493FF57
mlShellCode(217) = &H89004010
mlShellCode(218) = &H40102E83
mlShellCode(219) = &H83838D00
mlShellCode(220) = &H50004012
mlShellCode(221) = &H1493FF57
mlShellCode(222) = &H89004010
mlShellCode(223) = &H40111883
mlShellCode(224) = &H92838D00
mlShellCode(225) = &H50004012
mlShellCode(226) = &H1493FF57
mlShellCode(227) = &H89004010
mlShellCode(228) = &H40111C83
mlShellCode(229) = &HA1838D00
mlShellCode(230) = &H50004012
mlShellCode(231) = &H1493FF57
mlShellCode(232) = &H89004010
mlShellCode(233) = &H40112083
mlShellCode(234) = &HB0838D00
mlShellCode(235) = &H50004012
mlShellCode(236) = &H1493FF57
mlShellCode(237) = &H89004010
mlShellCode(238) = &H40109F83
mlShellCode(239) = &H90C36100
End Function
'-------------------------------------------
' 根据可执行文件的名称取回进程ID
' 参数:可执行文件名(含扩展名)
' 返回:进程ID。0表示无
'-------------------------------------------
Private Function GetProcessIdFromName(ByVal sName As String) As Long
Dim hSnapshot As Long
Dim lpPE As PROCESSENTRY32W
Dim lpWinlogon As Long
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
Debug.Assert hSnapshot
lpPE.dwSize = Len(lpPE)
If Process32First(hSnapshot, lpPE) Then
lpWinlogon = StrPtr(sName)
Do
If lstrcmpi(lpPE.szExeFile(1), lpWinlogon) = 0 Then
GetProcessIdFromName = lpPE.h32ProcessID
Exit Do
End If
If Process32Next(hSnapshot, lpPE) = 0 Then Exit Do
Loop
End If
Call CloseHandle(hSnapshot)
End Function
摘 自:http://hi.baidu.com/starwork/blog/item/609ea12b4b5d7efbe6cd4086.html
VB部分相关文章推荐
※VB禁止使用 Alt-Tab 或 Ctrl-Alt-Del
※VB控件注册 - 利用资源文件将dll、ocx打包进exe文件
※VB:设定 MsgBox 在若干时间之后若无回应则自动关闭
※VB:读取及设定NumLock/CapsLock/ScrollLock的值
※ 在vb中使用Iphlpapi.dll获取网络信息(下) 更多精彩 >>>
扫一扫
1460
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
