锁屏

显示全部楼层 · 发表于 2014-8-5 13:22:37

本帖最后由深山红叶__ 于 2014-8-5 13:33 编辑

Qutianshang 发表于 2014-8-5 11:50
修改版的 @深山红叶__ http://wangyinzhou.cn/thread-59-1-1.html

无意义，去掉键盘鼠标钩子后没意思。
说过了是小学生“加密”，毫无研究价值。

ps 天气太热了，说话冲，见谅。

显示全部楼层 · 发表于 2014-8-5 13:34:41

XywCloud 发表于 2014-8-5 10:01
你应该怪巨硬

智硬一时…

显示全部楼层 · 发表于 2014-8-5 13:50:39

过了sophos

显示全部楼层 · 发表于 2014-8-5 14:46:52

深山红叶__ 发表于 2014-8-5 13:34
智硬一时…

巨硬硬了很久了

显示全部楼层 · 发表于 2014-8-5 14:57:00

好压KILL

EAV4.2和火绒扫描MISS

显示全部楼层 · 发表于 2014-8-5 15:21:36

Hello,

Thank you for your patience.
The analysis of the file / website has been completed:

The sample is infected. And will be detected after the next update.

File exe declared INFECTED

Please do not hesitate to contact us should you have any other inquiries in the future.

Have a great day.

Best regards,
Cristina POTERASU
Bitdefender Partner Technical Support Specialist

显示全部楼层 · 发表于 2014-8-5 15:23:22

火绒不报,费尔高启发没报,费尔云鉴定没报

显示全部楼层 · 发表于 2014-8-5 15:30:08

1.未降低进程为普通进程前关闭进程将蓝屏
求知识

，求

显示全部楼层 · 发表于 2014-8-5 15:51:13

熊猫烧书发表于 2014-8-5 15:30
1.未降低进程为普通进程前关闭进程将蓝屏
求知识，求

好的，由于是未公开api，这个东西我也查了许久，上电脑后我会给出完整的vb实例。

显示全部楼层 · 发表于 2014-8-5 16:47:51

本帖最后由深山红叶__ 于 2014-8-5 16:49 编辑

熊猫烧书发表于 2014-8-5 15:30
1.未降低进程为普通进程前关闭进程将蓝屏
求知识，求

Private Declare Function RtlAdjustPrivilege Lib "ntdll.dll" (ByVal Privilege As Long, ByVal Enable As Long, ByVal CurrentThread As Long, Enabled As Long) As Long
Private Declare Function NtSetInformationProcess Lib "NTDLL.DLL" (ByVal ProcessHandle As Long, ByVal ProcessInformationClass As Long, ByRef ProcessInformation As Any, ByVal lProcessInformationLength As Long) As Long
Const ProcessBreakOnTermination = 29
Private Sub Form_Load()
Call RtlAdjustPrivilege(&H14, 1, 0, 0)'获取14号权限令牌
Call NtSetInformationProcess (-1, ProcessBreakOnTermination, 1&, 4)'提升进程为关键进程
End Sub
Private Sub Form_Unload(Cancel As Integer)
Call NtSetInformationProcess (-1, ProcessBreakOnTermination, 0&, 4)'降低进程为普通进程
End Sub

复制代码

[病毒样本] 锁屏