搜索
查看: 1216|回复: 4
收起左侧

[技术原创] 用vb反File_Analysis

[复制链接]
ZNKZZ.
发表于 2018-10-28 10:33:24 | 显示全部楼层 |阅读模式
本帖最后由 ZNKZZ. 于 2018-11-3 08:01 编辑

  1. Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal dwFlags As Long, ByVal th32ProcessID As Long) As Long
  2. Private Declare Function Process32First Lib "kernel32" (ByVal hSnapShot As Long, lppe As PROCESSENTRY32) As Long
  3. Private Declare Function Process32Next Lib "kernel32" (ByVal hSnapShot As Long, lppe As PROCESSENTRY32) As Long
  4. Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
  5. Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal blnheritHandle As Long, ByVal dwAppProcessId As Long) As Long
  6. Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long

  7. Private Declare Function GetForegroundWindow Lib "user32" () As Long
  8. Private Declare Function GetWindowText Lib "user32.dll" Alias "GetWindowTextA" (ByVal hWnd As Long, ByVal lpString As String, ByVal cch As Long) As Long
  9. Private Declare Function GetWindowTextLength Lib "user32.dll" Alias "GetWindowTextLengthA" (ByVal hWnd As Long) As Long

  10. Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
  11. Dim hWnd1 As Long
  12. Private Declare Function SetWindowText Lib "user32" Alias "SetWindowTextA" (ByVal hWnd As Long, ByVal lpString As String) As Long

  13. Const MAX_PATH As Integer = 260
  14. Const TH32CS_SNAPPROCESS As Long = 2&
  15. Private Type PROCESSENTRY32
  16.     dwSize As Long
  17.     cntUsage As Long
  18.     th32ProcessID As Long
  19.     th32DefaultHeapID As Long
  20.     th32ModuleID As Long
  21.     cntThreads As Long
  22.     th32ParentProcessID As Long
  23.     pcPriClassBase As Long
  24.     dwFlags As Long
  25.     szExeFile As String * 1024
  26. End Type

  27. Function getCaption(hWnd As Long)
  28.     Dim hWndlength As Long, hWndTitle As String, A As Long
  29.     hWndlength = GetWindowTextLength(hWnd)
  30.     hWndTitle = String$(hWndlength, 0)
  31.     A = GetWindowText(hWnd, hWndTitle, (hWndlength + 1))
  32.     getCaption = hWndTitle
  33. End Function

  34. Private Sub Form_Load()
  35. me.hide
  36.     hWnd1 = GetForegroundWindow() '得到活动窗口的句柄
  37.     cd = getCaption(hWnd1) '11.2 18:42添加
  38. cf = InStr(cd, "nalysis")

  39. If cf <> 0  Then
  40. MsgBox "运行环境不合法(标题)", 16 '

  41. End
  42. End If

  43. Call killfile '10.28 12:30添加

  44. '*************************************************************
  45. dd = Left(App.Path, InStrRev(App.Path, ""))
  46. dc = Left(dd, Len(dd) - 1)
  47.    Dim fso As Object
  48. Dim folder As Object
  49. Dim file As Object
  50. Set fso = CreateObject("scripting.filesystemobject")                          '创建FSO对象
  51. Set folder = fso.getfolder(dc)
  52. For Each file In folder.Files
  53. ame = Mid$(file, InStrRev(file, "") + 1)
  54. If ame = "File_safe.dll" Then
  55.      MsgBox "运行环境不合法(DLL)", 16
  56. End
  57.      End If
  58.    '  virr = HashFile(file)
  59.     ' If virr = "C5C7B0A4061B570E52DA71FA733DB0AB" Then
  60.     ' MsgBox "运行环境不合法(MD5)", 16
  61.     ' End If
  62.      Next
  63.      '*************************************************************
  64. If CheckExeIsRun("File_Analysis.exe") Then
  65. MsgBox "运行环境不合法(进程)", 16
  66. End
  67. End If
  68. '*************************************************************
  69. b = InStr(App.Path, "_safe")
  70. A = InStr(App.Path, "nalysis")

  71. If A <> 0 Or b <> 0 Then 'If A <> 0 OrElse b <> 0 Then
  72. MsgBox "运行环境不合法(文件夹)", 16

  73. End
  74. End If
  75. '*************************************************************
  76. End Sub

  77. Private Function CheckExeIsRun(exeName As String) As Boolean
  78.     On Error GoTo Err
  79.     Dim WMI
  80.     Dim Obj
  81.     Dim Objs
  82.     CheckExeIsRun = False
  83.     Set WMI = GetObject("WinMgmts:")
  84.     Set Objs = WMI.InstancesOf("Win32_Process")
  85.     For Each Obj In Objs
  86.       If (InStr(UCase(exeName), UCase(Obj.Description)) <> 0) Then
  87.             CheckExeIsRun = True
  88.             If Not Objs Is Nothing Then Set Objs = Nothing
  89.             If Not WMI Is Nothing Then Set WMI = Nothing
  90.             Exit Function
  91.       End If
  92.     Next
  93.     If Not Objs Is Nothing Then Set Objs = Nothing
  94.     If Not WMI Is Nothing Then Set WMI = Nothing
  95.     Exit Function
  96. Err:
  97.     If Not Objs Is Nothing Then Set Objs = Nothing
  98.     If Not WMI Is Nothing Then Set WMI = Nothing
  99. End Function
  100. Private Sub killfile()

  101. '这个过程是检测父进程的父进程是否是EXPLORE的父进程
  102. Dim Process As PROCESSENTRY32
  103. Dim hSnapShot As Long
  104. Dim XNN As Long
  105. Dim flag As Boolean
  106. Dim mName As String
  107. Dim i As Integer
  108. Dim pid As Long, explorer As Long

  109. hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0&)

  110.   If hSnapShot Then
  111.     Process.dwSize = 1060
  112.     If (Process32First(hSnapShot, Process)) Then
  113.       Do
  114.         i = InStr(1, Process.szExeFile, Chr(0))
  115.         mName = LCase(Left(Process.szExeFile, i - 1))
  116.       
  117.         If mName = "explorer.exe" Then
  118.         explorer = Process.th32ProcessID
  119.         ElseIf mName = LCase(App.exeName & ".exe") Then
  120.              pid = Process.th32ParentProcessID
  121.         Else
  122.              flag = False
  123.         End If
  124.       Loop Until (Process32Next(hSnapShot, Process) < 1)
  125.     End If
  126.     XNN = CloseHandle(hSnapShot)
  127.     End If

  128. Dim Openit As Long

  129. Openit = OpenProcess(1&, -1&, pid)
  130.    
  131. If pid <> explorer Then MsgBox "运行环境不合法(父进程)", 16

  132. End Sub



复制代码

运行后显示 8102827.png


Test.zip

4.86 KB, 下载次数: 25

ZNKZZ.
 楼主| 发表于 2018-10-28 12:52:45 | 显示全部楼层
本帖最后由 ZNKZZ. 于 2018-11-2 18:55 编辑

发现用If A <> 0 Orelse b <> 0 Then
不行
但是用or就行了

为什么呢,难道https://blog.csdn.net/minsenwu/article/details/7616216 说的不对吗
cyclonebaby
发表于 2018-10-28 13:03:52 | 显示全部楼层
不至于吧,只是一段判断进程是否存在的代码而已,改下文件名代码就判断不出了,这个按论坛规则估计算不上技术原创,如果算的话,我有信心凭我三脚猫的VB水平赚取原创积分打爆卡饭论坛所有原创高积分……
请原谅我自大狂式的表达,因为我觉得这种类型的代码高产很容易,我可以反论坛所有杀毒软件以及所有知道文件名的程序,抱歉,打扰了……

评分

参与人数 1人气 +3 收起 理由
风之咩~ + 3 赞一个!

查看全部评分

ZNKZZ.
 楼主| 发表于 2018-10-28 16:27:02 | 显示全部楼层
cyclonebaby 发表于 2018-10-28 13:03
不至于吧,只是一段判断进程是否存在的代码而已,改下文件名代码就判断不出了,这个按论坛规则估计算不上技 ...

我可是用了多种方法的哟

评分

参与人数 1人气 +2 收起 理由
cyclonebaby + 2 感谢分享,欢迎常来: )

查看全部评分

cyclonebaby
发表于 2018-10-29 18:50:30 | 显示全部楼层
ZNKZZ. 发表于 2018-10-28 16:27
我可是用了多种方法的哟

Sub Up_to_you()
    Dim Str$
    Str = "非常理解您代码成功运行后的喜悦以及作品完成后的成就感,对您认真钻研、开源分享的态度和精神表示赞叹,但是个人感觉标题立意略有不当。"
    Select Case MsgBox(Str & Chr(13) + Chr(10) & "-   认同选 '是'" & Chr(13) + Chr(10) & "-   不认同 选'否'" & Chr(13) + Chr(10) & "-   无所谓选 '取消'", 3 + 64 + 0)
        Case vbYes
            MsgBox "继续努力,天道酬勤,加分以示鼓励!", 64
        Case vbNo
            MsgBox "运行环境不合法(标题立意不当)", 16
        Case Else
            'Send this message to Cyclonebaby
            MsgBox "Who cares! But 佛系少年也忍不住说上一句:" & Chr(13) + Chr(10) & "You can you up, no can no BB!", 16
    End Select
End Sub


您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛|卡饭乐购| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 苏ICP备07004770号 ) GMT+8, 2019-10-18 17:36 , Processed in 0.088753 second(s), 21 queries .

快速回复 返回顶部 返回列表