Bloquer lancement des nouveaux processus Comme un Antivirus
Elikart.KAME.KANANE
Messages postés2Date d'inscriptiondimanche 16 novembre 2014StatutMembreDernière intervention19 novembre 2014
-
16 nov. 2014 à 02:56
Elikart.KAME.KANANE
Messages postés2Date d'inscriptiondimanche 16 novembre 2014StatutMembreDernière intervention19 novembre 2014
-
19 nov. 2014 à 13:26
Voici le Module Complet VB6 qui fonctionne très cool saut que Quant je le Convertit en VB.NET toutes les apis VB6 ne Fonctionne pas.
>>>Merci d'avance pour votre aide..
Voici le Code:
Option Explicit
Public Declare Function GetCurrentProcess Lib "kernel32" () As Long
Public Declare Function SuspendThread Lib "kernel32" (ByVal hThread As Long) As Long
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Public Declare Function TerminateThread Lib "kernel32" (ByVal hThread As Long, ByVal dwExitCode As Long) As Long
Public Declare Function SetThreadPriority Lib "kernel32" (ByVal hThread As Long, ByVal nPriority As Long) As Long
Public Declare Function SetPriorityClass Lib "kernel32" (ByVal hProcess As Long, ByVal dwPriorityClass As Long) As Long
Public Declare Function GetPriorityClass Lib "kernel32" (ByVal hProcess As Long) As Long
Public Declare Sub Sleep Lib "kernel32" (ByVal dwMilliseconds As Long)
Public Declare Function GetCurrentThread Lib "kernel32" () As Long
Public Declare Function CreateToolhelp32Snapshot Lib "kernel32.dll" (ByVal dwFlags As Long, ByVal th32ProcessID As Long) As Long
Public Declare Function Process32First Lib "kernel32.dll" (ByVal hSnapshot As Long, ByRef lppe As PROCESSENTRY32) As Long
Public Declare Function Process32Next Lib "kernel32.dll" (ByVal hSnapshot As Long, ByRef lppe As PROCESSENTRY32) As Long
Public Declare Function Module32First Lib "kernel32.dll" (ByVal hSnapshot As Long, ByRef lppe As MODULEENTRY32) As Long
Public Declare Function Module32Next Lib "kernel32.dll" (ByVal hSnapshot As Long, ByRef lpme As MODULEENTRY32) As Long
Public Declare Function Thread32First Lib "kernel32.dll" (ByVal hSnapshot As Long, ByRef lpte As THREADENTRY32) As Long
Public Declare Function Thread32Next Lib "kernel32.dll" (ByVal hSnapshot As Long, ByRef lpte As THREADENTRY32) As Long
Public Declare Function Heap32ListFirst Lib "kernel32.dll" (ByVal hSnapshot As Long, ByRef lphl As HEAPLIST32) As Long
Public Declare Function Heap32ListNext Lib "kernel32.dll" (ByVal hSnapshot As Long, ByRef lphl As HEAPLIST32) As Long
Public Declare Function GetWindowThreadProcessId Lib "user32.dll" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Public Declare Function OpenThread Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInherit As Long, ByVal dwThreadId As Long) As Long
Public Declare Function SendMessageTimeout Lib "user32.dll" Alias "SendMessageTimeoutA" (ByVal hwnd As Long, ByVal msg As Long, ByVal wParam As Long, ByVal lParam As Long, ByVal fuFlags As Long, ByVal uTimeout As Long, lpdwResult As Long) As Long
Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Public Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long
Public Declare Function AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, PreviousState As TOKEN_PRIVILEGES, ReturnLength As Long) As Long
Public Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long
Public Declare Function LookupPrivilegeValue Lib "advapi32.dll" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, lpLuid As LUID) As Long
Public Declare Function ProcessFirst Lib "kernel32" Alias "Process32First" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Public Declare Function ProcessNext Lib "kernel32" Alias "Process32Next" (ByVal hSnapshot As Long, uProcess As PROCESSENTRY32) As Long
Public Declare Function CreateToolhelpSnapshot Lib "kernel32" Alias "CreateToolhelp32Snapshot" (ByVal lFlags As Long, lProcessId As Long) As Long
Public Declare Function ShellExecute Lib "shell32.dll" Alias "ShellExecuteA" (ByVal hwnd As Long, ByVal lpOperation As String, ByVal lpFile As String, ByVal lpParameters As String, ByVal lpDirectory As String, ByVal nShowCmd As Long) As Long
Public Declare Function OpenThreadToken Lib "advapi32.dll" (ByVal ThreadHandle As Long, ByVal DesiredAccess As Long, ByVal OpenAsSelf As Long, TokenHandle As Long) As Long
Public Declare Function ResumeThread Lib "kernel32" (ByVal hThread As Long) As Long
Public Const MAX_PATH As Long = 260
Public Const WM_NULL As Long = &H0
Public Const SMTO_ABORTIFHUNG As Long = &H2
Public Const SMTO_BLOCK As Long = &H1
Public Const SMTO_NORMAL As Long = &H0
Public Const SMTO_NOTIMEOUTIFNOTHUNG As Long = &H8
Public Const THREAD_BASE_PRIORITY_IDLE = -15
Public Const THREAD_BASE_PRIORITY_LOWRT = 15
Public Const THREAD_BASE_PRIORITY_MIN = -2
Public Const THREAD_BASE_PRIORITY_MAX = 2
Public Const THREAD_PRIORITY_LOWEST = THREAD_BASE_PRIORITY_MIN
Public Const THREAD_PRIORITY_HIGHEST = THREAD_BASE_PRIORITY_MAX
Public Const THREAD_PRIORITY_BELOW_NORMAL = (THREAD_PRIORITY_LOWEST + 1)
Public Const THREAD_PRIORITY_ABOVE_NORMAL = (THREAD_PRIORITY_HIGHEST - 1)
Public Const THREAD_PRIORITY_IDLE = THREAD_BASE_PRIORITY_IDLE
Public Const THREAD_PRIORITY_NORMAL = 0
Public Const THREAD_PRIORITY_TIME_CRITICAL = THREAD_BASE_PRIORITY_LOWRT
Public Const HIGH_PRIORITY_CLASS = &H80
Public Const IDLE_PRIORITY_CLASS = &H40
Public Const NORMAL_PRIORITY_CLASS = &H20
Public Const REALTIME_PRIORITY_CLASS = &H100
Public Type LUID
LowPart As Long
HighPart As Long
End Type
Public Type LUID_AND_ATTRIBUTES
pLuid As LUID
Attributes As Long
End Type
Public Type TOKEN_PRIVILEGES
PrivilegeCount As Long
TheLuid As LUID
Attributes As Long
End Type
Public Type PROCESSENTRY32
dwSize As Long 'taille de cette structure (à initialiser avant l'appel à Process32First ou Process32Next)
cntUsage As Long 'nombre de handles du processus ouverts
th32ProcessID As Long 'ID du processus
th32DefaultHeapID As Long 'interne à windows
th32ModuleID As Long 'interne à windows
cntThreads As Long 'nombre de threads du processus
th32ParentProcessID As Long 'ID du processus parent
pcPriClassBase As Long 'classe de priorité de base
dwFlags As Long 'réservé
szExeFile As String * 260 'NT/2000/XP : nom du fichier Exe (sans le chemin)
'9x/ME : chemin et nom du fichier Exe
End Type
'des infos sur les modules
Public Type MODULEENTRY32
dwSize As Long 'taille de cette structure (à initialiser avant l'appel à Module32First ou Module32Next)
th32ModuleID As Long 'ID du module
th32ProcessID As Long 'ID du processus qui utilise le module
GlblcntUsage As Long 'compteur d'usage global pour toutes les instances présentes dans la mémoire du système
ProccntUsage As Long 'commteur d'usage du module pour le processus
modBaseAddr As Long 'adresse de début du module en mémoire
modBaseSize As Long 'taille du module en mémoire
hModule As Long 'HMODULE du module
szModule As String * 256 'nom du module
szExeFile As String * MAX_PATH 'chemin du module
End Type
'des infos sur les tas
Public Type HEAPLIST32
dwSize As Long 'taille de cette structure (à initialiser avant l'appel à Heap32First ou Heap32Next)
th32ProcessID As Long 'ID du processus contenant ce tas
th32HeapID As Long 'ID du tas
dwFlags As Long 'définit si le tas est le tas par défaut
End Type
'des infos sur les threads
Public Type THREADENTRY32
dwSize As Long 'taille de cette structure (à initialiser avant l'appel à Thread32First ou Thread32Next)
cntUsage As Long 'nombre de référence au thread
th32ThreadID As Long 'ID du thread
th32OwnerProcessID As Long 'ID du processus qui a créé le thread
tpBasePri As Long 'priorité initiale
tpDeltaPri As Long 'priorité actuelle
dwFlags As Long 'rien de défini
End Type
Public Const TH32CS_SNAPPROCESS As Long = &H2&
Public Const TH32CS_SNAPMODULE As Long = &H8&
Public Const TH32CS_SNAPHEAPLIST As Long = &H1&
Public Const TH32CS_SNAPTHREAD As Long = &H4&
Public Const PROCESS_ALL_ACCESS = &H1F0FFF, PROCESS_TERMINAT = &H1
Public Const ANYSIZE_ARRAY = 1, TOKEN_ADJUST_PRIVILEGES = &H20
Public Const TOKEN_QUERY = &H8, SE_DEBUG_NAME As String = "SeDebugPrivilege"
Public Const SE_PRIVILEGE_ENABLED = &H2
Dim ps() As PROCESSENTRY32
Dim hToolHelp As Long 'handle de la vue des processus
Dim hToolHelp2 As Long 'handle de la vue des processus
Dim hToolHelp3 As Long 'handle de la vue des processus
Dim mmm As THREADENTRY32 'infos sur un thread
Dim mm As THREADENTRY32 'infos sur un thread
Dim t() As PROCESSENTRY32 'liste temporaire des processus
Dim p2 As PROCESSENTRY32 'infos sur un processus
Dim cnt2 As Long
Dim tLuid As LUID
Dim lhwndProcess As Long
Dim lhwndProcess2 As Long
Dim lst1() As String
Dim nbr1 As Long
Sub Main()
Dim lExitCode As Long
Dim lRetVal As Long
Dim lhThisProc As Long
Dim lhTokenHandle As Long
Dim tTokenPriv As TOKEN_PRIVILEGES
Dim tTokenPrivNew As TOKEN_PRIVILEGES
Dim lBufferNeeded As Long
Dim p As PROCESSENTRY32
Dim Cnt As Long
Dim hToolHelp1 As Long
Dim reponse As Integer
Dim ss As String
DoEvents
' accisition de privilege
OpenProcessToken GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, lhTokenHandle
LookupPrivilegeValue "", SE_DEBUG_NAME, tLuid
tTokenPriv.PrivilegeCount = 1
tTokenPriv.TheLuid = tLuid
tTokenPriv.Attributes = SE_PRIVILEGE_ENABLED
AdjustTokenPrivileges lhTokenHandle, False, tTokenPriv, Len(tTokenPrivNew), tTokenPrivNew, lBufferNeeded
DoEvents
'Mise du processus courrant en Haute priorite
SetPriorityClass GetCurrentProcess, HIGH_PRIORITY_CLASS
'comptage du nombre initial de processus
nbr1 = GetProcessesList
DoEvents
'on recompte le nombre de processus en les indexant
Do
hToolHelp1 = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0&)
Cnt = 0
p.dwSize = Len(p)
If Process32First(hToolHelp1, p) Then
ReDim t(0)
t(0) = p
Do While Process32Next(hToolHelp1, p)
Cnt = Cnt + 1
ReDim Preserve t(Cnt)
t(Cnt) = p
Loop
End If
CloseHandle hToolHelp1
Sleep 1
' si cnt > nbr1 un nouveau processus a ete lance et a l'index cnt
If Cnt > nbr1 Then
' on fige le processus en suspendant otus ces threads (normalement un seul mais bon)
GetThreadsListSuspend t(Cnt).th32ProcessID
ss = Left$(t(Cnt).szExeFile, InStr(t(Cnt).szExeFile, vbNullChar) - 1) ' t(nbr2).szExeFile
'si le processus fait partie des processus autorises, on le relance
If Autorised(ss) Then reponse = vbOK Else reponse = MsgBox(" Le Programme peut conténir un virus" & vbNewLine & " Executer Ce programme ??? : " & Trim(ss) & " ?", 4148, "Slux Explorer [ Firewall ]")
If reponse = vbOK Then
nbr1 = nbr1 + 1
GetThreadsListResume t(Cnt).th32ProcessID
Else
' si le processus est refuse, on le kill
lhwndProcess2 = OpenProcess(PROCESS_TERMINAT, 0, t(Cnt).th32ProcessID)
TerminateProcess lhwndProcess2, 0
CloseHandle lhwndProcess2
nbr1 = GetProcessesList
End If
End If
' si cnt < nbr1 c'est qu'un processus s'est termine on reinisialise la nbr1
If Cnt < nbr1 Then nbr1 = GetProcessesList
Sleep 1
Loop
End Sub
'renvoi juste le nombre de processus en cours
Public Function GetProcessesList(Optional Paths As Boolean = False) As Long
hToolHelp = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0&)
cnt2 = 0
p2.dwSize = Len(p2)
If Process32First(hToolHelp, p2) Then
Do While Process32Next(hToolHelp, p2)
cnt2 = cnt2 + 1
Loop
End If
GetProcessesList = cnt2
CloseHandle hToolHelp
End Function
'suspend les thread du processus specifie
Public Sub GetThreadsListSuspend(ByVal ProcessID As Long) '
hToolHelp2 = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, ProcessID)
mm.dwSize = Len(mm)
If Thread32First(hToolHelp2, mm) Then
mm.dwSize = Len(mm)
Do While Thread32Next(hToolHelp2, mm)
If mm.th32OwnerProcessID = ProcessID Then
' si le thread a bien processId pour processus parent, on le suspend
lhwndProcess = OpenThread(&H2, 0, mm.th32ThreadID)
SuspendThread lhwndProcess
CloseHandle lhwndProcess
End If
Loop
End If
CloseHandle hToolHelp2
End Sub
'Relance les threads du processus sprecifie
Public Sub GetThreadsListResume(ByVal ProcessID As Long)
hToolHelp3 = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, ProcessID)
mmm.dwSize = Len(mmm)
If Thread32First(hToolHelp3, mmm) Then
mmm.dwSize = Len(mmm)
Do While Thread32Next(hToolHelp3, mmm)
If mmm.th32OwnerProcessID = ProcessID Then '
' si le thread a bien processId pour processus parent, on le relance
lhwndProcess = OpenThread(&H2, 0, mmm.th32ThreadID)
ResumeThread lhwndProcess
CloseHandle lhwndProcess
End If
mmm.dwSize = Len(mmm)
Loop
End If
CloseHandle hToolHelp3
End Sub
'Renvoi si un processus est autorises ou non
Public Function Autorised(Process As String) As Boolean
Select Case UCase(Process)
Case "SVCHOST.EXE"
Autorised = True
Case "CMD.EXE"
Autorised = False
Case "DLLHOST.EXE"
Autorised = True
Case "EXPLORER.EXE"
Autorised = True
Case "IEXPLORE.EXE"
Autorised = True
Case "TASKMGR.EXE"
Autorised = True
Case "RUNDLL32.EXE"
Autorised = True
Case "MDM.EXE"
Autorised = True
Case "VB6.EXE"
Autorised = True
Case "MSNMSGR.EXE"
Autorised = True
Case "MSCONFIG.EXE"
Autorised = True
Case "LOGON.SCR"
Autorised = True
Case "SLUXEXPLORER.EXE"
Autorised = True
Case "WSCRIPT.EXE"
Autorised = False
Case "WERFAULT.EXE"
Autorised = True
Case "IGFXSRVC.EXE"
Autorised = True
Case "IGFXSRVC.EXE"
Autorised = True
Case "WMIPRVSE.EXE"
Autorised = True
Case "SEARCHPROTOCOLHOST.EXE"
Autorised = True
Case "SEARCHFILTERHOST.EXE"
Autorised = True
Case "CONHOST.EXE"
Autorised = True
Case "ATTRIB.EXE"
Autorised = True
Case "WUDFHOST.EXE"
Autorised = True
Case "ATTRIB.EXE"
Autorised = True
Case "WMIADAP.EXE"
Autorised = True
Case "AUTOIT3.EXE"
Autorised = False
Case "SIDEBAR.EXE"
Autorised = False
Case "READER_SL.EXE"
Autorised = False
Case "GOOGLEUPDATE.EXE"
Autorised = False
Case "CONHOST.EXE"
Autorised = False
Case "MSCINET.EXE"
Autorised = False
Case "AUTODETECT.EXE"
Autorised = False
Case Else
Autorised = False
End Select
End Function
A voir également:
Bloquer lancement des nouveaux processus Comme un Antivirus
