利用VB远线程注入技术实现键盘拦截的例子(无DLL)

利用VB远线程注入技术实现键盘拦截的例子(无DLL)
从网上搜集到的VB代码，用EXE方式实现了远程注入，不过在反病毒软件的保护下，有可能导致注入失败。转贴这个代码，仅供大家学习和参考。

一、窗口代码：
view plain copy to clipboard print ?
1. Option Explicit
3. Private Sub cmdLock_Click()
4. If LockKeyboard(True) Then
5. cmdLock.Enabled = False
6. cmdUnLock.Enabled = True
7. End If
8. End Sub
9. Private Sub cmdUnLock_Click()
10. If LockKeyboard(False) Then
11. cmdLock.Enabled = True
12. cmdUnLock.Enabled = False
13. End If
14. End Sub
15. Private Sub Form_Load()
16. Dim bIsLock As Boolean
17. bIsLock = GetKeyboardState
18. cmdLock.Enabled = Not bIsLock
19. cmdUnLock.Enabled = bIsLock
20. End Sub
21. Option Explicit
23. Private Sub cmdLock_Click()
24. If LockKeyboard(True) Then
25. cmdLock.Enabled = False
26. cmdUnLock.Enabled = True
27. End If
28. End Sub
29. Private Sub cmdUnLock_Click()
30. If LockKeyboard(False) Then
31. cmdLock.Enabled = True
32. cmdUnLock.Enabled = False
33. End If
34. End Sub
35. Private Sub Form_Load()
36. Dim bIsLock As Boolean
37. bIsLock = GetKeyboardState
38. cmdLock.Enabled = Not bIsLock
39. cmdUnLock.Enabled = bIsLock
40. End Sub
Option Explicit Private Sub cmdLock_Click() If LockKeyboard(True) Then cmdLock.Enabled = False cmdUnLock.Enabled = True End If End Sub Private Sub cmdUnLock_Click() If LockKeyboard(False) Then cmdLock.Enabled = True cmdUnLock.Enabled = False End If End Sub Private Sub Form_Load() Dim bIsLock As Boolean bIsLock = GetKeyboardState cmdLock.Enabled = Not bIsLock cmdUnLock.Enabled = bIsLock End Sub Option Explicit Private Sub cmdLock_Click() If LockKeyboard(True) Then cmdLock.Enabled = False cmdUnLock.Enabled = True End If End Sub Private Sub cmdUnLock_Click() If LockKeyboard(False) Then cmdLock.Enabled = True cmdUnLock.Enabled = False End If End Sub Private Sub Form_Load() Dim bIsLock As Boolean bIsLock = GetKeyboardState cmdLock.Enabled = Not bIsLock cmdUnLock.Enabled = bIsLock End Sub
二、模块代码：
view plain copy to clipboard print ?
1. Option Explicit
2. '是否包含处理其它键盘消息，True表示处理.
3. #Const INC_OTHER_KEY = True
4. '注意，以下所有双版本的API均声明成了 UNICODE 版。并且许多地方与VB的API浏览器生成的代码有所不同。
5. Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
6. Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
7. Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
8. Private Declare Function GlobalAddAtom Lib "kernel32" Alias "GlobalAddAtomW" (ByVal lpString As Long) As Integer
9. Private Declare Function GlobalDeleteAtom Lib "kernel32" (ByVal nAtom As Integer) As Integer
10. Private Declare Function GlobalFindAtom Lib "kernel32" Alias "GlobalFindAtomW" (ByVal lpString As Long) As Integer
11. Private Const TH32CS_SNAPPROCESS = 2
12. Private Type PROCESSENTRY32W
13. dwSize As Long
14. cntUsage As Long
15. h32ProcessID As Long
16. th32DefaultHeapID As Long
17. h32ModuleID As Long
18. cntThreads As Long
19. th32ParentProcessID As Long
20. pcPriClassBase As Long
21. dwFlags As Long
22. szExeFile(1 To 260) As Integer
23. End Type
24. Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal dwFlags As Long, ByVal th32ProcessID As Long) As Long
25. Private Declare Function Process32First Lib "kernel32" Alias "Process32FirstW" (ByVal hSnapshot As Long, lpPE As PROCESSENTRY32W) As Long
26. Private Declare Function Process32Next Lib "kernel32" Alias "Process32NextW" (ByVal hSnapshot As Long, lpPE As PROCESSENTRY32W) As Long
27. Private Declare Function lstrcmpi Lib "kernel32" Alias "lstrcmpiW" (lpString1 As Integer, ByVal lpString2 As Long) As Long
28. Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
29. Private Declare Function GetLastError Lib "kernel32" () As Long
30. Private Type LUID
31. lowpart As Long
32. highpart As Long
33. End Type
34. Private Type LUID_AND_ATTRIBUTES
35. pLuid As LUID
36. Attributes As Long
37. End Type
38. Private Type TOKEN_PRIVILEGES
39. PrivilegeCount As Long
40. Privileges As LUID_AND_ATTRIBUTES
41. End Type
42. Private Const PROCESS_ALL_ACCESS As Long = &H1F0FFF
43. Private Const TOKEN_QUERY As Long = &H8&
44. Private Const TOKEN_ADJUST_PRIVILEGES As Long = &H20&
45. Private Const SE_PRIVILEGE_ENABLED As Long = &H2
46. Private Const SE_DEBUG_NAME As String = "SeDebugPrivilege"
47. Private Declare Function GetCurrentProcess Lib "kernel32" () As Long
48. Private Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long
49. Private Declare Function LookupPrivilegeValue Lib "advapi32.dll" Alias "LookupPrivilegeValueW" (ByVal lpSystemName As Long, ByVal lpName As Long, lpLuid As LUID) As Long
50. Private Declare Function AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, ByVal PrevState As Long, ByVal N As Long) As Long
51. Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleW" (ByVal lpwModuleName As Long) As Long
52. Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
53. Private Const MEM_COMMIT As Long = &H1000
54. Private Const MEM_DECOMMIT As Long = &H4000
55. Private Const PAGE_EXECUTE_READWRITE As Long = &H40
56. Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal ProcessHandle As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
57. Private Declare Function VirtualFreeEx Lib "kernel32" (ByVal ProcessHandle As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long
58. Private Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, ByVal lpThreadAttributes As Long, ByVal dwStackSize As Long, ByVal lpStartAddress As Long, ByVal lpParameter As Long, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long
59. Private Declare Function WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long
60. Private Declare Function GetExitCodeThread Lib "kernel32" (ByVal hThread As Long, lpExitCode As Long) As Long
61. #If INC_OTHER_KEY Then
62. Private Declare Function SetWindowsHookEx Lib "user32" Alias "SetWindowsHookExW" (ByVal idHook As Long, ByVal lpfn As Long, ByVal hmod As Long, ByVal dwThreadId As Long) As Long
63. Private Declare Function UnhookWindowsHookEx Lib "user32" (ByVal hHook As Long) As Long
64. Private Declare Function CallNextHookEx Lib "user32" (ByVal hHook As Long, ByVal nCode As Long, ByVal wParam As Long, lParam As Any) As Long
65. #End If
66. Private Const ATOM_FLAG As String = "HookSysKey"
67. Private Const SHELL_FALG As String = "Winlogon"
68. Private Const SHELL_CODE_DWORDLEN = 317 '注入代码所占的双字数
69. Private Const SHELL_CODE_LENGTH = (SHELL_CODE_DWORDLEN * 4) '字节数
70. Private Const SHELL_FUNCOFFSET = &H8 '注入代码线程函数偏移量
71. Private mlShellCode(SHELL_CODE_DWORDLEN - 1) As Long
72. #If INC_OTHER_KEY Then
73. Private m_lHookID As Long '键盘钩子句柄
74. Private Type KBDLLHOOKSTRUCT
75. vkCode As Long
76. scanCode As Long
77. flags As Long
78. time As Long
79. dwExtraInfo As Long
80. End Type
81. Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, Source As Any, ByVal Length As Long)
82. #End If
83. '============================================
84. ' 锁定/解锁键盘
85. ' 参数：布尔型，真表示锁定
86. ' 返回：布尔型, 真表示成功
87. ' 注意：非 Ctrl+Alt+Del 键使用普通钩子技术，因此
88. ' 程序在退出时注意要卸载钩子。
89. '============================================
90. Public Function LockKeyboard(ByVal bLock As Boolean) As Boolean
91. Dim lResult As Long
92. Dim lStrPtr As Long
93. Dim iAtom As Integer
95. lStrPtr = StrPtr(SHELL_FALG)
96. iAtom = GlobalFindAtom(lStrPtr)
97. If iAtom = 0 Then
98. lResult = InsertAsmCode
99. Debug.Assert lResult = 0
100. If lResult Then Exit Function
101. End If
102. lStrPtr = StrPtr(ATOM_FLAG)
103. iAtom = GlobalFindAtom(lStrPtr)
104. If bLock Then
105. #If INC_OTHER_KEY Then
106. '强烈建议：使用了SetWindowsHookEx的话，请编译后再运行！
107. m_lHookID = SetWindowsHookEx(13, AddressOf LowLevelKeyboardProc, App.hInstance, 0)
108. #End If
109. If iAtom = 0 Then iAtom = GlobalAddAtom(lStrPtr)
110. LockKeyboard = (iAtom <> 0)
111. Debug.Assert LockKeyboard
112. Else
113. #If INC_OTHER_KEY Then
114. If m_lHookID Then Call UnhookWindowsHookEx(m_lHookID)
115. #End If
116. If iAtom Then iAtom = GlobalDeleteAtom(iAtom)
117. LockKeyboard = iAtom = 0
118. End If
119. End Function
121. Public Function GetKeyboardState() As Boolean
122. GetKeyboardState = GlobalFindAtom(StrPtr(ATOM_FLAG)) <> 0
123. End Function
125. #If INC_OTHER_KEY Then
126. Private Function LowLevelKeyboardProc(ByVal nCode As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
127. Dim KBEvent As KBDLLHOOKSTRUCT
128. If nCode >= 0 Then
129. '在这里可以加入实际的过滤条件
130. CopyMemory KBEvent, ByVal lParam, 20& 'sizeof KBDLLHOOKSTRUCT=20
131. 'wParam = 消息，如WM_KEYDOWN, WM_KEYUP等
132. Debug.Print Hex$(KBEvent.vkCode) 'VK_??? 定义的键码
133. LowLevelKeyboardProc = 1 '１屏蔽,否则应调用CallNextHookEx
134. Else
135. LowLevelKeyboardProc = CallNextHookEx(m_lHookID, nCode, wParam, lParam)
136. End If
137. End Function
138. #End If
140. '----------------------------------------------
141. ' 远程线程插入函数
142. ' 功能：向 Winlogon 进程插入远程线程代码，并执行
143. ' 返回：0表示成功，非0表示标准的系统错误代号
144. '----------------------------------------------
145. Private Function InsertAsmCode() As Long
146. Const WINLOGON As String = "Winlogon.exe"
147. Dim hProcess As Long '远端进程句柄
148. Dim hPId As Long '远端进程ID
149. Dim lResult As Long '一般返回变量
150. Dim pToken As TOKEN_PRIVILEGES
151. Dim hToken As Long
152. Dim hRemoteThread As Long
153. Dim hRemoteThreadID As Long
154. Dim lDbResult(1) As Long
155. Dim lRemoteAddr As Long
156. '------------------------------------
157. '取winlogon进程ID
158. '------------------------------------
159. hPId = GetProcessIdFromName(WINLOGON)
160. If hPId = 0 Then
161. InsertAsmCode = GetLastError
162. Debug.Assert False
163. Exit Function
164. End If
165. '------------------------------------
166. '提升本进程权限，以取得对winlogon进程操作的许可
167. '------------------------------------
168. lResult = OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, hToken)
169. Debug.Assert lResult
170. lResult = LookupPrivilegeValue(0, StrPtr(SE_DEBUG_NAME), pToken.Privileges.pLuid)
171. Debug.Assert lResult
172. pToken.PrivilegeCount = 1
173. pToken.Privileges.Attributes = SE_PRIVILEGE_ENABLED
174. lResult = AdjustTokenPrivileges(hToken, False, pToken, Len(pToken), 0, 0)
175. Debug.Assert lResult
176. '------------------------------------
177. '打开winlogon进程
178. '------------------------------------
179. hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, hPId)
180. Debug.Assert hProcess
181. If hProcess Then
182. '------------------------------------
183. '初始注入代码
184. '------------------------------------
185. Call InitShellCode
186. '------------------------------------
187. '远端进程分配内存
188. '------------------------------------
189. lRemoteAddr = VirtualAllocEx(hProcess, 0, SHELL_CODE_LENGTH, MEM_COMMIT, PAGE_EXECUTE_READWRITE)
190. Debug.Assert lRemoteAddr
191. '------------------------------------
192. '写入 shell 代码
193. '------------------------------------
194. If lRemoteAddr Then
195. InsertAsmCode = WriteProcessMemory(hProcess, lRemoteAddr, mlShellCode(0), SHELL_CODE_LENGTH, 0)
196. Else
197. InsertAsmCode = GetLastError
198. Exit Function
199. End If
200. '------------------------------------
201. '创建远程线程
202. '------------------------------------
203. hRemoteThread = CreateRemoteThread(hProcess, 0, 0, lRemoteAddr + SHELL_FUNCOFFSET, 0, 0, hRemoteThreadID)
204. If hRemoteThread = 0 Then
205. InsertAsmCode = GetLastError
206. Debug.Assert hRemoteThread
207. Exit Function
208. End If
209. '------------------------------------
210. '等待远程线程
211. '------------------------------------
212. Call WaitForSingleObject(hRemoteThread, -1)
213. Call GetExitCodeThread(hRemoteThread, InsertAsmCode)
214. Call CloseHandle(hRemoteThread)
215. '------------------------------------
216. '释放远端进程内存
217. '------------------------------------
218. Call VirtualFreeEx(hProcess, lRemoteAddr, SHELL_CODE_LENGTH, MEM_DECOMMIT)
219. Else
220. InsertAsmCode = GetLastError
221. End If
222. End Function
224. '============================================
225. ' 初始线程代码
226. '============================================
227. Private Function InitShellCode() As Long
228. Const kernel32 As String = "kernel32.dll"
229. Dim hDll As Long
230. '------------------------------------
231. '提取注入代码所需的API函数
232. '------------------------------------
233. hDll = GetModuleHandle(StrPtr(kernel32)): Debug.Assert hDll
234. mlShellCode(0) = GetProcAddress(hDll, "GetModuleHandleW")
235. mlShellCode(1) = GetProcAddress(hDll, "GetProcAddress")
236. '---------------------------
237. ' 以下代码由 MASM32 产生
238. mlShellCode(2) = &HE853&
239. mlShellCode(3) = &H815B0000
240. mlShellCode(4) = &H40100EEB
241. mlShellCode(5) = &H238E800
242. mlShellCode(6) = &HC00B0000
243. mlShellCode(7) = &H838D5075
244. mlShellCode(8) = &H4010B0
245. mlShellCode(9) = &HD093FF50
246. mlShellCode(10) = &HF004013
247. mlShellCode(11) = &HC00BC0B7
248. mlShellCode(12) = &H683A75
249. mlShellCode(13) = &H6A020000
250. mlShellCode(14) = &H8D006A00
251. mlShellCode(15) = &H4010B083
252. mlShellCode(16) = &H93FF5000
253. mlShellCode(17) = &H401090
254. mlShellCode(18) = &H1874C00B
255. mlShellCode(19) = &H10C2938D
256. mlShellCode(20) = &H6A0040
257. mlShellCode(21) = &H93FF5052
258. mlShellCode(22) = &H401094
259. mlShellCode(23) = &H474C00B
260. mlShellCode(24) = &HAEB0AEB
261. mlShellCode(25) = &H108C93FF
262. mlShellCode(26) = &H2EB0040
263. mlShellCode(27) = &HC25BC033
264. mlShellCode(28) = &HFF8B0004
265. mlShellCode(38) = &H410053
266. mlShellCode(39) = &H200053
267. mlShellCode(40) = &H690077
268. mlShellCode(41) = &H64006E
269. mlShellCode(42) = &H77006F
270. mlShellCode(43) = &HFF8B0000
271. mlShellCode(44) = &H690057
272. mlShellCode(45) = &H6C006E
273. mlShellCode(46) = &H67006F
274. mlShellCode(47) = &H6E006F
275. mlShellCode(48) = &H8B550000
276. mlShellCode(49) = &HF0C481EC
277. mlShellCode(50) = &H53FFFFFD
278. mlShellCode(51) = &HE8&
279. mlShellCode(52) = &HEB815B00
280. mlShellCode(53) = &H4010D1
281. mlShellCode(54) = &H10468
282. mlShellCode(55) = &HF8858D00
283. mlShellCode(56) = &H50FFFFFD
284. mlShellCode(57) = &HFF0875FF
285. mlShellCode(58) = &H40108093
286. mlShellCode(59) = &HF8858D00
287. mlShellCode(60) = &H50FFFFFD
288. mlShellCode(61) = &H1098838D
289. mlShellCode(62) = &HFF500040
290. mlShellCode(63) = &H40107C93
291. mlShellCode(64) = &H75C00B00
292. mlShellCode(65) = &H68406A69
293. mlShellCode(66) = &H1000&
294. mlShellCode(67) = &H7668&
295. mlShellCode(68) = &HFF006A00
296. mlShellCode(69) = &H40107493
297. mlShellCode(70) = &H74C00B00
298. mlShellCode(71) = &H85896054
299. mlShellCode(72) = &HFFFFFDF0
300. mlShellCode(73) = &H75FFFC6A
301. mlShellCode(74) = &H8493FF08
302. mlShellCode(75) = &H8D004010
303. mlShellCode(76) = &H4013C893
304. mlShellCode(77) = &HFC028900
305. mlShellCode(78) = &HFDF0BD8B
306. mlShellCode(79) = &H76B9FFFF
307. mlShellCode(80) = &H8D000000
308. mlShellCode(81) = &H401374B3
309. mlShellCode(82) = &H8DA4F300
310. mlShellCode(83) = &H4010B083
311. mlShellCode(84) = &H93FF5000
312. mlShellCode(85) = &H401078
313. mlShellCode(86) = &HFDF0B5FF
314. mlShellCode(87) = &HFC6AFFFF
315. mlShellCode(88) = &HFF0875FF
316. mlShellCode(89) = &H40108893
317. mlShellCode(90) = &HC0336100
318. mlShellCode(91) = &HC03303EB
319. mlShellCode(92) = &HC2C95B40
320. mlShellCode(93) = &H6B0008
321. mlShellCode(94) = &H720065
322. mlShellCode(95) = &H65006E
323. mlShellCode(96) = &H33006C
324. mlShellCode(97) = &H2E0032
325. mlShellCode(98) = &H6C0064
326. mlShellCode(99) = &H6C&
327. mlShellCode(100) = &H730075
328. mlShellCode(101) = &H720065
329. mlShellCode(102) = &H320033
330. mlShellCode(103) = &H64002E
331. mlShellCode(104) = &H6C006C
332. mlShellCode(105) = &H69560000
333. mlShellCode(106) = &H61757472
334. mlShellCode(107) = &H6572466C
335. mlShellCode(108) = &H6C470065
336. mlShellCode(109) = &H6C61626F
337. mlShellCode(110) = &H646E6946
338. mlShellCode(111) = &H6D6F7441
339. mlShellCode(112) = &H6C470057
340. mlShellCode(113) = &H6C61626F
341. mlShellCode(114) = &H41646441
342. mlShellCode(115) = &H576D6F74
343. mlShellCode(116) = &H74736C00
344. mlShellCode(117) = &H706D6372
345. mlShellCode(118) = &H4F005769
346. mlShellCode(119) = &H446E6570
347. mlShellCode(120) = &H746B7365
348. mlShellCode(121) = &H57706F
349. mlShellCode(122) = &H6D756E45
350. mlShellCode(123) = &H6B736544
351. mlShellCode(124) = &H57706F74
352. mlShellCode(125) = &H6F646E69
353. mlShellCode(126) = &H47007377
354. mlShellCode(127) = &H69577465
355. mlShellCode(128) = &H776F646E
356. mlShellCode(129) = &H74786554
357. mlShellCode(130) = &H65470057
358. mlShellCode(131) = &H6E695774
359. mlShellCode(132) = &H4C776F64
360. mlShellCode(133) = &H57676E6F
361. mlShellCode(134) = &H74655300
362. mlShellCode(135) = &H646E6957
363. mlShellCode(136) = &H6F4C776F
364. mlShellCode(137) = &H57676E
365. mlShellCode(138) = &H6C6C6143
366. mlShellCode(139) = &H646E6957
367. mlShellCode(140) = &H7250776F
368. mlShellCode(141) = &H57636F
369. mlShellCode(142) = &H4C746547
370. mlShellCode(143) = &H45747361
371. mlShellCode(144) = &H726F7272
372. mlShellCode(145) = &H72695600
373. mlShellCode(146) = &H6C617574
374. mlShellCode(147) = &H6F6C6C41
375. mlShellCode(148) = &H8B550063
376. mlShellCode(149) = &HFCC483EC
377. mlShellCode(150) = &H48C03360
378. mlShellCode(151) = &H8DFC4589
379. mlShellCode(152) = &H40117683
380. mlShellCode(153) = &H93FF5000
381. mlShellCode(154) = &H401000
382. mlShellCode(155) = &H840FC00B
383. mlShellCode(156) = &HFA&
384. mlShellCode(157) = &H838DF88B
385. mlShellCode(158) = &H401190
386. mlShellCode(159) = &H93FF50
387. mlShellCode(160) = &HB004010
388. mlShellCode(161) = &HE3840FC0
389. mlShellCode(162) = &H8B000000
390. mlShellCode(163) = &H45838DF0
391. mlShellCode(164) = &H50004012
392. mlShellCode(165) = &H493FF57
393. mlShellCode(166) = &H89004010
394. mlShellCode(167) = &H40107483
395. mlShellCode(168) = &H38838D00
396. mlShellCode(169) = &H50004012
397. mlShellCode(170) = &H493FF57
398. mlShellCode(171) = &H89004010
399. mlShellCode(172) = &H40108C83
400. mlShellCode(173) = &HC2838D00
401. mlShellCode(174) = &H50004011
402. mlShellCode(175) = &H493FF57
403. mlShellCode(176) = &H89004010
404. mlShellCode(177) = &H40107883
405. mlShellCode(178) = &HB2838D00
406. mlShellCode(179) = &H50004011
407. mlShellCode(180) = &H493FF57
408. mlShellCode(181) = &H89004010
409. mlShellCode(182) = &H4013D083
410. mlShellCode(183) = &HD1838D00
411. mlShellCode(184) = &H50004011
412. mlShellCode(185) = &H493FF57
413. mlShellCode(186) = &H89004010
414. mlShellCode(187) = &H40107C83
415. mlShellCode(188) = &HDB838D00
416. mlShellCode(189) = &H50004011
417. mlShellCode(190) = &H493FF56
418. mlShellCode(191) = &H89004010
419. mlShellCode(192) = &H40109083
420. mlShellCode(193) = &HE8838D00
421. mlShellCode(194) = &H50004011
422. mlShellCode(195) = &H493FF56
423. mlShellCode(196) = &H89004010
424. mlShellCode(197) = &H40109483
425. mlShellCode(198) = &HFB838D00
426. mlShellCode(199) = &H50004011
427. mlShellCode(200) = &H493FF56
428. mlShellCode(201) = &H89004010
429. mlShellCode(202) = &H40108083
430. mlShellCode(203) = &HA838D00
431. mlShellCode(204) = &H50004012
432. mlShellCode(205) = &H493FF56
433. mlShellCode(206) = &H89004010
434. mlShellCode(207) = &H40108483
435. mlShellCode(208) = &H19838D00
436. mlShellCode(209) = &H50004012
437. mlShellCode(210) = &H493FF56
438. mlShellCode(211) = &H89004010
439. mlShellCode(212) = &H40108883
440. mlShellCode(213) = &H28838D00
441. mlShellCode(214) = &H50004012
442. mlShellCode(215) = &H493FF56
443. mlShellCode(216) = &H89004010
444. mlShellCode(217) = &H4013CC83
445. mlShellCode(218) = &H89C03300
446. mlShellCode(219) = &H8B61FC45
447. mlShellCode(220) = &HC3C9FC45
448. mlShellCode(221) = &H53EC8B55
449. mlShellCode(222) = &HE8&
450. mlShellCode(223) = &HEB815B00
451. mlShellCode(224) = &H40137D
452. mlShellCode(225) = &H120C7D81
453. mlShellCode(226) = &H75000003
454. mlShellCode(227) = &HD4838D1C
455. mlShellCode(228) = &H50004013
456. mlShellCode(229) = &H13D093FF
457. mlShellCode(230) = &HB70F0040
458. mlShellCode(231) = &H74C00BC0
459. mlShellCode(232) = &H40C03308
460. mlShellCode(233) = &H10C2C95B
461. mlShellCode(234) = &H1475FF00
462. mlShellCode(235) = &HFF1075FF
463. mlShellCode(236) = &H75FF0C75
464. mlShellCode(237) = &HC8B3FF08
465. mlShellCode(238) = &HFF004013
466. mlShellCode(239) = &H4013CC93
467. mlShellCode(240) = &HC2C95B00
468. mlShellCode(241) = &HFF8B0010
469. mlShellCode(245) = &H6F0048
470. mlShellCode(246) = &H6B006F
471. mlShellCode(247) = &H790053
472. mlShellCode(248) = &H4B0073
473. mlShellCode(249) = &H790065
474. mlShellCode(250) = &H8B550000
475. mlShellCode(251) = &HD8C481EC
476. mlShellCode(252) = &HE8FFFFFD
477. mlShellCode(253) = &H226&
478. mlShellCode(254) = &H8DE84589
479. mlShellCode(255) = &H6A50EC45
480. mlShellCode(256) = &HE875FF28
481. mlShellCode(257) = &H24BE8
482. mlShellCode(258) = &HFC00B00
483. mlShellCode(259) = &H11584
484. mlShellCode(260) = &HF4458D00
485. mlShellCode(261) = &H20606850
486. mlShellCode(262) = &H6A0040
487. mlShellCode(263) = &H22DE8
488. mlShellCode(264) = &H74C00B00
489. mlShellCode(265) = &HF045C722
490. mlShellCode(266) = &H1&
491. mlShellCode(267) = &H2FC45C7
492. mlShellCode(268) = &H6A000000
493. mlShellCode(269) = &H6A006A00
494. mlShellCode(270) = &HF0458D00
495. mlShellCode(271) = &HFF006A50
496. mlShellCode(272) = &H1E8EC75
497. mlShellCode(273) = &HFF000002
498. mlShellCode(274) = &H6A0875
499. mlShellCode(275) = &H1F0FFF68
500. mlShellCode(276) = &H1CEE800
501. mlShellCode(277) = &H45890000
502. mlShellCode(278) = &H68046AE8
503. mlShellCode(279) = &H1000&
504. mlShellCode(280) = &H4F268
505. mlShellCode(281) = &HFF006A00
506. mlShellCode(282) = &HC1E8E875
507. mlShellCode(283) = &H89000001
508. mlShellCode(284) = &H6AE445
509. mlShellCode(285) = &H4F268
510. mlShellCode(286) = &H10006800
511. mlShellCode(287) = &H75FF0040
512. mlShellCode(288) = &HE875FFE4
513. mlShellCode(289) = &H1B9E8
514. mlShellCode(290) = &H30186800
515. mlShellCode(291) = &H86A0040
516. mlShellCode(292) = &H40300068
517. mlShellCode(293) = &HE475FF00
518. mlShellCode(294) = &HE8E875FF
519. mlShellCode(295) = &H1A2&
520. mlShellCode(296) = &H81E4558B
521. mlShellCode(297) = &H8C2&
522. mlShellCode(298) = &H6A006A00
523. mlShellCode(299) = &H52006A00
524. mlShellCode(300) = &H6A006A
525. mlShellCode(301) = &HE8E875FF
526. mlShellCode(302) = &H156&
527. mlShellCode(303) = &H144E850
528. mlShellCode(304) = &H18680000
529. mlShellCode(305) = &H6A004030
530. mlShellCode(306) = &H30006808
531. mlShellCode(307) = &H75FF0040
532. mlShellCode(308) = &HE875FFE4
533. mlShellCode(309) = &H151E8
534. mlShellCode(310) = &H58D00
535. mlShellCode(311) = &H8B004030
536. mlShellCode(312) = &H4408B10
537. mlShellCode(313) = &HCB685250
538. mlShellCode(314) = &H8D004020
539. mlShellCode(315) = &HFFFDD885
540. mlShellCode(316) = &H909050FF
541. End Function
543. '-------------------------------------------
544. ' 根据可执行文件的名称取回进程ID
545. ' 参数：可执行文件名(含扩展名)
546. ' 返回：进程ID。0表示无
547. '-------------------------------------------
548. Private Function GetProcessIdFromName(ByVal sName As String) As Long
549. Dim hSnapshot As Long
550. Dim lpPE As PROCESSENTRY32W
551. Dim lpWinlogon As Long
553. hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
554. Debug.Assert hSnapshot
555. lpPE.dwSize = Len(lpPE)
556. If Process32First(hSnapshot, lpPE) Then
557. lpWinlogon = StrPtr(sName)
558. Do
559. If lstrcmpi(lpPE.szExeFile(1), lpWinlogon) = 0 Then
560. GetProcessIdFromName = lpPE.h32ProcessID
561. Exit Do
562. End If
563. If Process32Next(hSnapshot, lpPE) = 0 Then Exit Do
564. Loop
565. End If
566. Call CloseHandle(hSnapshot)
567. End Function
相关阅读:
java设计模式之适配器模式
 在Eclipse中建立Maven Web项目
 java设计模式之原型模式
 java设计模式之建造者模式
 java设计模式之工厂模式
 java设计模式之单例模式
 C# 前端多次上传文件
 C# async 和 await
.NET 4.0 任务(Task)
C# 5.0
原文地址：https://www.cnblogs.com/love2wllw/p/1744885.html