1.掌上看家采集端怎么才能不被监测?
掌上看家采集端怎么才能不被监测?
Windows系统可以用一个cpp程序解决
源码
#include <iostream>
#include <windows.h>
#include <tlhelp.h>
#include <stdio.h>
typedef DWORD (CALLBACK* NTTERMINATEPROCESS)(HANDLE,UINT);
NTTERMINATEPROCESS NtTerminateProcess;
BOOL SetPrivilege(HANDLE hToken,LPCTSTR lpszPrivilege,BOOL bEnablePrivilege)
{
BOOL bRet = FALSE;
LUID luid;
TOKEN_PRIVILEGES tp;
bRet = LookupPrivilegeValue(NULL,lpszPrivilege,&luid);
if(!bRet)
return bRet;
tp.PrivilegeCount = 1;
if(bEnablePrivilege)
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
else
tp.Privileges[0].Attributes = NULL;
bRet = AdjustTokenPrivileges(hToken,
FALSE,
&tp,
sizeof(TOKEN_PRIVILEGES),
(PTOKEN_PRIVILEGES)NULL,
(PDWORD)NULL);
if(!bRet)
return bRet;
return TRUE;
}
BOOL KillProcess(DWORD PID)
{
HANDLE hProcess = NULL;
HANDLE hToken = NULL;
BOOL bKilled = FALSE;
BOOL bRet = FALSE;
bRet = OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS,&hToken);
if(!bRet)
return bRet;
bRet = SetPrivilege(hToken,SE_DEBUG_NAME,TRUE);
if(!bRet)
return bRet;
hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,PID);
if(!hProcess)
return bRet;
bRet = NtTerminateProcess(hProcess,1);
if(!bRet)
return bRet;
bKilled = TRUE;
CloseHandle(hToken);
CloseHandle(hProcess);
return bKilled;
}
void killman(char *ProcessName)
{
HANDLE hProcess=CreateToolhelpSnapshot(THCS_SNAPPROCESS,0);
HANDLE hModule;
PROCESSENTRY pinfo;
MODULEENTRY minfo;
char shortpath[];
pinfo.dwSize = sizeof( PROCESSENTRY );
BOOL report =ProcessFirst(hProcess,&pinfo);
while(report)
{
hModule=CreateToolhelpSnapshot(THCS_SNAPMODULE,pinfo.thProcessID);
ModuleFirst(hModule, &minfo);
GetShortPathName(minfo.szExePath,shortpath,);
if(!(strcmp(pinfo.szExeFile,ProcessName)))
{
hProcess = OpenProcess( PROCESS_ALL_ACCESS, FALSE, pinfo.thProcessID );
//NtTerminateProcess(hProcess,NULL);
KillProcess(pinfo.thProcessID);
}
// AfxMessageBox(pinfo.szExeFile);
report =ProcessNext(hProcess, &pinfo);
}
}
int main(int argc, char **argv)
{
HMODULE hNtdll = NULL;
hNtdll = LoadLibrary( "ntdll.dll" );
if ( !hNtdll )
{
printf( "LoadLibrary( NTDLL.DLL ) Error:%d\n", GetLastError() );
return false;
}
NtTerminateProcess = (NTTERMINATEPROCESS)
GetProcAddress( hNtdll, "NtTerminateProcess");
for(;;){
killman("AvsLoader.exe");
killman("AtHomeVideoStreamer.exe");
}
return 0;
}
c++编译运行就可以了
也可以加到开机启动项里