想反编译VB6.0写的东西?你得多动动脑袋了!!!
VB6.0因为其编写方便,而被一些人一直称是"垃圾"计算机语言,今天在这里和大家共享几个反反编译的办法,希望对大家有用!
'--------------------------------------------------
1.检测程序是否被各类debug程式所加载研究!
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal dwFlags As Long, ByVal th32ProcessID As Long) As LongPrivate Declare Function Process32First Lib "kernel32" (ByVal hSnapShot As Long, lppe As PROCESSENTRY32) As LongPrivate Declare Function Process32Next Lib "kernel32" (ByVal hSnapShot As Long, lppe As PROCESSENTRY32) As LongPrivate Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As LongPrivate Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal blnheritHandle As Long, ByVal dwAppProcessId As Long) As Long Const MAX_PATH As Integer = 260Const TH32CS_SNAPPROCESS As Long = 2&Private Type PROCESSENTRY32 dwSize As Long cntUsage As Long th32ProcessID As Long th32DefaultHeapID As Long th32ModuleID As Long cntThreads As Long th32ParentProcessID As Long pcPriClassBase As Long dwFlags As Long szExeFile As String * 1024End TypePrivate Sub Command1_Click()If Opencsrss = True ThenMsgBox "发现调试器,请关闭", , "警告"ElseMsgBox "没有发现调试", , "恭喜"End IfEnd Sub Private Function Opencsrss() As Boolean'发现调试器返回TRUE,没有发现则返回FALSE On Error GoTo mapleDim Process As PROCESSENTRY32Dim hSnapShot As LongDim l1 As LongDim flag As BooleanDim mName As StringDim i As IntegerDim pid As Long, WOW As Long '注意这2个变量就用来存放2个IDhSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0&) '建立进程快照 If hSnapShot Then Process.dwSize = 1060 If (Process32First(hSnapShot, Process)) Then '遍历第一个进程,获得PROCESSENTRY32结构 Do i = InStr(1, Process.szExeFile, Chr(0)) '获得映像名称 mName = LCase(Left(Process.szExeFile, i - 1)) '并转换成小写 If mName = "csrss.exe" Then '是不是WOW.exe WOW = Process.th32ProcessID '获得进程ID End If Loop Until (Process32Next(hSnapShot, Process) < 1) '遍历所有进程直到返回值为False End If l1 = CloseHandle(hSnapShot) End If If WOW <> 0 Then Dim jiejie As Long jiejie = OpenProcess(1&, -1&, WOW) '测试打开能力 If jiejie <> 0 Then Opencsrss = True Else Opencsrss = False End If End IfExit Functionmaple:Opencsrss = False End Function
Private Sub Command1_Click() '假设这里是我们的注册过程,我们隔三差五随意将以下代码复制粘帖'------------------------------Dim ctime As DoubleDim dtime As Doublectime = Timerdtime = TimerIf dtime - ctime = 0 ThenMsgBox dtime - ctime, , "正常运行,经历时间:"'实际软件中,应该彻底隐蔽这些提示消息ElseMsgBox dtime - ctime, , "发现调试器,经历时间:"End If End Sub
Private Declare Sub GetStartupInfo Lib "kernel32" Alias "GetStartupInfoA" (lpStartupInfo As STARTUPINFO) Private Type STARTUPINFO '(createprocess) cb As Long lpReserved As Long lpDesktop As Long lpTitle As Long dwX As Long dwY As Long dwXSize As Long dwYSize As Long dwXCountChars As Long dwYCountChars As Long dwFillAttribute As Long dwFlags As Long wShowWindow As Integer cbReserved2 As Integer lpReserved2 As Long hStdInput As Long hStdOutput As Long hStdError As LongEnd Type Private Sub Command1_Click()If StartAnti = True ThenMsgBox "发现调试器,请关闭", , "警告"ElseMsgBox "没有发现调试器", , "通过"End IfEnd Sub Private Sub Form_Load()If StartAnti = True ThenMsgBox "发现调试器,请关闭", , "警告"ElseMsgBox "没有发现调试器", , "通过"End IfEnd Sub Private Function StartAnti() As BooleanDim Huanjing As STARTUPINFOGetStartupInfo HuanjingIf Huanjing.dwX <> 0 Or Huanjing.dwY <> 0 Or Huanjing.dwXCountChars <> 0 Or Huanjing.dwYCountChars <> 0 Or Huanjing.dwFillAttribute <> 0 Or Huanjing.dwXSize <> 0 Or Huanjing.dwYSize <> 0 ThenStartAnti = TrueElseStartAnti = FalseEnd IfEnd Function
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal dwFlags As Long, ByVal th32ProcessID As Long) As LongPrivate Declare Function Process32First Lib "kernel32" (ByVal hSnapShot As Long, lppe As PROCESSENTRY32) As LongPrivate Declare Function Process32Next Lib "kernel32" (ByVal hSnapShot As Long, lppe As PROCESSENTRY32) As LongPrivate Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As LongPrivate Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal blnheritHandle As Long, ByVal dwAppProcessId As Long) As LongPrivate Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As LongConst MAX_PATH As Integer = 260Const TH32CS_SNAPPROCESS As Long = 2&Private Type PROCESSENTRY32 dwSize As Long cntUsage As Long th32ProcessID As Long th32DefaultHeapID As Long th32ModuleID As Long cntThreads As Long th32ParentProcessID As Long pcPriClassBase As Long dwFlags As Long szExeFile As String * 1024End Type Private Sub Form_Load()FujinchengEnd Sub Private Sub Fujincheng() '这个过程是检测父进程的父进程是否是EXPLORE的父进程Dim Process As PROCESSENTRY32Dim hSnapShot As LongDim XNN As LongDim flag As BooleanDim mName As StringDim i As IntegerDim pid As Long, explorer As Long '注意这2个变量就用来存放2个ID hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0&) '建立进程快照'搜索explorer.exe进程,并获得其ID If hSnapShot Then Process.dwSize = 1060 If (Process32First(hSnapShot, Process)) Then '遍历第一个进程,获得PROCESSENTRY32结构 Do i = InStr(1, Process.szExeFile, Chr(0)) '获得映像名称 mName = LCase(Left(Process.szExeFile, i - 1)) '并转换成小写 If mName = "explorer.exe" Then '是不是explorer.exe explorer = Process.th32ProcessID ElseIf mName = LCase(App.EXEName & ".exe") Then '是不是自己 pid = Process.th32ParentProcessID '获得父进程ID Else flag = False End If Loop Until (Process32Next(hSnapShot, Process) < 1) '遍历所有进程直到返回值为False End If XNN = CloseHandle(hSnapShot) End If Dim Openit As Long Openit = OpenProcess(1&, -1&, pid) If pid <> explorer Then MsgBox "发现父进程调试", , "警告": TerminateProcess Openit, 0 End Sub
[解决办法]
我的程序都没几个人用呢,哪会有人破解- -!
[解决办法]
顶.......
[解决办法]
mark
[解决办法]
牛啊,支持!!
[解决办法]
学习
[解决办法]
非常好,大大地好!
[解决办法]
上有政策 下有对策....
[解决办法]
从LZ这篇文章学到了很多关于windows进程的知识。
谢谢。