#include <windows.h>
#include <stdio.h>
DWORD WINAPI ThreadProc(
LPVOID lpParameter // thread data
)
{
char *pName = (char*)lpParameter;
HANDLE hMutex;
STARTUPINFO si={sizeof(si)};
PROCESS_INFORMATION pi={0};
while (true)
{
hMutex = OpenMutex(MUTEX_ALL_ACCESS,FALSE,pName); //打開(kāi)互斥量
if (!hMutex)
{
CreateProcess(pName,NULL,NULL,NULL,FALSE,NULL,NULL,NULL,&si,&pi);//創(chuàng)建進(jìn)程Test2.exe
WaitForSingleObject(pi.hProcess,INFINITE);
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
}
else
{
CloseHandle(hMutex);
}
Sleep(1);
}
}
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd )
{
DWORD ThreadId;
CreateMutex(NULL,TRUE,"Test2.exe");
CreateThread(NULL,0,ThreadProc,(LPVOID*)"Test1.exe",0,&ThreadId);
while (true) //這里是為了不讓程序退出�����,正常文件則寫(xiě)入一些實(shí)用代碼就可以了
{
Sleep(1000);
}
return 0;
}
#include <windows.h>
#include <stdio.h>
DWORD WINAPI ThreadProc(
LPVOID lpParameter // thread data
)
{
char *pName = (char*)lpParameter;
HANDLE hMutex;
STARTUPINFO si={sizeof(si)};
PROCESS_INFORMATION pi={0};
while (true)
{
hMutex = OpenMutex(MUTEX_ALL_ACCESS,FALSE,pName); //打開(kāi)互斥量
if (!hMutex)
{
CreateProcess(pName,NULL,NULL,NULL,FALSE,NULL,NULL,NULL,&si,&pi);//創(chuàng)建進(jìn)程Test2.exe
WaitForSingleObject(pi.hProcess,INFINITE);
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
}
else
{
CloseHandle(hMutex);
}
Sleep(1);
}
}
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd )
{
DWORD ThreadId;
CreateMutex(NULL,TRUE,"Test2.exe");
CreateThread(NULL,0,ThreadProc,(LPVOID*)"Test1.exe",0,&ThreadId);
while (true) //這里是為了不讓程序退出�,正常文件則寫(xiě)入一些實(shí)用代碼就可以了
{
Sleep(1000);
}
return 0;
}
上面是Test1.exe的代碼,Test2.exe的代碼只需要將下面信息修改一下即可��。
CreateMutex(NULL,TRUE,"Test2.exe");//Test2.exe改成Test1.exe
CreateThread(NULL,0,ThreadProc,(LPVOID*)"Test1.exe",0,&ThreadId); //Test1.exe改成Test2.exe
***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
下面的代碼更好一些�����,因?yàn)樵谌蝿?wù)管理器中用“結(jié)束進(jìn)程樹(shù)”是可以結(jié)束上面程序的�����,但下面的代碼是無(wú)法被結(jié)束的�。不過(guò)這兩個(gè)代碼都可以用IceSword與ProcessExplorer結(jié)束掉。
#include <windows.h>
#define ID_TIMER 1
LRESULT CALLBACK WndProc (HWND, UINT, WPARAM, LPARAM) ;
int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance,
PSTR szCmdLine, int iCmdShow)
{
static TCHAR szAppName[] = TEXT ("MyWindow") ;
HWND hwnd ;
MSG msg ;
WNDCLASS wndclass ;
CreateMutex(NULL, TRUE, TEXT("The_first_program")); //防止程序運(yùn)行多個(gè)實(shí)例
if (GetLastError() == ERROR_ALREADY_EXISTS) //若實(shí)例已經(jīng)存在就返回退出
return 0;
wndclass.style = CS_HREDRAW | CS_VREDRAW ;
wndclass.lpfnWndProc = WndProc ;
wndclass.cbClsExtra = 0 ;
wndclass.cbWndExtra = 0 ;
wndclass.hInstance = hInstance ;
wndclass.hIcon = LoadIcon (NULL, IDI_APPLICATION) ;
wndclass.hCursor = LoadCursor (NULL, IDC_ARROW) ;
wndclass.hbrBackground = (HBRUSH) GetStockObject (WHITE_BRUSH) ;
wndclass.lpszMenuName = NULL ;
wndclass.lpszClassName = szAppName ;
if(!RegisterClass (&wndclass))
{
MessageBox (NULL, TEXT ("此程序必須運(yùn)行在NT下!"), szAppName, MB_ICONERROR) ;
return 0;
}
hwnd = CreateWindow (szAppName, // window class name
TEXT ("The_First_Program"), // window caption
WS_OVERLAPPEDWINDOW, // window style
CW_USEDEFAULT, // initial x position
CW_USEDEFAULT, // initial y position
CW_USEDEFAULT, // initial x size
CW_USEDEFAULT, // initial y size
NULL, // parent window handle
NULL, // window menu handle
hInstance, // program instance handle
NULL) ; // creation parameters
while (GetMessage (&msg, NULL, 0, 0))
{
TranslateMessage (&msg) ;
DispatchMessage (&msg) ;
}
return msg.wParam ;
}
LRESULT CALLBACK WndProc (HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)
{
HANDLE hMutex;
hMutex = CreateMutex(NULL, TRUE, TEXT("The_Second_Program"));
if (GetLastError() == ERROR_ALREADY_EXISTS)
CloseHandle(hMutex);
else
{
CloseHandle(hMutex);
WinExec("sec.exe", SW_HIDE); //運(yùn)行sec.exe
}
switch (message)
{
case WM_CREATE:
SetTimer(hwnd, ID_TIMER, 10, NULL);
return 0;
case WM_TIMER:
return 0;
case WM_DESTROY:
KillTimer(hwnd, ID_TIMER);
PostQuitMessage (0) ;
return 0 ;
}
return DefWindowProc (hwnd, message, wParam, lParam) ;
}
*/
/*
#include <windows.h>
#define ID_TIMER 1
LRESULT CALLBACK WndProc (HWND, UINT, WPARAM, LPARAM) ;
int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance,
PSTR szCmdLine, int iCmdShow)
{
static TCHAR szAppName[] = TEXT ("MyWindow") ;
HWND hwnd ;
MSG msg ;
WNDCLASS wndclass ;
CreateMutex(NULL, TRUE, TEXT("The_Second_Program"));
if (GetLastError() == ERROR_ALREADY_EXISTS)
return 0 ;
wndclass.style = CS_HREDRAW | CS_VREDRAW ;
wndclass.lpfnWndProc = WndProc ;
wndclass.cbClsExtra = 0 ;
wndclass.cbWndExtra = 0 ;
wndclass.hInstance = hInstance ;
wndclass.hIcon = LoadIcon (NULL, IDI_APPLICATION) ;
wndclass.hCursor = LoadCursor (NULL, IDC_ARROW) ;
wndclass.hbrBackground = (HBRUSH) GetStockObject (WHITE_BRUSH) ;
wndclass.lpszMenuName = NULL ;
wndclass.lpszClassName = szAppName ;
if(!RegisterClass (&wndclass))
{
MessageBox (NULL, TEXT ("此程序必須運(yùn)行在NT下!"), szAppName, MB_ICONERROR) ;
return 0;
}
hwnd = CreateWindow (szAppName, // window class name
TEXT ("The_Second_Program"), // window caption
WS_OVERLAPPEDWINDOW, // window style
CW_USEDEFAULT, // initial x position
CW_USEDEFAULT, // initial y position
CW_USEDEFAULT, // initial x size
CW_USEDEFAULT, // initial y size
NULL, // parent window handle
NULL, // window menu handle
hInstance, // program instance handle
NULL) ; // creation parameters
while (GetMessage (&msg, NULL, 0, 0))
{
TranslateMessage (&msg) ;
DispatchMessage (&msg) ;
}
return msg.wParam ;
}
LRESULT CALLBACK WndProc (HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)
{
static HANDLE hMutex;
hMutex = CreateMutex(NULL, TRUE, TEXT("The_first_program"));
if (GetLastError() == ERROR_ALREADY_EXISTS) CloseHandle(hMutex);
else
{
CloseHandle(hMutex);
WinExec("fir.exe", SW_HIDE); //運(yùn)行fir.exe
}
switch (message)
{
case WM_CREATE:
SetTimer(hwnd, ID_TIMER, 10, NULL);
return 0;
case WM_TIMER:
return 0;
case WM_DESTROY:
KillTimer(hwnd, ID_TIMER);
PostQuitMessage (0) ;
return 0 ;
}
return DefWindowProc (hwnd, message, wParam, lParam) ;
}
***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
下面的代碼用IceSword與ProcessExplorer都無(wú)法結(jié)束掉��,用SnipeSword可以結(jié)束。缺點(diǎn)是CPU占用率實(shí)在太高��。
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;這個(gè)是代碼一�,測(cè)試過(guò)程中����,你們可以一直看著任務(wù)管理器進(jìn)程,兩個(gè)進(jìn)程會(huì)循環(huán)交換
;CPU雖然是100%,但是速度沒(méi)有改變
;就會(huì)更加明白我對(duì)雙進(jìn)程守護(hù)技術(shù)的解釋
;代碼編寫(xiě) By Asm
;如果轉(zhuǎn)載����,請(qǐng)保持文章的完整性,
;并且注明來(lái)源于 紅狼安全小組 http://www./
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.386
.model flat, stdcall
option casemap:none
include windows.inc
include kernel32.inc
include user32.inc
includelib kernel32.lib
includelib user32.lib
.data
szFileName db '22222222.exe',0
.data?
hSnapShot dd ?
stProcess PROCESSENTRY32 <?>
stStartUp STARTUPINFO <?>
stProcInfo PROCESS_INFORMATION <?>
hInstance dd ?
hWinList dd ?
.code
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_Snapshot proc
invoke RtlZeroMemory,addr stProcess,sizeof stProcess ;清空stProcess,不然進(jìn)程會(huì)重疊
mov stProcess.dwSize,sizeof stProcess
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,addr stProcess ;開(kāi)始?xì)v遍快照
mov hSnapShot,eax ;保存到句柄中
invoke Process32First,hSnapShot,addr stProcess ;歷遍第一個(gè)進(jìn)程
.while eax
invoke lstrcmp,addr szFileName,addr stProcess.szExeFile ;對(duì)比是否發(fā)現(xiàn)22222222.exe
.if eax == NULL ;如果發(fā)現(xiàn)了,就調(diào)用_Snapshot1刷新快照
call _Snapshot1
.endif
invoke Process32Next,hSnapShot,addr stProcess
.endw
call _Process ;如果沒(méi)發(fā)現(xiàn)���,就執(zhí)行22222222.exe
invoke ExitProcess,NULL ;一定要退出���,不然會(huì)大量消耗CPU導(dǎo)致死機(jī)
_Snapshot endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_Snapshot1 proc
invoke RtlZeroMemory,addr stProcess,sizeof stProcess
mov stProcess.dwSize,sizeof stProcess
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,addr stProcess
mov hSnapShot,eax
invoke Process32First,hSnapShot,addr stProcess
.while eax
invoke lstrcmp,addr szFileName,addr stProcess.szExeFile ;刷新并開(kāi)始對(duì)比是否發(fā)現(xiàn)22222222.exe
.if eax == NULL ;如果發(fā)現(xiàn)
call _Snapshot ;重新刷新快照重復(fù)
.endif
invoke Process32Next,hSnapShot,addr stProcess
.endw
call _Process ;如果沒(méi)發(fā)現(xiàn),就執(zhí)行它���,執(zhí)行完畢��,退出
invoke ExitProcess,NULL
_Snapshot1 endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;開(kāi)始調(diào)用CreateProcess創(chuàng)建22222222.exe
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_Process proc
invoke GetStartupInfo,addr stStartUp
invoke CreateProcess,addr szFileName,NULL,NULL,NULL,NULL,\
NORMAL_PRIORITY_CLASS,NULL,NULL,addr stStartUp,addr stProcInfo
ret
_Process endp
start:
call _Snapshot ;程序一開(kāi)始運(yùn)行就要馬上歷遍快照
end start
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;這個(gè)是代碼二�,測(cè)試過(guò)程中��,你們可以一直看著任務(wù)管理器進(jìn)程,兩個(gè)進(jìn)程會(huì)循環(huán)交換
;CPU雖然是100%,但是速度沒(méi)有改變
;就會(huì)更加明白我對(duì)雙進(jìn)程守護(hù)技術(shù)的解釋
;代碼編寫(xiě) By Asm
;如果轉(zhuǎn)載����,請(qǐng)保持文章的完整性,
;并且注明來(lái)源于 紅狼安全小組 http://www./
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.386
.model flat, stdcall
option casemap:none
include windows.inc
include kernel32.inc
include user32.inc
includelib kernel32.lib
includelib user32.lib
.data
szFileName db '111111111.exe',0
.data?
Pid dd ?
hSnapShot dd ?
stProcess PROCESSENTRY32 <?>
stStartUp STARTUPINFO <?>
stProcInfo PROCESS_INFORMATION <?>
hInstance dd ?
hWinList dd ?
.code
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_Snapshot proc
invoke RtlZeroMemory,addr stProcess,sizeof stProcess
mov stProcess.dwSize,sizeof stProcess
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,addr stProcess
mov hSnapShot,eax
invoke Process32First,hSnapShot,addr stProcess
.while eax
invoke lstrcmp,addr szFileName,addr stProcess.szExeFile
.if eax == NULL
call _Snapshot1
.endif
invoke Process32Next,hSnapShot,addr stProcess
.endw
call _Process
invoke ExitProcess,NULL
_Snapshot endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_Snapshot1 proc
invoke RtlZeroMemory,addr stProcess,sizeof stProcess
mov stProcess.dwSize,sizeof stProcess
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,addr stProcess
mov hSnapShot,eax
invoke Process32First,hSnapShot,addr stProcess
.while eax
invoke lstrcmp,addr szFileName,addr stProcess.szExeFile
.if eax == NULL
call _Snapshot
.endif
invoke Process32Next,hSnapShot,addr stProcess
.endw
call _Process
invoke ExitProcess,NULL
_Snapshot1 endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_Process proc
invoke GetStartupInfo,addr stStartUp
invoke CreateProcess,addr szFileName,NULL,NULL,NULL,NULL,\
NORMAL_PRIORITY_CLASS,NULL,NULL,addr stStartUp,addr stProcInfo
ret
_Process endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
start:
call _Snapshot
end start
