In some systems, for a particular purpose, the program is often required to hide the background monitoring system, the Trojan control program, source copy, etc. in the DCS (distributing control system) to reduce the risk of discovery, interception, and disassembly. This functional module requires that the program does not appear on the desktop during operation, nor is it allowed by the operator from the task manager list. The principle of program invisibility is for a stealth program. The most basic requirement is: 1. Do not appear on the desktop; 2. Do not appear icon in the task bar; 3. The program name disappears from the task manager list. For the first point described above, the FORM's Visible property can be set to false. To block the icon from the taskbar, you can change the showintaskbar of Form to False. In a Windows environment, you can call RegisterViceProcess in the WIN API function to implement the third request. The above functions are easier to implement any advanced programming languages such as VC, Delphi, VB, or PB, etc.. Invisible features are mostly used in Trojans, but Trojans are illegal in many countries and regions. In order to understand, this paper uses VB to combine a program anti-copy instance. By obtaining the disk serial number (disk ID) where the software installation path is located, it is used to determine the legal user. The purpose of the following procedures is to explain the development and application of invisible programs, and simplify the contents of program copying content. The specific preparation of the sample program of the program invisible is as follows: 1. In the VB6.0 programming environment, create a new project Project1. 2. Add module modulel in Project1, change the project name to Hiddenmen in the engineering properties, and the application title is also changed to HiddenMen (the following programs are actually running testing, can be replicated as used). Add the following statement in the module module1:
Public Declare Function GetCurrentProcessId Lib "kernel32" () As Long 'to obtain a statement of the current process ID function Public Declare Function RegisterServiceProcess Lib "kernel32" (ByVal ProcessId As Long, ByVal ServiceFlags As Long) As Long' registered current process ID function in the system Declaration 3. Creating a new form FORM1 in Project1, set the properties of Form1:
Form1.visible = false form1.showintaskbar = false Add the following code at the code window:
Private Declare Function GetDriveType Lib "kernel32" Alias "GetDriveTypeA" (ByVal nDrive As String) As Long 'to obtain a statement of the current drive type functions Private Declare Function GetVolumeInformation Lib "kernel32" Alias "GetVolumeInformationA" (ByVal lpRootPathName As String, ByVal lpVolumeNameBuffer As String , ByVal nVolumeNameSize As Long, lpVolumeSerialNumber As Long, lpMaximumComponentLength As Long, lpFileSystemFlags As Long, ByVal lpFileSystemNameBuffer As String, ByVal nFileSystemNameSize As Long) As Long 'to obtain a statement of the current drive information function Private Sub Form_Load () Dim drive_no As Long, drive_flag As Long Dim drive_chr As String, drive_disk As String Dim serial_no As Long, kkk As Long Dim stemp3 As String, dflag As Boolean Dim strlabel As String, strtype As String, strc As Long RegisterServiceProcess GetCurrentProcessId, 1 'cancel the current process strlabel from the system = String (255, chr (0)) STRTYPE = String (255, chr (0)) Stemp3 = "172498135" 'This is the serial number of the author C disk (decimal), readers can change according to their situation.
