@faso
+1
Ayrıca o şekilde söylediğim gibi %35 fixleyebilirsiniz çunki başkası teot'un titlesini değiştirerek sizin kodunuzu etkisiz bırakabilir. Bide şöyle birşey deneyelim..
Şimdi burada Programımızın ismini ve uzantısını yaparak kapatmayı gösteriyorum , title yerine uzantı ile kapatalım..
Forumunuza bir adet modul oluşturun ve içine aşağıdaki kodları kopyalayın ..
Option Explicit
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Public Declare Function Process32First Lib "kernel32" _
(ByVal hSnapshot As Long, lppe As PROCESSENTRY32) As Long
Public Declare Function Process32Next Lib "kernel32" _
(ByVal hSnapshot As Long, lppe As PROCESSENTRY32) As Long
Public Declare Function OpenProcess Lib "Kernel32.dll" _
(ByVal dwDesiredAccessas As Long, ByVal bInheritHandle As Long, _
ByVal dwProcId As Long) As Long
Public Declare Function EnumProcesses Lib "psapi.dll" _
(ByRef lpidProcess As Long, ByVal cb As Long, _
ByRef cbNeeded As Long) As Long
Public Declare Function GetModuleFileNameExA Lib "psapi.dll" _
(ByVal hProcess As Long, ByVal hModule As Long, _
ByVal ModuleName As String, ByVal nSize As Long) As Long
Public Declare Function EnumProcessModules Lib "psapi.dll" _
(ByVal hProcess As Long, ByRef lphModule As Long, _
ByVal cb As Long, ByRef cbNeeded As Long) As Long
Public Declare Function CreateToolhelp32Snapshot Lib "kernel32" _
(ByVal dwFlags As Long, ByVal th32ProcessID As Long) As Long
Public Declare Function GetVersionExA Lib "kernel32" _
(lpVersionInformation As OSVERSIONINFO) As Integer
Public Declare Function TerminateProcess Lib "kernel32" _
(ByVal hProcess As Long, ByVal uExitCode As Long) As Long
Public Declare Function GetExitCodeProcess Lib "kernel32" _
(ByVal hProcess As Long, lpExitCode As Long) As Long
Public Type PROCESSENTRY32
pe32Size As Long
pe32Usage As Long
pe32ProcessID As Long
pe32DefaultHeapID As Long
pe32ModuleID As Long
pe32Threads As Long
pe32ParentProcessID As Long
pe32PriClassBase As Long
pe32Flags As Long
pe32ExeFile As String * 260
End Type
Public Type OSVERSIONINFO
oviOSVersionInfoSize As Long
oviMajorVersion As Long
oviMinorVersion As Long
oviBuildNumber As Long
oviPlatformId As Long
oviCSDVersion As String * 128
End Type
Public Const PROCESS_QUERY_INFORMATION = 1024
Public Const PROCESS_VM_READ = 16
Public Const MAX_PATH = 260
Public Const STANDARD_RIGHTS_REQUIRED = &HF0000
Public Const SYNCHRONIZE = &H100000
Public Const PROCESS_ALL_ACCESS = &H1F0FFF
Public Const TH32CS_SNAPPROCESS = &H2&
Public Const lngNull = 0
Public Const PROCESS_TERMINATE = &H1&
Public Function KillProgramme(strProgrammeName As String) As Boolean
Select Case GetVersion()
Case 1
Dim lngReturn As Long
Dim strName As String
Dim lngSnap As Long
Dim pe32Process As PROCESSENTRY32
lngSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
If lngSnap = lngNull Then Exit Function
pe32Process.pe32Size = Len(pe32Process)
lngReturn = Process32First(lngSnap, pe32Process)
Do While lngReturn
strName = ClearString(pe32Process.pe32ExeFile)
strName = Trim(Replace(strName, Chr(0), ""))
If Right(strName, Len(strProgrammeName)) = strProgrammeName Then
If KillProcess(pe32Process.pe32ProcessID) Then KillProgramme = True
Exit Function
End If
lngReturn = Process32Next(lngSnap, pe32Process)
Loop
Case 2
Dim lngCB As Long
Dim lngCBNeeded As Long
Dim lngNumElements As Long
Dim arrProcessIDs() As Long
Dim lngCBNeeded2 As Long
Dim arrModules(1 To 200) As Long
Dim lngReturn2 As Long
Dim strModuleName As String
Dim lngSize As Long
Dim lngProcess As Long
Dim lngCounter As Long
lngCB = 8
lngCBNeeded = 96
Do While lngCB <= lngCBNeeded
lngCB = lngCB * 2
ReDim arrProcessIDs(lngCB / 4) As Long
lngReturn2 = EnumProcesses(arrProcessIDs(1), lngCB, lngCBNeeded)
Loop
lngNumElements = lngCBNeeded / 4
For lngCounter = 1 To lngNumElements
lngProcess = OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_READ, 0, arrProcessIDs(lngCounter))
If lngProcess <> 0 Then
lngReturn2 = EnumProcessModules(lngProcess, arrModules(1), 200, lngCBNeeded2)
If lngReturn2 <> 0 Then
strModuleName = Space(MAX_PATH)
lngSize = 500
lngReturn2 = GetModuleFileNameExA(lngProcess, arrModules(1), strModuleName, lngSize)
strModuleName = Trim(Replace(strModuleName, Chr(0), ""))
If Right(strModuleName, Len(strProgrammeName)) = strProgrammeName Then
If KillProcess(arrProcessIDs(lngCounter)) Then KillProgramme = True
Exit Function
End If
End If
End If
lngReturn2 = CloseHandle(lngProcess)
Next
End Select
End Function
Public Function KillProcess(lProcessID As Long) As Boolean
Dim lngHandle As Long
Dim lngReturn As Long
Dim lngExitCode As Long
lngHandle = OpenProcess(PROCESS_TERMINATE, 0, lProcessID)
lngReturn = GetExitCodeProcess(lngHandle, lngExitCode)
lngReturn = TerminateProcess(lngHandle, lngExitCode)
lngReturn = CloseHandle(lngHandle)
If lngReturn <> 0 Then KillProcess = True
End Function
Public Function ProgrammeIsRunning(strProgrammeName) As Long
Select Case GetVersion()
Case 1
Dim lngReturn As Long
Dim strName As String
Dim lngSnap As Long
Dim pe32Process As PROCESSENTRY32
lngSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
If lngSnap = lngNull Then Exit Function
pe32Process.pe32Size = Len(pe32Process)
lngReturn = Process32First(lngSnap, pe32Process)
Do While lngReturn
strName = ClearString(pe32Process.pe32ExeFile)
strName = Trim(Replace(strName, Chr(0), ""))
If Right(strName, Len(strProgrammeName)) = strProgrammeName Then
ProgrammeIsRunning = pe32Process.pe32ProcessID
Exit Function
End If
lngReturn = Process32Next(lngSnap, pe32Process)
Loop
Case 2
Dim lngCB As Long
Dim lngCBNeeded As Long
Dim lngNumElements As Long
Dim arrProcessIDs() As Long
Dim lngCBNeeded2 As Long
Dim lngNumElements2 As Long
Dim arrModules(1 To 200) As Long
Dim lngReturn2 As Long
Dim strModuleName As String
Dim lngSize As Long
Dim lngProcess As Long
Dim hProcess As Long
lngCB = 8
lngCBNeeded = 96
Do While lngCB <= lngCBNeeded
lngCB = lngCB * 2
ReDim arrProcessIDs(lngCB / 4) As Long
lngReturn2 = EnumProcesses(arrProcessIDs(1), lngCB, lngCBNeeded)
Loop
lngNumElements = lngCBNeeded / 4
For hProcess = 1 To lngNumElements
lngProcess = OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_READ, 0, arrProcessIDs(hProcess))
If lngProcess <> 0 Then
lngReturn2 = EnumProcessModules(lngProcess, arrModules(1), 200, lngCBNeeded2)
If lngReturn2 <> 0 Then
strModuleName = Space(MAX_PATH)
lngSize = 500
lngReturn2 = GetModuleFileNameExA(lngProcess, arrModules(1), strModuleName, lngSize)
strModuleName = Trim(Replace(strModuleName, Chr(0), ""))
If Right(strModuleName, Len(strProgrammeName)) = strProgrammeName Then
ProgrammeIsRunning = arrProcessIDs(hProcess)
Exit Function
End If
End If
End If
lngReturn2 = CloseHandle(lngProcess)
Next
End Select
End Function
Function ClearString(strString As String) As String
ClearString = Left$(strString, Len(strString) - 1)
End Function
Public Function GetVersion() As Long
Dim oviOSInfo As OSVERSIONINFO
Dim lngReturn As Integer
oviOSInfo.oviOSVersionInfoSize = 148
oviOSInfo.oviCSDVersion = Space$(128)
lngReturn = GetVersionExA(oviOSInfo)
GetVersion = oviOSInfo.oviPlatformId
End Function
Modülümüzü kayıt ettikten sonra foruma bir adet Timer nesnesi ekliyoruz , timer nesnemizin ismi hilekapat olsun.
Timerimizin Properties penceresindeki ayarları şöyle olsun ;
name = hilekapat
enabled = true
Interval = 1000
' ekledikten sonra timer nesnemizin kod bölümüne aşağıdakileri giriyoruz veya istediğiniz programı kapatmayı .. (bu sayede msni kapatan program yapmıştı bir arkadaş
, Bide başlangıçta çalışan programlar arasına eklemişti regedit aracılığı ile tamam işte ufak bir trojen :P)
KillProgramme "injection.exe"
KillProgramme "MultiUO.exe"
KillProgramme "ilaunch.exe"
KillProgramme "UOkey.exe"
KillProgramme "YoPad.exe"
KillProgramme "teot.exe"
KillProgramme "injection.exe"
KillProgramme "injection1.exe"
KillProgramme "injection2.exe"
KillProgramme "injection3.exe"
KillProgramme "injection4.exe"
KillProgramme "inj.exe"
KillProgramme "MultiUO.exe"
KillProgramme "ilaunch.exe"
KillProgramme "UOkey.exe"
KillProgramme "YoPad.exe"
KillProgramme "teot.exe"
KillProgramme "teot1.exe"
KillProgramme "teot2.exe"
KillProgramme "teot3.exe"
KillProgramme "teot4.exe"
KillProgramme "teot5.exe"
KillProgramme "teot6.exe"
KillProgramme "teot7.exe"
Evet yukarıdaki programları tanıttıktan sonra Start a basıyoruz ve herhangi birini deniyoruz ..
Bu tarz kodları kullanarak geliştirmek sizin hayal gücünüze kalmış.
![[Lancelot]](datas/avatars/17379-avatar.gif){kind=avatar}
