Using VB to implement program stealth

In some systems, programs are often required to be hidden for specific purposes, such as the background monitoring system, Trojan Control Program, and source code anti-copy in the DCS (Distributed Control System, to reduce the risks of detection, interception, and disassembly. This functional module requires that the program not only does not appear on the desktop during running, but cannot be found by the operator from the Task Manager List.
 
Principle of program stealth
 
For an invisible program, the most basic requirements are:
1. The interface is not displayed on the desktop;
2. the icon does not appear in the taskbar;
3. the program name disappears from the Task Manager List.
 
For the first point above, you can set the visible attribute of form to false.
To remove the icon from the taskbar, change showintaskbar of form to false.
In Windows, you can call registerviceprocess in the win API function to implement the third requirement.
The above functions are easily implemented by any advanced programming language, such as Vc, Delphi, VB, and Pb.

The stealth function is mostly used for trojan programs, but the trojan program is illegal in many countries and regions. For ease of understanding, this article uses VB to describe an anti-copy program instance. Obtain the serial number (Disk ID) of the disk where the software installation path is located. The following program aims to explain the compilation and application of the stealth program, and simplifies the anti-copy content of the program to a certain extent.
 
Example of program stealth

The procedure is as follows:
 
1. Create a project project1 In The VB6.0 programming environment.
2. Add module modulel in project1, change the project name to hiddenmen in the project properties, and change the application title to hiddenmen (the following programs have been tested and can be copied and used as they are ).
Add the following statement to module module1:
Public declare function getcurrentprocessid lib "Kernel32" () as long
'Get the declaration of the current process ID function
Public declare function registerserviceprocess lib "Kernel32" (byval processid as long, byval serviceflags as long) as long
'Register the declaration of the current process ID function in the system
3. Create a new form form1 in project1 and set the attributes of form1:
Form1.visible = false
Form1.showintaskbar = false
Add the following code in the code window:
Private declare function getdrivetype lib "Kernel32" alias "getdrivetypea" (byval ndrive as string) as long
'Get the declaration of the current drive type Function
Private declare function getvolumeinformation lib "Kernel32" alias "getvolumeinformationa" (byval lprootpathname

String, byval lpvolumenamebuffer as string, byval nvolumenamesize as long, lpvolumeserialnumber as long,

Lpmaximumcomponentlength as long, lpfilesystemflags as long, byval lpfilesystemnamebuffer as string, byval

Nfilesystemnamesize as long) as long
'Get the declaration of the current drive information function
Private sub form_load ()
Dim drive_no as long, drive_flag as long
Dim drive_chr as string, drive_disk as string
Dim serial_no as long, KKK as long
Dim stemp3 as string, dflag as Boolean
Dim strlabel as string, strtype as string, STRC as long
Registerserviceprocess getcurrentprocessid, 1' cancels the current process from the system
Strlabel = string (255, CHR (0 ))
Strtype = string (255, CHR (0 ))
Stemp3 = "172498135", which is the serial number (in decimal format) of the author's drive C. You can change it as needed.
Dflag = false
For drive_no = 0 to 25
Drive_disk = Chr (drive_no + 67)
Drive_chr = drive_disk & ":/"
Drive_flag = GetDriveType (drive_chr)
If drive_flag = 3 Then
Kkk = GetVolumeInformation (drive_chr, strlabel, Len (strlabel), serial_no, 0, 0, strtype, Len (strtype )'

GetVolumeInformation
Select Case drive_no
Case 0
Strc = serial_no
End Select
If serial_no = stemp3 Then
Dflag = True
Exit
End If
End If
Next drive_no
If drive_no = 26 And dflag = False Then 'invalid user
GoTo err:
End If
MsgBox ("HI, valid user !")
Exit Sub
Err:
MsgBox ("error! Your C: the disk ID is "& strc)
End Sub
Private Sub Form_Unload (Cancel As Integer)
RegisterServiceProcess GetCurrentProcessId, 0' cancels the process of the current program from the system
End Sub
 
Compile and run the above program code, and a similar "error occurs! In the 172498135 dialog box, press Ctrl + Alt + Del to check whether the program name "HiddenMen" is in the Task Manager List. If you slightly modify the above program, you can add it to your specific program. The program is running in an invisible way, And the predefined function is completed without knowing it.