Dual-process protection (three methods)

# Include <windows. h>
# Include <stdio. h>

Dword winapi ThreadProc (
LPVOID lpParameter // thread data
)
{
Char * pName = (char *) lpParameter;
HANDLE hMutex;
STARTUPINFO si = {sizeof (si )};
PROCESS_INFORMATION pi = {0 };

While (true)
{
HMutex = OpenMutex (MUTEX_ALL_ACCESS, FALSE, pName); // enable mutex
If (! HMutex)
{
CreateProcess (pName, NULL, FALSE, NULL, & si, & pi); // create the process test2.exe
WaitForSingleObject (pi. hProcess, INFINITE );
CloseHandle (pi. hProcess );
CloseHandle (pi. hThread );
}
Else
{
CloseHandle (hMutex );
}

Sleep (1 );
}

}

Int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd)
{
DWORD ThreadId;

CreateMutex (NULL, TRUE, "Test2.exe ");
CreateThread (NULL, 0, ThreadProc, (LPVOID *) "Test1.exe", 0, & ThreadId );

While (true) // This is to prevent the program from exiting, and write some practical code to the normal file.
{
Sleep (1000 );
}

Return 0;
}
# Include <windows. h>
# Include <stdio. h>

Dword winapi ThreadProc (
LPVOID lpParameter // thread data
)
{
Char * pName = (char *) lpParameter;
HANDLE hMutex;
STARTUPINFO si = {sizeof (si )};
PROCESS_INFORMATION pi = {0 };

While (true)
{
HMutex = OpenMutex (MUTEX_ALL_ACCESS, FALSE, pName); // enable mutex
If (! HMutex)
{
CreateProcess (pName, NULL, FALSE, NULL, & si, & pi); // create the process test2.exe
WaitForSingleObject (pi. hProcess, INFINITE );
CloseHandle (pi. hProcess );
CloseHandle (pi. hThread );
}
Else
{
CloseHandle (hMutex );
}

Sleep (1 );
}

}

Int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd)
{
DWORD ThreadId;

CreateMutex (NULL, TRUE, "Test2.exe ");
CreateThread (NULL, 0, ThreadProc, (LPVOID *) "Test1.exe", 0, & ThreadId );

While (true) // This is to prevent the program from exiting, and write some practical code to the normal file.
{
Sleep (1000 );
}

Return 0;
}

Secret is the test1.execode, And the test2.exe Code only needs to modify the following information.

CreateMutex (NULL, TRUE, "Test2.exe"); // change test2.exeto test1.exe
CreateThread (NULL, 0, ThreadProc, (LPVOID *) "Test1.exe", 0, & ThreadId); // change test1.exeto test2.exe

**************************************** **************************************** **************************************** **************************************** **************************************** **************************************** **************************************** **************************************** **************************************** **************************************** **************************************** *******

The following code is better, because the "End Process Tree" in the task manager can end the above program, but the following code cannot end. However, both codes can end with IceSword and ProcessExplorer.

# Include <windows. h>
# Define ID_TIMER 1

Lresult callback WndProc (HWND, UINT, WPARAM, LPARAM );

Int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance,
PSTR szCmdLine, int iCmdShow)
{
Static TCHAR szAppName [] = TEXT ("MyWindow ");
HWND hwnd;
MSG msg;
WNDCLASS wndclass;

CreateMutex (NULL, TRUE, TEXT ("The_first_program"); // prevents program running on multiple instances
If (GetLastError () = ERROR_ALREADY_EXISTS) // if the instance already exists, exit
Return 0;
Wndclass. style = CS_HREDRAW | CS_VREDRAW;
Wndclass. lpfnWndProc = WndProc;
Wndclass. cbClsExtra = 0;
Wndclass. cbWndExtra = 0;
Wndclass. hInstance = hInstance;
Wndclass. hIcon = LoadIcon (NULL, IDI_APPLICATION );
Wndclass. hCursor = LoadCursor (NULL, IDC_ARROW );
Wndclass. hbrBackground = (HBRUSH) GetStockObject (WHITE_BRUSH );
Wndclass. lpszMenuName = NULL;
Wndclass. lpszClassName = szAppName;

If (! RegisterClass (& wndclass ))
{
MessageBox (NULL, TEXT ("this program must run under NT! "), SzAppName, MB_ICONERROR );
Return 0;
}

Hwnd = CreateWindow (szAppName, // window class name
TEXT ("The_First_Program"), // window caption
WS_OVERLAPPEDWINDOW, // window style
CW_USEDEFAULT, // initial x position
CW_USEDEFAULT, // initial y position
CW_USEDEFAULT, // initial x size
CW_USEDEFAULT, // initial y size
NULL, // parent window handle
NULL, // window menu handle
HInstance, // program instance handle
NULL); // creation parameters

While (GetMessage (& msg, NULL, 0, 0 ))
{
TranslateMessage (& msg );
DispatchMessage (& msg );
}
Return msg. wParam;
}

Lresult callback WndProc (HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)
{
HANDLE hMutex;
HMutex = CreateMutex (NULL, TRUE, TEXT ("The_Second_Program "));
If (GetLastError () = ERROR_ALREADY_EXISTS)
CloseHandle (hMutex );
Else
{
CloseHandle (hMutex );
WinExec ("sec.exe", SW_HIDE); // run sec.exe
}
Switch (message)
{
Case WM_CREATE:
SetTimer (hwnd, ID_TIMER, 10, NULL );
Return 0;

Case WM_TIMER:
Return 0;

Case WM_DESTROY:
KillTimer (hwnd, ID_TIMER );
PostQuitMessage (0 );
Return 0;
}
Return DefWindowProc (hwnd, message, wParam, lParam );
}
*/

/*
# Include <windows. h>
# Define ID_TIMER 1

Lresult callback WndProc (HWND, UINT, WPARAM, LPARAM );

Int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance,
PSTR szCmdLine, int iCmdShow)
{
Static TCHAR szAppName [] = TEXT ("MyWindow ");
HWND hwnd;
MSG msg;
WNDCLASS wndclass;

CreateMutex (NULL, TRUE, TEXT ("The_Second_Program "));
If (GetLastError () = ERROR_ALREADY_EXISTS)
Return 0;
Wndclass. style = CS_HREDRAW | CS_VREDRAW;
Wndclass. lpfnWndProc = WndProc;
Wndclass. cbClsExtra = 0;
Wndclass. cbWndExtra = 0;
Wndclass. hInstance = hInstance;
Wndclass. hIcon = LoadIcon (NULL, IDI_APPLICATION );
Wndclass. hCursor = LoadCursor (NULL, IDC_ARROW );
Wndclass. hbrBackground = (HBRUSH) GetStockObject (WHITE_BRUSH );
Wndclass. lpszMenuName = NULL;
Wndclass. lpszClassName = szAppName;

If (! RegisterClass (& wndclass ))
{
MessageBox (NULL, TEXT ("this program must run under NT! "), SzAppName, MB_ICONERROR );
Return 0;
}

Hwnd = CreateWindow (szAppName, // window class name
TEXT ("The_Second_Program"), // window caption
WS_OVERLAPPEDWINDOW, // window style
CW_USEDEFAULT, // initial x position
CW_USEDEFAULT, // initial y position
CW_USEDEFAULT, // initial x size
CW_USEDEFAULT, // initial y size
NULL, // parent window handle
NULL, // window menu handle
HInstance, // program instance handle
NULL); // creation parameters

While (GetMessage (& msg, NULL, 0, 0 ))
{
TranslateMessage (& msg );
DispatchMessage (& msg );
}
Return msg. wParam;
}

Lresult callback WndProc (HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)
{
Static HANDLE hMutex;
HMutex = CreateMutex (NULL, TRUE, TEXT ("The_first_program "));
If (GetLastError () = ERROR_ALREADY_EXISTS) CloseHandle (hMutex );
Else
{
CloseHandle (hMutex );
WinExec ("fir.exe", SW_HIDE); // run fir.exe
}

Switch (message)
{
Case WM_CREATE:
SetTimer (hwnd, ID_TIMER, 10, NULL );
Return 0;

Case WM_TIMER:
Return 0;

Case WM_DESTROY:
KillTimer (hwnd, ID_TIMER );
PostQuitMessage (0 );
Return 0;
}
Return DefWindowProc (hwnd, message, wParam, lParam );
}

**************************************** **************************************** **************************************** **************************************** **************************************** **************************************** **************************************** **************************************** **************************************** **************************************** **************************************** *******

The following code cannot end with IceSword or ProcessExplorer, and can end with SnipeSword. The disadvantage is that the CPU usage is too high.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
This is Code 1. During the test, you can always look at the task manager process, and the two processes will exchange cyclically
Although the CPU is 100%, the speed has not changed
To better understand my explanation of the dual-process daemon Technology
By Asm
If reprinted, please keep the integrity of the article,
And indicate from the Red wolf Safety Group http://www.wolfexp.net/
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
. 386
. Model flat, stdcall
Option casemap: none
Include windows. inc
Include kernel32.inc
Include user32.inc

Includelib kernel32.lib
Includelib user32.lib

. Data
SzFileName db '22222222.exe ', 0

. Data?
HSnapShot dd?
StProcess PROCESSENTRY32 <?>
StStartUp STARTUPINFO <?>
StProcInfo PROCESS_INFORMATION <?>
HInstance dd?
HWinList dd?
. Code
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>
_ Snapshot proc
Invoke RtlZeroMemory, addr stProcess, sizeof stProcess; clear stProcess, otherwise the process will overlap
Mov stProcess. dwSize, sizeof stProcess
Invoke createconlhelp32snapshot, TH32CS_SNAPPROCESS, addr stProcess;
Mov hSnapShot, eax; Save to handle
Invoke Process32First, hSnapShot, addr stProcess; review the first process
. While eax
Invoke lstrcmp, addr szFileName, addr stProcess. szExeFile alias comparison found 22222222.exe
. If eax = NULL; if yes, call _ Snapshot1 to refresh the snapshot.
Call _ Snapshot1
. Endif
Invoke Process32Next, hSnapShot, addr stProcess
. Endw
If the call _ Process example is not found, perform 22222222.exe.
Invoke ExitProcess, NULL; must exit, otherwise it will consume a lot of CPU, leading to a crash
_ Snapshot endp
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>
_ Snapshot1 proc
Invoke RtlZeroMemory, addr stProcess, sizeof stProcess
Mov stProcess. dwSize, sizeof stProcess
Invoke createconlhelp32snapshot, TH32CS_SNAPPROCESS, addr stProcess
Mov hSnapShot, eax
Invoke Process32First, hSnapShot, addr stProcess
. While eax
Invoke lstrcmp, addr szFileName, addr stProcess. szExeFile history refresh and start-up comparison found 22222222.exe
. If eax = NULL; if you find
Call _ Snapshot; refresh the Snapshot again
. Endif
Invoke Process32Next, hSnapShot, addr stProcess
. Endw
Call _ Process; if not found, execute it. After the execution is complete, exit.
Invoke ExitProcess, NULL
_ Snapshot1 endp
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
Create 22222222.exe with CreateProcess
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
_ Process proc
Invoke GetStartupInfo, addr stStartUp
Invoke CreateProcess, addr szFileName, NULL ,\
NORMAL_PRIORITY_CLASS, NULL, NULL, addr stStartUp, addr stProcInfo
Ret
_ Process endp
Start:
Call _ Snapshot
End start

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
This is code 2. During the test, you can always look at the task manager process, and the two processes will exchange cyclically
Although the CPU is 100%, the speed has not changed
To better understand my explanation of the dual-process daemon Technology
By Asm
If reprinted, please keep the integrity of the article,
And indicate from the Red wolf Safety Group http://www.wolfexp.net/
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
. 386
. Model flat, stdcall
Option casemap: none
Include windows. inc
Include kernel32.inc
Include user32.inc

Includelib kernel32.lib
Includelib user32.lib

. Data
SzFileName db '111111111.exe ', 0

. Data?
Pid dd?
HSnapShot dd?
StProcess PROCESSENTRY32 <?>
StStartUp STARTUPINFO <?>
StProcInfo PROCESS_INFORMATION <?>
HInstance dd?
HWinList dd?
. Code
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>
_ Snapshot proc
Invoke RtlZeroMemory, addr stProcess, sizeof stProcess
Mov stProcess. dwSize, sizeof stProcess
Invoke createconlhelp32snapshot, TH32CS_SNAPPROCESS, addr stProcess
Mov hSnapShot, eax
Invoke Process32First, hSnapShot, addr stProcess
. While eax
Invoke lstrcmp, addr szFileName, addr stProcess. szExeFile
. If eax = NULL
Call _ Snapshot1
. Endif
Invoke Process32Next, hSnapShot, addr stProcess
. Endw
Call _ Process
Invoke ExitProcess, NULL
_ Snapshot endp
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>
_ Snapshot1 proc
Invoke RtlZeroMemory, addr stProcess, sizeof stProcess
Mov stProcess. dwSize, sizeof stProcess
Invoke createconlhelp32snapshot, TH32CS_SNAPPROCESS, addr stProcess
Mov hSnapShot, eax
Invoke Process32First, hSnapShot, addr stProcess
. While eax
Invoke lstrcmp, addr szFileName, addr stProcess. szExeFile
. If eax = NULL
Call _ Snapshot
. Endif
Invoke Process32Next, hSnapShot, addr stProcess
. Endw
Call _ Process
Invoke ExitProcess, NULL
_ Snapshot1 endp
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>
_ Process proc
Invoke GetStartupInfo, addr stStartUp
Invoke CreateProcess, addr szFileName, NULL ,\
NORMAL_PRIORITY_CLASS, NULL, NULL, addr stStartUp, addr stProcInfo
Ret
_ Process endp
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>
Start:
Call _ Snapshot
End start