Hello Indonesian VX. Now I will explain Showkillprocess and the source code. Showkillprocess useful to see the process in Windows. In fact this Showkillprocess source code is in www.freevbcode.com, but before now that is only work complete on Windows 98. Work complete means it can show Base Priority ( BP ) and Number Of Threads ( NT ), while if using Windows XP the BP and NT not shown. The source code will modify in here. So it can work complete in WinnXP.
BASE PRIORITY ( BP )
What is Base Of Priority? Base Of Priority ( BP ) is threads scheduler that do by Windows to regulate which thread will run appropriate with priority. Base priority consist of 1 number ( for the lowest ) and 31 ( for the highest ).
Priority divided by 2 :
- Priority Class.
- Priority Level.
In VB there are priority class, that is :
VB will use NORMAL_PRIORITY_CLASS as a default in windows. But VB serve for CreateProcess () too to determine the priority process. Another function that can be use is GetPriorityClass() and SetPriorityClass().
In priority level divided by 7, that is :
In VB that process will set THREAD_PRIORITY_NORMAL as a default. Then how is in virus? We can set the priority for our virus to the highest priority, that is THREAD_PRIORITY_TIME_CRITICAL or THREAD_PRIORITY_HIGHEST so that virus can not be killed.
This below is priority table on win9x can be downloaded, you can find yourself for winXP.
What about virus priority? For virus process that the process name same as file system in Windows different with the priority, example :
PROCESS NAME | BP Windows | NT Windows |BP Virus | NT Virus |
lsass.exe | 9 | 17 | 8 | 1 |
services.exe | 9 | 14 | 8 | 1 |
smss.exe | 11 | 3 | 8 | 1 |
csrss.exe | 13 | 11 | 8 | 1 |
spoolsv.exe | 8 | 11 | 8 | 1 |
In the fact it is many. But it is very tired to write that. And in Windows Server 2K, BP and NT virus is ‘8’ and ‘2’.
While showkillprocess have 4 class itself that use to detect process :
OpenProcess : Useful to open process.
TerminateProcess : Useful to non-activate the process.
Process32First : Useful to look the first process.
Process32Next : Useful to look the next process.
To try Showkillprocess, try to download on the link below :
And for the source code on :
Ok, have a try…