Image default
Softorial

Virus Tutorial – Show The Process On Windows XP With Visual Basic ( Source Code Showkillprocess )

Hello Indonesian VX. Now I will explain Showkillprocess and the source code. Showkillprocess useful to see the process in Windows. In fact this Showkillprocess source code is in www.freevbcode.com, but before now that is only work complete on Windows 98. Work complete means it can show Base Priority ( BP ) and Number Of Threads ( NT ), while if using Windows XP the BP and NT not shown. The source code will modify in here. So it can work complete in WinnXP.

 

BASE PRIORITY ( BP )

What is Base Of Priority? Base Of Priority ( BP ) is threads scheduler that do by Windows to regulate which thread will run appropriate with priority. Base priority consist of 1 number ( for  the lowest ) and 31 ( for the highest ).

Priority divided by 2 :

  1. Priority Class.
  2. Priority Level.

 

PRIORITY CLASS

 

In VB there are priority class, that is :

IDLE_PRIORITY_CLASS
NORMAL_PRIORITY_CLASS
HIGH_PRIORITY_CLASS
REALTIME_PRIORITY_CLASS

VB will use NORMAL_PRIORITY_CLASS as a default in windows. But VB serve for CreateProcess () too to determine the priority process. Another function that can be use is GetPriorityClass() and SetPriorityClass().

PRIORITY LEVEL

In priority level divided by 7, that is :

THREAD_PRIORITY_IDLE
THREAD_PRIORITY_LOWEST
THREAD_PRIORITY_BELOW_NORMAL
THREAD_PRIORITY_NORMAL
THREAD_PRIORITY_ABOVE_NORMAL
THREAD_PRIORITY_HIGHEST
THREAD_PRIORITY_TIME_CRITICAL

In VB that process will set THREAD_PRIORITY_NORMAL as a default. Then how is in virus? We can set the priority for our virus to the highest priority, that is THREAD_PRIORITY_TIME_CRITICAL or THREAD_PRIORITY_HIGHEST so that virus can not be killed.

This below is priority table on win9x can be downloaded, you can find yourself for winXP.

What about virus priority? For virus process that the process name same as file system in Windows different with the priority, example :

————————————————————
PROCESS NAME | BP Windows | NT Windows |BP Virus | NT Virus |
————————————————————-
lsass.exe | 9 | 17 | 8 | 1 |
services.exe | 9 | 14 | 8 | 1 |
smss.exe | 11 | 3 | 8 | 1 |
csrss.exe | 13 | 11 | 8 | 1 |
spoolsv.exe | 8 | 11 | 8 | 1 |
————————————————————

 

In the fact it is many. But it is very tired to write that. And in Windows Server 2K, BP and NT virus is ‘8’ and ‘2’.

 

SHOWKILL PROCESS

 

While showkillprocess have 4 class itself that use to detect process :

OpenProcess : Useful to open process.

TerminateProcess : Useful to non-activate the process.

Process32First : Useful to look the first process.

Process32Next : Useful to look the next process.

 

To try Showkillprocess, try to download on the link below :

Download Program ShowKillProcess for win XP

 

And for the source code on :

Download Source Code Program ShowKillProcess for win XP

Ok, have a try…

overlord@virologi.info

Related posts

Virus Tutorial – Run the OS command with VB without create the Batch File

adminviro

Virus Tutorial – Make A virus = Produce Money

adminviro

Hacking or Cracking – Break The Javascript Protection

adminviro

Leave a Comment