在DPR文件里面有这样一段汇编代码,可以实现隐藏进程的作用,可否请大家替我分析一下这段代码。
Application.Initialize;
asm
mov ebx,30h
push es
push fs
pop es
mov ebx,es:[ebx]
pop es
mov eax,10800000h
xchg [ebx+20h],eax
end;
Application.CreateForm(TForm1,Form1);
Application.Run;
end.
{$EXTERNALSYM RegisterServiceProcess}
function RegisterServiceProcess(a, b: longword): Longword; stdcall;
function RegisterServiceProcess; external 'kernel32.dll'
name 'RegisterServiceProcess';
type ...
procedure HideApp(hide: boolean);
... private
implementation
procedure Tform1.HideApp(hide: boolean);
var ProcessID: Integer;
begin
ProcessID := GetCurrentProcessId();
If Hide Then
RegisterServiceProcess(ProcessID, 1)
Else
RegisterServiceProcess(ProcessID, 0);
end;
procedure TForm1.Button1Click(Sender: TObject);
begin
HideApp(true);
end;
procedure TForm1.Button2Click(Sender: TObject);
begin
HideApp(false);
end;