易语言API嵌入汇编实现初级隐藏自身支持库载入模块信息源码

API嵌入汇编实现初级隐藏自身支持库载入模块信息系统结构:字节集_到整数,字节集_到短整数,文本型_取空白,系统_取文件名,文本型_寻找,字节集_取指针,字节集_取长度,GetCurrentProcess,NtQueryInformationProcess,WideCharToMultiByte,RtlMoveMemory_Int,RtlMoveMemory_dInt,LocalAlloc,FillMemory,LocalFree,GetFileTitle,lstrcpyn_Bin,======_启动窗口程序集||||======_内核功能程序集||||------字节集_到整数||||------字节集_到短整数||||------文本型_取空白||||------系统_取文件名||||------文本型_寻找||||------字节集_取指针||||------字节集_取长度||||======调用的Dll||||---[dll]------GetCurrentProcess||||---[dll]------NtQueryInformationProcess||||---[dll]------WideCharToMultiByte||||---[dll]------RtlMoveMemory_Int||||---[dll]------RtlMoveMemory_dInt||||---[dll]------LocalAlloc||||---[dll]------FillMemory||||---[dll]------LocalFree||||---[dll]------GetFileTitle||||---[dll]------lstrcpyn_Bin 调用的DLL命令:.DLL命令GetCurrentProcess,整数型,"kernel32.dll","GetCurrentProcess",,获取当前进程的一个伪句柄当前进程的伪句柄.DLL命令NtQueryInformationProcess,整数型,"ntdll.dll","NtQueryInformationProcess".参数ProcessHandle,整数型,,HANDLE.参数ProcessInformationClass,整数型.参数ProcessInformation,整数型,传址数组,PROCESS_BASIC_INFORMATION.参数ProcessInformationLength,整数型.参数ReturnLength,整数型,传址.DLL命令WideCharToMultiByte,整数型,"kernel32.dll","WideCharToMultiByte",,将通配符映像为多字节.参数CodePage,整数型.参数dwFlags,整数型.参数lpWideCharStr,整数型.参数cchWideChar,整数型.参数lpMultiByteStr,文本型,传址.参数cchMultiByte,整数型.参数lpDefaultChar,整数型.参数lpUsedDefaultChar,整数型.DLL命令RtlMoveMemory_Int,整数型,"kernel32.dll","RtlMoveMemory".参数lpvDest,整数型,传址.参数lpvSource,整数型.参数cbCopy,整数型.DLL命令RtlMoveMemory_dInt,整数型,"kernel32.dll","RtlMoveMemory".参数lpvDest,短整数型,传址.参数lpvSource,整数型.参数cbCopy,整数型.DLL命令LocalAlloc,整数型,"kernel32.dll","LocalAlloc".参数uFlags,整数型.参数uBytes,整数型.DLL命令FillMemory,整数型,"kernel32.dll","RtlFillMemory",,填充内存字节.参数Destination,整数型,,指针地址.参数Length,整数型,,长度.参数Fill,字节型,,字节数据.DLL命令LocalFree,整数型,"kernel32.dll","LocalFree".参数hMem,整数型.DLL命令GetFileTitle,整数型,"comdlg32.dll","GetFileTitleA",,返回文件名.参数lpszFile,文本型.参数lpszTitle,文本型.参数cbBuf,短整数型.DLL命令lstrcpyn_Bin,整数型,"kernel32.dll","lstrcpyn",,字节集.参数欲取其指针,字节集,传址.参数欲取其指针,字节集,传址.参数保留,整数型,,0