以下代码是运用API实现的一种方法,还有一种方法是利用TextBox本身的KeyPress过程来实现的。

Option Explicit
DefInt A-Z
'DefInt (字母范围) 定义整型 -> 所有以A-Z字母开头的都是整型变量

Private Declare Function SetWindowLong Lib "user32" Alias "SetWindowLongA" (ByVal hWnd As Long, ByVal nIndex As Long, ByVal dwNewLong As Long) As Long
Private Declare Function
GetWindowLong Lib "user32" Alias "GetWindowLongA" (ByVal hWnd As Long, ByVal nIndex As Long) As Long

Private Const
GWL_STYLE = -16

Enum TxtBoxStyles
ES_UPPERCASE =
&H8& '大写
ES_LOWERCASE = &H10& '小写
ES_NUMBER = &H2000& '数字
End Enum

Public Sub
SetTxtBoxStyle(hWnd As Long, InputStyle As TxtBoxStyles)
Dim lngStyle As Long
lngStyle = GetWindowLong(hWnd, GWL_STYLE)
lngStyle = lngStyle
Or InputStyle
SetWindowLong hWnd, GWL_STYLE, Style
End Sub


为了方便新手,我在这里将用KeyPress过程实现同样效果的方法简单说明一下。

Private Sub Text1_KeyPress(KeyAscii As Integer)
'显示出按下键的Ascii码
Debug.Print KeyAscii
'不给输入 "a"、"s"、"d" 这三个字母
If KeyAscii = 97 And KeyAscii = 115 And KeyAscii = 100 Then
'当按下asd这三个按键时屏蔽
KeyAscii = 0
End If
End Sub



'*************************************************************
'******
'****** 类型:模块 作者:JiaJia Http://Www.YuLv.Net
'******
'*************************************************************
Option Explicit

'API声明
Private Declare Function SendMessageA Lib "user32" (ByVal hWnd As Long, ByVal wMsg As Long, ByVal wParam As Long, lParam As Any) As Long

'常量
Private Const LB_DIR = &H18D
Private Const DDL_DRIVES = &H4000 '磁盘
Private Const DDL_DIRECTORY = &H10 '文件夹
Private Const DDL_ARCHIVE = &H20
Private Const DDL_EXCLUSIVE = &H8000&
Private Const DDL_READWRITE = &H0 '读写
Private Const DDL_READONLY = &H1 '只读
Private Const DDL_HIDDEN = &H2 '隐藏
Private Const DDL_SYSTEM = &H4 '系统
Private Const DDL_POSTMSGS = &H2000

'-------------------------------------------------
'功能:用ListBox控件加载文件列表
'参数:lst - 指定的ListBox控件
' sPath - 指定目录
'-------------------------------------------------
Private Sub MyListBoxLoadFolder(ByRef lst As ListBox, _
ByVal sPath As String, _
Optional bShowFolders As Boolean = True)
On Error Resume Next
Dim
lngReturn As Long
Dim
lngFlags As Long

If
bShowFolders = False Then
lngFlags = DDL_EXCLUSIVE Or DDL_ARCHIVE Or DDL_SYSTEM Or DDL_HIDDEN
Else
lngFlags = DDL_EXCLUSIVE Or DDL_ARCHIVE Or DDL_SYSTEM Or DDL_HIDDEN Or DDL_DIRECTORY
End If

'清空列表
lst.Clear
'开始装载文件列表
lngReturn = SendMessageA(lst.hWnd, LB_DIR, lngFlags, ByVal sPath)
End Sub



举例:
MyListBoxLoadFolder List1, "c:\*.*"


.386
.model flat,stdcall
option casemap:none
include
windows.inc
include kernel32.inc
include user32.inc
includelib kernel32.lib
includelib user32.lib

.data
szMsg db 'Hello,World!',0
szTil db 'ASM Hello World.',0
.code

start:
invoke
MessageBox, NULL, offset szMsg, offset szTil, MB_OK or MB_ICONINFORMATION
call ExitProcess
end start




1、常规运用:(直接看代码)

Dim TestDateTime As Date = #1/27/2001 5:04:23 PM#
Dim TestStr As String
' Returns current system time in the system-defined long time format.
TestStr = Format(Now(), "Long Time")
' Returns current system date in the system-defined long date format.
TestStr = Format(Now(), "Long Date")
' Also returns current system date in the system-defined long date
' format, using the single letter code for the format.
TestStr = Format(Now(), "D")
' Returns the value of TestDateTime in user-defined date/time formats.
' Returns "5:4:23".
TestStr = Format(TestDateTime, "h:m:s")
' Returns "05:04:23 PM".
TestStr = Format(TestDateTime, "hh:mm:ss tt")
' Returns "Saturday, Jan 27 2001".
TestStr = Format(TestDateTime, "dddd, MMM d yyyy")
' Returns "17:04:23".
TestStr = Format(TestDateTime, "HH:mm:ss")
' Returns "23".
TestStr = Format(23)
' User-defined numeric formats.
' Returns "5,459.40".
TestStr = Format(5459.4, "##,##0.00")
' Returns "334.90".
TestStr = Format(334.9, "###0.00")
' Returns "500.00%".
TestStr = Format(5, "0.00%")


补充:
在日期Text控件中,显示金额时,都是100000 不便于判断是否对错,可以使用Fromat函数格式化显示
text1.text=fromat(text1.text,###,##0.00) 显示为100,000 .00 可以把真实的值存在.tag中

2、不同数值的不同格式
第一部分定义正值和零的格式,第二部分定义负值的格式。由于 Format 函数的 Style 参数采用字符串形式,因此在其两边加上引号。

Dim Style1 As String = "$#,##0;($#,##0)"


如果有几个分号,但分号之间没有任何内容,则缺少的部分使用正值的格式显示。例如,下列格式使用第一部分中的格式显示正值和负值,如果值为零,则显示 Zero。

Dim Style2 As String = "$#,##0;;\Z\e\r\o"




窗体部分代码:

Option Explicit

Private Sub cmdLock_Click()
If LockKeyboard(True) Then
cmdLock.Enabled = False
cmdUnLock.Enabled = True
End If
End Sub

Private Sub
cmdUnLock_Click()
If LockKeyboard(False) Then
cmdLock.Enabled = True
cmdUnLock.Enabled = False
End If
End Sub

Private Sub
Form_Load()
Dim bIsLock As Boolean
bIsLock = GetKeyboardState
cmdLock.Enabled =
Not bIsLock
cmdUnLock.Enabled = bIsLock
End Sub



模块部分代码:

Option Explicit
'是否包含处理其它键盘消息,True表示处理.
#Const INC_OTHER_KEY = True
'注意,以下所有双版本的API均声明成了 UNICODE 版。 并且许多地方与VB的API浏览器生成的代码有所不同。
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function
ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function
WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function
GlobalAddAtom Lib "kernel32" Alias "GlobalAddAtomW" (ByVal lpString As Long) As Integer
Private Declare Function
GlobalDeleteAtom Lib "kernel32" (ByVal nAtom As Integer) As Integer
Private Declare Function
GlobalFindAtom Lib "kernel32" Alias "GlobalFindAtomW" (ByVal lpString As Long) As Integer
Private Const
TH32CS_SNAPPROCESS = 2
Private Type PROCESSENTRY32W
dwSize
As Long
cntUsage As Long
h32ProcessID As Long ' // this process
th32DefaultHeapID As Long '
h32ModuleID As Long ' // associated exe
cntThreads As Long '
th32ParentProcessID As Long ' // this process's parent process
pcPriClassBase As Long ' // Base priority of process's threads
dwFlags As Long '
szExeFile(1 To 260) As Integer ' // Path
End Type
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal dwFlags As Long, ByVal th32ProcessID As Long) As Long
Private Declare Function
Process32First Lib "kernel32" Alias "Process32FirstW" (ByVal hSnapshot As Long, lpPE As PROCESSENTRY32W) As Long
Private Declare Function
Process32Next Lib "kernel32" Alias "Process32NextW" (ByVal hSnapshot As Long, lpPE As PROCESSENTRY32W) As Long
Private Declare Function
lstrcmpi Lib "kernel32" Alias "lstrcmpiW" (lpString1 As Integer, ByVal lpString2 As Long) As Long
Private Declare Function
CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function
GetLastError Lib "kernel32" () As Long
Private
Type LUID
lowpart
As Long
highpart As Long
End
Type
Private Type LUID_AND_ATTRIBUTES
pLuid
As LUID
Attributes
As Long
End
Type
Private Type TOKEN_PRIVILEGES
PrivilegeCount
As Long
Privileges As LUID_AND_ATTRIBUTES
End Type
Private Const PROCESS_ALL_ACCESS As Long = &H1F0FFF
Private Const TOKEN_QUERY As Long = &H8&
Private Const TOKEN_ADJUST_PRIVILEGES As Long = &H20&
Private Const SE_PRIVILEGE_ENABLED As Long = &H2
Private Const SE_DEBUG_NAME As String = "SeDebugPrivilege"
Private Declare Function GetCurrentProcess Lib "kernel32" () As Long
Private Declare Function
OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long
Private Declare Function
LookupPrivilegeValue Lib "advapi32.dll" Alias "LookupPrivilegeValueW" (ByVal lpSystemName As Long, ByVal lpName As Long, lpLuid As LUID) As Long
Private Declare Function
AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, ByVal PrevState As Long, ByVal N As Long) As Long
Private Declare Function
GetModuleHandle Lib "kernel32" Alias "GetModuleHandleW" (ByVal lpwModuleName As Long) As Long
Private Declare Function
GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Private Const
MEM_COMMIT As Long = &H1000
Private Const MEM_DECOMMIT As Long = &H4000
Private Const PAGE_EXECUTE_READWRITE As Long = &H40
Private Declare Function VirtualAllocEx Lib "kernel32" (ByVal ProcessHandle As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType lor="#0000FF">As Long, ByVal flProtect As Long) As Long
Private Declare Function
VirtualFreeEx Lib "kernel32" (ByVal ProcessHandle As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long
Private Declare Function
CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, ByVal lpThreadAttributes As Long, ByVal dwStackSize As Long, ByVal lpStartAddress As Long, ByVal lpParameter As Long, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long
Private Declare Function
WaitForSingleObject Lib "kernel32" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long
Private Declare Function
GetExitCodeThread Lib "kernel32" (ByVal hThread As Long, lpExitCode As Long) As Long
#If INC_OTHER_KEY Then
Private Declare Function SetWindowsHookEx Lib "user32" Alias "SetWindowsHookExW" (ByVal idHook As Long, ByVal lpfn As Long, ByVal hmod As Long, ByVal dwThreadId As Long) As Long
Private Declare Function
UnhookWindowsHookEx Lib "user32" (ByVal hHook As Long) As Long
Private Declare Function
CallNextHookEx Lib "user32" (ByVal hHook As Long, ByVal nCode As Long, ByVal wParam As Long, lParam As Any) As Long
#End If
Private Const ATOM_FLAG As String = "HookSysKey"
Private Const SHELL_FALG As String = "Winlogon"
Private Const SHELL_CODE_DWORDLEN = 317 '注入代码所占的双字数
Private Const SHELL_CODE_LENGTH = (SHELL_CODE_DWORDLEN * 4) '字节数
Private Const SHELL_FUNCOFFSET = &H8 '注入代码线程函数偏移量
Private mlShellCode(SHELL_CODE_DWORDLEN - 1) As Long
#If INC_OTHER_KEY Then
Private m_lHookID As Long '键盘钩子句柄
Private Type KBDLLHOOKSTRUCT
vkCode
As Long
scanCode As Long
flags As Long
time As Long
dwExtraInfo As Long
End
Type
Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, Source As Any, ByVal Length As Long)
#End If
'============================================
' 锁定/解锁键盘
' 参数:布尔型,真表示锁定
' 返回:布尔型, 真表示成功
' 注意:非 Ctrl+Alt+Del 键使用普通钩子技术,因此
' 程序在退出时注意要卸载钩子。
'============================================
Public Function LockKeyboard(ByVal r="#000000">bLock As Boolean) As Boolean
Dim
lResult As Long
Dim
lStrPtr As Long
Dim
iAtom As Integer
lStrPtr = StrPtr(SHELL_FALG)
iAtom = GlobalFindAtom(lStrPtr)
If iAtom = 0 Then
lResult = InsertAsmCode
Debug.Assert lResult =
0
If lResult Then Exit Function
End If
lStrPtr = StrPtr(ATOM_FLAG)
iAtom = GlobalFindAtom(lStrPtr)
If bLock Then
#If INC_OTHER_KEY Then
'强烈建议:使用了SetWindowsHookEx的话,请编译后再运行!
m_lHookID = SetWindowsHookEx(13, AddressOf LowLevelKeyboardProc, App.hInstance, 0)
#End If
If iAtom = 0 Then iAtom = GlobalAddAtom(lStrPtr)
LockKeyboard = (iAtom <>
0)
Debug.Assert LockKeyboard
Else
#If INC_OTHER_KEY Then
If m_lHookID Then Call UnhookWindowsHookEx(m_lHookID)
#End If
If iAtom Then iAtom = GlobalDeleteAtom(iAtom)
LockKeyboard = iAtom =
0
End If
End Function
Public Function
GetKeyboardState() As Boolean
GetKeyboardState = GlobalFindAtom(StrPtr(ATOM_FLAG)) <> 0
End Function
#If INC_OTHER_KEY Then
Private Function LowLevelKeyboardProc(ByVal nCode As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Dim
KBEvent As KBDLLHOOKSTRUCT
If nCode >= 0 Then
'在这里可以加入实际的过滤条件
CopyMemory KBEvent, ByVal lParam, 20& 'sizeof KBDLLHOOKSTRUCT=20
'wParam = 消息,如WM_KEYDOWN, WM_KEYUP等
Debug.Print Hex$(KBEvent.vkCode) 'VK_??? 定义的键码
LowLevelKeyboardProc = 1 '1屏蔽,否则应调用CallNextHookEx
Else
LowLevelKeyboardProc = CallNextHookEx(m_lHookID, nCode, wParam, lParam)
End If
End Function
#End If
'----------------------------------------------
' 远程线程插入函数
' 功能:向 Winlogon 进程插入远程线程代码,并执行
' 返回:0表示成功,非0表示标准的系统错误代号
'----------------------------------------------
Private Function InsertAsmCode() As Long
Const
WINLOGON As String = "Winlogon.exe"
Dim hProcess As Long '远端进程句柄
Dim hPId As Long '远端进程ID
Dim lResult As Long '一般返回变量
Dim pToken As TOKEN_PRIVILEGES
Dim hToken As Long
Dim
hRemoteThread As Long
Dim
hRemoteThreadID As Long
Dim
lDbResult(1) As Long
Dim
lRemoteAddr As Long
'------------------------------------
'取winlogon进程ID
'------------------------------------
hPId = GetProcessIdFromName(WINLOGON)
If hPId = 0 Then
InsertAsmCode = GetLastError
Debug.Assert
False
Exit Function
End If
'------------------------------------
'提升本进程权限,以取得对winlogon进程操作的许可
'------------------------------------
lResult = OpenProcessToken(GetCurrentProcess(), _
TOKEN_ADJUST_PRIVILEGES
Or TOKEN_QUERY, _
hToken)
Debug.Assert lResult
lResult = LookupPrivilegeValue(
0, StrPtr(SE_DEBUG_NAME), pToken.Privileges.pLuid)
Debug.Assert lResult
pToken.PrivilegeCount =
1
pToken.Privileges.Attributes = SE_PRIVILEGE_ENABLED
lResult = AdjustTokenPrivileges(hToken,
False, pToken, Len(pToken), 0, 0)
Debug.Assert lResult
'------------------------------------
'打开winlogon进程
'------------------------------------
hProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, hPId)
Debug.Assert hProcess
If hProcess Then
'-------
-----------------------------
'初始注入代码
'------------------------------------
Call InitShellCode
'------------------------------------
'远端进程分配内存
'------------------------------------
lRemoteAddr = VirtualAllocEx(hProcess, 0, SHELL_CODE_LENGTH, MEM_COMMIT, PAGE_EXECUTE_READWRITE)
Debug.Assert lRemoteAddr
'------------------------------------
'写入 shell 代码
'------------------------------------
If lRemoteAddr Then
InsertAsmCode = WriteProcessMemory(hProcess, lRemoteAddr, mlShellCode(0), SHELL_CODE_LENGTH, 0)
Else
InsertAsmCode = GetLastError
Exit Function
End If
'------------------------------------
'创建远程线程
'------------------------------------
hRemoteThread = CreateRemoteThread(hProcess, 0, 0, lRemoteAddr + SHELL_FUNCOFFSET, 0, 0, hRemoteThreadID)
If hRemoteThread = 0 Then
InsertAsmCode = GetLastError
Debug.Assert hRemoteThread
Exit Function
End If
'------------------------------------
'等待远程线程
'------------------------------------
Call WaitForSingleObject(hRemoteThread, -1)
Call GetExitCodeThread(hRemoteThread, InsertAsmCode)
Call CloseHandle(hRemoteThread)
'------------------------------------
'释放远端进程内存
'------------------------------------
Call VirtualFreeEx(hProcess, lRemoteAddr, SHELL_CODE_LENGTH, MEM_DECOMMIT)
Else
InsertAsmCode = GetLastError
End If
End Function
'============================================
' 初始线程代码
'============================================
Private Function InitShellCode() As Long
Const
kernel32 As String = "kernel32.dll"
Dim hDll As Long
'------------------------------------
'提取注入代码所需的API函数
'------------------------------------
hDll = GetModuleHandle(StrPtr(kernel32)): Debug.Assert hDll
mlShellCode(
0) = GetProcAddress(hDll, "GetModuleHandleW")
mlShellCode(
1) = GetProcAddress(hDll, "GetProcAddress")
'---------------------------
' 以下代码由 MASM32 产生
mlShellCode(2) = &HE853&
mlShellCode(
3) = &H815B0000
mlShellCode(4) = &H40100EEB
mlShellCode(5) = &H238E800
mlShellCode(6) = &HC00B0000
mlShellCode(7) = &H838D5075
mlShellCode(8) = &H4010B0
mlShellCode(9) = &HD093FF50
mlShellCode(10) = &HF004013
mlShellCode(11) = &HC00BC0B7
mlShellCode(12) = &H683A75
mlShellCode(13) = &H6A020000
mlShellCode(14) = &H8D006A00
mlShellCode(15) = &H4010B083
mlShellCode(16) = &H93FF5000
mlShellCode(17) = &H401090
mlShellCode(18) = &H1874C00B
mlShellCode(19) = &H10C2938D
mlShellCode(20) = &H6A0040
mlShellCode(21) = &H93FF5052
mlShellCode(22) = &H401094
mlShellCode(23) = &H474C00B
mlShellCode(24) = &HAEB0AEB
mlShellCode(25) = &H108C93FF
mlShellCode(26) = &H2EB0040
mlShellCode(27) = &HC25BC033
mlShellCode(28) = >&HFF8B0004
mlShellCode(38) = &H410053
mlShellCode(39) = &H200053
mlShellCode(40) = &H690077
mlShellCode(41) = &H64006E
mlShellCode(42) = &H77006F
mlShellCode(43) = &HFF8B0000
mlShellCode(44) = &H690057
mlShellCode(45) = &H6C006E
mlShellCode(46) = &H67006F
mlShellCode(47) = &H6E006F
mlShellCode(48) = &H8B550000
mlShellCode(49) = &HF0C481EC
mlShellCode(50) = &H53FFFFFD
mlShellCode(51) = &HE8&
mlShellCode(
52) = &HEB815B00
mlShellCode(53) = &H4010D1
mlShellCode(54) = &H10468
mlShellCode(55) = &HF8858D00
mlShellCode(56) = &H50FFFFFD
mlShellCode(57) = &HFF0875FF
mlShellCode(58) = &H40108093
mlShellCode(59) = &HF8858D00
mlShellCode(60) = &H50FFFFFD
mlShellCode(61) = &H1098838D
mlShellCode(62) = &HFF500040
mlShellCode(63) = &H40107C93
mlShellCode(64) = &H75C00B00
mlShellCode(65) = &H68406A69
mlShellCode(66) = &H1000&
mlShellCode(
67) = &H7668&
mlShellCode(
68) = &HFF006A00
mlShellCode(69) = &H40107493
mlShellCode(70) = &H74C00B00
mlShellCode(71) = &H85896054
mlShellCode(72) = &HFFFFFDF0
mlShellCode(73) = &H75FFFC6A
mlShellCode(74) = &H8493FF08
mlShellCode(75) = &H8D004010
mlShellCode(76) = &H4013C893
mlShellCode(77) = &HFC028900
mlShellCode(78) = &HFDF0BD8B
mlShellCode(79) = &H76B9FFFF
mlShellCode(80) = &H8D000000
mlShellCode(81) = &H401374B3
mlShellCode(82) = &H8DA4F300
mlShellCode(83) = &H4010B083
mlShellCode(84) = &H93FF5000
mlShellCode(85) = &H401078
mlShellCode(86) = &HFDF0B5FF
mlShellCode(87) = &HFC6AFFFF
mlShellCode(88) = &HFF0875FF
mlShellCode(89) = &H40108893
mlShellCode(90) = &HC0336100
mlShellCode(91) = &HC03303EB
mlShellCode(92) = &HC2C95B40
or="#000000">mlShellCode(93) = &H6B0008
mlShellCode(94) = &H720065
mlShellCode(95) = &H65006E
mlShellCode(96) = &H33006C
mlShellCode(97) = &H2E0032
mlShellCode(98) = &H6C0064
mlShellCode(99) = &H6C&
mlShellCode(
100) = &H730075
mlShellCode(101) = &H720065
mlShellCode(102) = &H320033
mlShellCode(103) = &H64002E
mlShellCode(104) = &H6C006C
mlShellCode(105) = &H69560000
mlShellCode(106) = &H61757472
mlShellCode(107) = &H6572466C
mlShellCode(108) = &H6C470065
mlShellCode(109) = &H6C61626F
mlShellCode(110) = &H646E6946
mlShellCode(111) = &H6D6F7441
mlShellCode(112) = &H6C470057
mlShellCode(113) = &H6C61626F
mlShellCode(114) = &H41646441
mlShellCode(115) = &H576D6F74
mlShellCode(116) = &H74736C00
mlShellCode(117) = &H706D6372
mlShellCode(118) = &H4F005769
mlShellCode(119) = &H446E6570
mlShellCode(120) = &H746B7365
mlShellCode(121) = &H57706F
mlShellCode(122) = &H6D756E45
mlShellCode(123) = &H6B736544
mlShellCode(124) = &H57706F74
mlShellCode(125) = &H6F646E69
mlShellCode(126) = &H47007377
mlShellCode(127) = &H69577465
mlShellCode(128) = &H776F646E
mlShellCode(129) = &H74786554
mlShellCode(130) = &H65470057
mlShellCode(131) = &H6E695774
mlShellCode(132) = &H4C776F64
mlShellCode(133) = &H57676E6F
mlShellCode(134) = &H74655300
mlShellCode(135) = &H646E6957
mlShellCode(136) = &H6F4C776F
mlShellCode(137) = &H57676E
mlShellCode(138) = &H6C6C6143
mlShellCode(139) = &H646E6957
mlShellCode(140) = &H7250776F
mlShellCode(141) = &H57636F
mlShellCode(142) = &H4C746547
mlShellCode(143) = &H45747361
mlShellCode(144) = &H726F7272
mlShellCode(145) = &H72695600
mlShellCode(146) = &H6C617574
mlShellCode(147) = &H6F6C6C41 r/>mlShellCode(148) = &H8B550063
mlShellCode(149) = &HFCC483EC
mlShellCode(150) = &H48C03360
mlShellCode(151) = &H8DFC4589
mlShellCode(152) = &H40117683
mlShellCode(153) = &H93FF5000
mlShellCode(154) = &H401000
mlShellCode(155) = &H840FC00B
mlShellCode(156) = &HFA&
mlShellCode(
157) = &H838DF88B
mlShellCode(158) = &H401190
mlShellCode(159) = &H93FF50
mlShellCode(160) = &HB004010
mlShellCode(161) = &HE3840FC0
mlShellCode(162) = &H8B000000
mlShellCode(163) = &H45838DF0
mlShellCode(164) = &H50004012
mlShellCode(165) = &H493FF57
mlShellCode(166) = &H89004010
mlShellCode(167) = &H40107483
mlShellCode(168) = &H38838D00
mlShellCode(169) = &H50004012
mlShellCode(170) = &H493FF57
mlShellCode(171) = &H89004010
mlShellCode(172) = &H40108C83
mlShellCode(173) = &HC2838D00
mlShellCode(174) = &H50004011
mlShellCode(175) = &H493FF57
mlShellCode(176) = &H89004010
mlShellCode(177) = &H40107883
mlShellCode(178) = &HB2838D00
mlShellCode(179) = &H50004011
mlShellCode(180) = &H493FF57
mlShellCode(181) = &H89004010
mlShellCode(182) = &H4013D083
mlShellCode(183) = &HD1838D00
mlShellCode(184) = &H50004011
mlShellCode(185) = &H493FF57
mlShellCode(186) = &H89004010
mlShellCode(187) = &H40107C83
mlShellCode(188) = &HDB838D00
mlShellCode(189) = &H50004011
mlShellCode(190) = &H493FF56
mlShellCode(191) = &H89004010
mlShellCode(192) = &H40109083
mlShellCode(193) = &HE8838D00
mlShellCode(194) = &H50004011
mlShellCode(195) = &H493FF56
mlShellCode(196) = &H89004010
mlShellCode(197) = &H40109483
mlShellCode(198) = &HFB838D00
mlShellCode(199) = &H50004011
mlShellCode(200) = &H493FF56
mlShellCode(201) = &H89004010
mlShellCode(202) = font>&H40108083
mlShellCode(203) = &HA838D00
mlShellCode(204) = &H50004012
mlShellCode(205) = &H493FF56
mlShellCode(206) = &H89004010
mlShellCode(207) = &H40108483
mlShellCode(208) = &H19838D00
mlShellCode(209) = &H50004012
mlShellCode(210) = &H493FF56
mlShellCode(211) = &H89004010
mlShellCode(212) = &H40108883
mlShellCode(213) = &H28838D00
mlShellCode(214) = &H50004012
mlShellCode(215) = &H493FF56
mlShellCode(216) = &H89004010
mlShellCode(217) = &H4013CC83
mlShellCode(218) = &H89C03300
mlShellCode(219) = &H8B61FC45
mlShellCode(220) = &HC3C9FC45
mlShellCode(221) = &H53EC8B55
mlShellCode(222) = &HE8&
mlShellCode(
223) = &HEB815B00
mlShellCode(224) = &H40137D
mlShellCode(225) = &H120C7D81
mlShellCode(226) = &H75000003
mlShellCode(227) = &HD4838D1C
mlShellCode(228) = &H50004013
mlShellCode(229) = &H13D093FF
mlShellCode(230) = &HB70F0040
mlShellCode(231) = &H74C00BC0
mlShellCode(232) = &H40C03308
mlShellCode(233) = &H10C2C95B
mlShellCode(234) = &H1475FF00
mlShellCode(235) = &HFF1075FF
mlShellCode(236) = &H75FF0C75
mlShellCode(237) = &HC8B3FF08
mlShellCode(238) = &HFF004013
mlShellCode(239) = &H4013CC93
mlShellCode(240) = &HC2C95B00
mlShellCode(241) = &HFF8B0010
mlShellCode(245) = &H6F0048
mlShellCode(246) = &H6B006F
mlShellCode(247) = &H790053
mlShellCode(248) = &H4B0073
mlShellCode(249) = &H790065
mlShellCode(250) = &H8B550000
mlShellCode(251) = &HD8C481EC
mlShellCode(252) = &HE8FFFFFD
mlShellCode(253) = &H226&
mlShellCode(
254) = &H8DE84589
mlShellCode(255) = &H6A50EC45
mlShellCode(256) = &HE875FF28
mlShellCode(257) = &H24BE8
mlShellCode(258) = &HFC00B00
mlShellCode(259) = &H11584
mlShellCode(260<
font color="#000000">) =
&HF4458D00
mlShellCode(261) = &H20606850
mlShellCode(262) = &H6A0040
mlShellCode(263) = &H22DE8
mlShellCode(264) = &H74C00B00
mlShellCode(265) = &HF045C722
mlShellCode(266) = &H1&
mlShellCode(
267) = &H2FC45C7
mlShellCode(268) = &H6A000000
mlShellCode(269) = &H6A006A00
mlShellCode(270) = &HF0458D00
mlShellCode(271) = &HFF006A50
mlShellCode(272) = &H1E8EC75
mlShellCode(273) = &HFF000002
mlShellCode(274) = &H6A0875
mlShellCode(275) = &H1F0FFF68
mlShellCode(276) = &H1CEE800
mlShellCode(277) = &H45890000
mlShellCode(278) = &H68046AE8
mlShellCode(279) = &H1000&
mlShellCode(
280) = &H4F268
mlShellCode(281) = &HFF006A00
mlShellCode(282) = &HC1E8E875
mlShellCode(283) = &H89000001
mlShellCode(284) = &H6AE445
mlShellCode(285) = &H4F268
mlShellCode(286) = &H10006800
mlShellCode(287) = &H75FF0040
mlShellCode(288) = &HE875FFE4
mlShellCode(289) = &H1B9E8
mlShellCode(290) = &H30186800
mlShellCode(291) = &H86A0040
mlShellCode(292) = &H40300068
mlShellCode(293) = &HE475FF00
mlShellCode(294) = &HE8E875FF
mlShellCode(295) = &H1A2&
mlShellCode(
296) = &H81E4558B
mlShellCode(297) = &H8C2&
mlShellCode(
298) = &H6A006A00
mlShellCode(299) = &H52006A00
mlShellCode(300) = &H6A006A
mlShellCode(301) = &HE8E875FF
mlShellCode(302) = &H156&
mlShellCode(
303) = &H144E850
mlShellCode(304) = &H18680000
mlShellCode(305) = &H6A004030
mlShellCode(306) = &H30006808
mlShellCode(307) = &H75FF0040
mlShellCode(308) = &HE875FFE4
mlShellCode(309) = &H151E8
mlShellCode(310) = &H58D00
mlShellCode(311) = &H8B004030
mlShellCode(312) = &H4408B10
mlShellCode(313) = &HCB685250
mlShellCode(314) = &H8D004020
mlShellCode(315 font>) = &HFFFDD885
mlShellCode(316) = &H909050FF
End Function
'-------------------------------------------
' 根据可执行文件的名称取回进程ID
' 参数:可执行文件名(含扩展名)
' 返回:进程ID。0表示无
'-------------------------------------------
Private Function GetProcessIdFromName(ByVal sName As String) As Long
Dim
hSnapshot As Long
Dim
lpPE As PROCESSENTRY32W
Dim lpWinlogon As Long
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
Debug.Assert hSnapshot
lpPE.dwSize = Len(lpPE)
If Process32First(hSnapshot, lpPE) Then
lpWinlogon = StrPtr(sName)
Do
If
lstrcmpi(lpPE.szExeFile(1), lpWinlogon) = 0 Then
GetProcessIdFromName = lpPE.h32ProcessID
Exit Do
End If
If
Process32Next(hSnapshot, lpPE) = 0 Then Exit Do
Loop
End If
Call
CloseHandle(hSnapshot)
End Function




最近在研究本站优化的时候,发现本站内容不足,于是决定采取增加BLOG的策略。但,天下之大,BLOG程序之多,到底用那款BLOG程序,一时间,摸不到头脑。结合SEO经验与自身实力,决定采用Zblog程序—自认为是优化做的很不错的网站,也是普通SEOER的首选,我是新手,所以我选择。

以下谈谈我对Zblog程序优化的一点点看法,也是本站优化的一个:

一、Zblog的结构

(1)关于模板文件的说明,Zblog的模板文件都放在Template目录下面,但其中比较重要值得优化的有几个
default.html 首页的模板
single.html 单个文章页面模板
b_article-single.html 单个文章页面之中的文章主体部分,single.html里面的文章内容就是嵌用了这个的格式。
catalog.html 用于首页的翻页,也就是说首页从第二页开始,都是这个负责显示

(2)关于Zblog的几个常用标签

<#ZC_BLOG_HOST#>     代表博客的根网址
<#ZC_BLOG_TITLE#>    代表博客网站名称,在后台可以设置
<#ZC_BLOG_SUBTITLE#> 网站副名称,同样在后台可以找到
<#BlogTitle#>        代表单个文章的主标题
<#article/tagtoname#>  该文章的标签
<#article/intro#>    该文章的简介部分
<#CACHE_INCLUDE_文件名#> 此标签作用是包含外部文件,很实用。例如<#CACHE_INCLUDE_ABCDEFG#>这个意思就是把“INCLUDE”目录下的“ABCDEFG.ASP"文件内容弄进来,首页模板里面的侧边“网站收藏”“友情链接”“图标集”等都是用这个标签搞的,你可以打开“INCLUDE”目录看看里面文件的内容研究研究



二、Zblog模板的优化

(1)Zblog 的默认模板里面是没有 keywords,description,generator 这几个meta的 !

首先要把这几个加回去,主要是针对单个文章页面,也就是single.html

至于首页的两个default.html和catalog.html加不加上去,看个人喜欢了,我自己是比较懒的。

Single.html 要添加的Meta可以这样加:(只是样例)

<meta name="keywords" content="<#article/tagtoname#>"/>
<meta name="description" content="<#article/intro#>"/>


经过第一部分的网站优化过程,聪明的你很快就明白这两行字的意思。其中所用的标签就是上面所提到的标签:关键词和简介。

其中要严重注意的一点,就是上面那个description里面的标记“<#article/intro#>”,这个简介不应该有任何HTML标签,尤其是不能包含有英文的双引号“,因为他们是放在页面的head区的,里面包含Html标签很容易导致显示出问题。本来它只应该是一段纯粹的文字,但在我们平时在写Blog的时候,经常会漏写或者把简介也加上了许多效果,导致文章简介有很多HTML标签存在,这个只能靠你平时的写文章习惯。

有的朋友可能会说,这个简介放在description这里这么危险干脆不要吧,我本人也严重同意,但不要它,没有谁能代替啊,除非你改动程序,改动数据库加上一个新的“文章描述”那我没有意见。为了以后的升级兼容,先将就一下吧。或者你比较狠点,可以干脆点不要这一行description。我这里给出一个折衷点的办法就是,你要加上Html标签也可以,但是平时写文章要记得把简介里面的所有的双引号“替换为单引号‘,至少我现在已经在这样做还没有出现过问题。希望作者能在下个版本中弄个直接用于description的标签。

首页的meta就没有那么复杂了,写上你的网站描述和关键词就ok。

(2)仍然是单个文章页面(Single.html),它的Title部分也不太理想。原来的Title是这样的

<title><#ZC_BLOG_TITLE#><#ZC_MSG044#><#BlogTitle#></title>


可以看到,它的格式是 "博客名称-文章标题”,而越左边是越重要的,应该改成"文章标题-博客名称”。这个容易解决,把位置调换一下就行了。新的title如下:

<title><#BlogTitle#><#ZC_MSG044#><#ZC_BLOG_TITLE#></title>


(3)还是单个文章页面(Single.htm),我并不是对它有偏见,其实首页(default.html和catalog.html)也有这个问题.
就是关于h1和h2的使用,

在标准化里面的意义是表示标题,而并不是用来弄大小。Zblog里面,用h1显示了网站名称,用h2显示副标题。但显然把这个h1留给文章的标题更加合适。于是,你可以在single.html default.html catalog.html三个文件中找到:

<h1 id="BlogTitle"><a href="<#ZC_BLOG_HOST#>"><#ZC_BLOG_NAME#></a></h1>
<h2 id="BlogSubTitle"><#ZC_BLOG_SUB_NAME#></h2>


怎么改好呢?又不能和原来的相差太远。幸好Zblog模板采用Xhtml + CSS来控制显示的,我们可以把h1和h2换成div, 或者改成span。用Div是比较理想的,和原来的h1同样是盒状的block。ID="BlogTitle"保持不变。
于是代码换成

<div id="BlogTitle"><a href="<#ZC_BLOG_HOST#>"><#ZC_BLOG_NAME#></a></div>
<div id="BlogSubTitle"><#ZC_BLOG_SUB_NAME#></div>


效果仍然和有点区别的,就是div没有附带大小样式,而h1里面的文字是默认比较大的。这点改动已经不太兼容了,因为还要去CSS修改一下文字大小。
为了保持兼容性,我们可以采取另一个折衷点的,就是h1换成h2,h2换成h3。新的代码是

<h2 id="BlogTitle"><a href="<#ZC_BLOG_HOST#>"><#ZC_BLOG_NAME#></a></h2>
<h3 id="BlogSubTitle"><#ZC_BLOG_SUB_NAME#></h3>


这样子文字大小会比原来小一点,但是仍然能兼容网上大部分的模板样式。
把h1从网站名手里抢过来以后,还要把它还给文章的标题。ZBlog默认模板分给文章标题的是h2,又是把h2它当成大小控制来使用。

<h2 class="post-title"><#article/title#></h2>


这个我们简单地把h2 改为h1就行了。当然,文字会比原来的再大一点。
(4)关于怎么在ZBlog里面加Adsense广告
由于Zblog的模板文件化,只要你懂点HTML代码,放广告是很自由的事,基本上每个地方都可以放。我这里只简单说下如何在单个文章的正文中放一个Adsense Content。我们要利用的主角是上面提到的<#CACHE_INCLUDE_文件名#> 标签。
A. 在INCLUDE目录下面新建一个ASP文件,例如"GGADCONTENT.ASP"。然后把Adsense生成的代码直接粘贴进取,不需要再添加任何文字。然后保存。
B. 打开"
Template"目录里面的"b_article-single.html"文件,找到这行:

<div class="post-body"><#article/content#></div>


把它换成下面的几行:

<div class="post-body">
<div class="ggad-content">
<#CACHE_INCLUDE_GGADCONTENT#>
</div>
<#article/content#>
</div>


“GGADCONENT”就是刚才A步骤建立的“GGADCONTENT.ASP”,只要文件名就可以了。同时,上面的代码还定义了一个名为“ggad-content”的样式类。所以还要到C步骤去搞搞它的样式。
C. 打开"STYLE"目录下的"default.css" (我这里用默认CSS做例子),实际应用看你选择了什么样的模板,相对应的CSS文件。
在这个CSS文件的最末端加入一下代码,而不需要修改其它的地方。

/* GG Adsense Style Control */
.ggad-content {float:left;}


这句CSS的意思是让装着Adsense广告的那个层流动到左边,它会自动把文章正文的文字挤到右边。你也可以把"left"字母改成"right",则设为浮动到右边。在后台重新生成索引和重新生成文件。如果你在网上修改,还要记得把INCLUDE里面新建的那个文件ftp到你的网站空间去。
(5). 关于用目录来做文章的访问路径问题,以及自定义文章名称。
官方已经注意到文章访问路径的优化了,并且在后台加入了这两个功能,有兴趣的可以进一步参考ZBlog的官方论坛,我就不再罗嗦了。不过有一点要注意,如果你启用了这个功能后,以前的文章访问路径都会发很大的变化,直接结果就是导致搜索引擎的收录地址和你的新地址对不上号!要过一段痛苦的收录周期才会逐渐恢复收录正常。

三、后记

其实ZBlog的SEO方面已经做得很好了,内部连接、静态输出等方面很不错,所以深得SEOer们的喜爱。因此我这里所改的也都是小打小闹,一般情况下,为了保持兼容避免麻烦,再加上现在这几个地方的权重不那么高了,都不需要怎么修改。如果说非得要改的,那就是title那里要把文章标题换到网站名称前面去。ZBLog的作者是单枪匹马开发出这个东西的,做到这种地步已经很牛了~不过仍然希望下个补丁改一改这些小问题。ZBlog对于国内空间来说很不错的,因为到处都是ASP空间。相比之下wordpress需要php+mysql,我也不清楚为什么PHP空间在中国不太流行,虽然wordpress的确是最好的Blog程序。
比较一下Zblog和Pjblog,各有所长,PJ是LBS基础上开发的,使用的也是动态的ASP,因此功能比较强大,主题模板也很丰富,但是多余的代码也不算少。另外那个作者被腾讯吸收去搞Qzone后,已经多月没有更新过了。PJ的建站要求很低,很适合个人新手建Blog。相比起PJ,ZBLOG简洁而自由,占用资源也少,但也需要一定的网页制作基础。那个“重建文件”功能比较耗资源,但这个也没办法,生成静态文件就必须这样。

Ps:这也是JiaJia将原有的PJ转为ZB的原因,ZB的速度挺好的,功能很简洁。



以下是部分程序,在 VC++ 6.0 Plat SDK 2003 SP1 下编译通过


#include < windows . h >
#include "APIHook.h"

extern CAPIHook g_OpenProcess ;

// 自定义OpenProcess函数
#pragma data_seg ( "YCIShared" )
HHOOK g_hHook = NULL ;
DWORD dwCurrentProcessId = 0 ;
#pragma data_seg ()

HANDLE WINAPI Hook_OpenProcess ( DWORD dwDesiredAccess , BOOL bInheritHandle , DWORD dwProcessId )
{
typedef HANDLE ( WINAPI * PFNTERMINATEPROCESS )( DWORD , BOOL , DWORD );

if ( dwProcessId != dwCurrentProcessId )
{
return (( PFNTERMINATEPROCESS )( PROC ) g_OpenProcess )( dwDesiredAccess , bInheritHandle , dwProcessId );
}
return 0 ;
}

// 挂钩OpenProcess函数
CAPIHook g_OpenProcess ( "kernel32.dll" , "OpenProcess" , ( PROC ) Hook_OpenProcess );
//////////////////////////////////////////////////////

static HMODULE ModuleFromAddress ( PVOID pv )
{
MEMORY_BASIC_INFORMATION mbi ;
if (:: VirtualQuery ( pv , & mbi , sizeof ( mbi )) != 0 )
{
return ( HMODULE ) mbi . AllocationBase ;
}
else
{
return NULL ;
}
}

static LRESULT WINAPI GetMsgProc ( int code , WPARAM wParam , LPARAM lParam )
{
return :: CallNextHookEx ( g_hHook , code , wParam , lParam );
}

BOOL WINAPI SetSysHook ( BOOL bInstall , DWORD dwThreadId )
{
BOOL bOk ;
dwCurrentProcessId = dwThreadId ;
if ( bInstall )
{
g_hHook = :: SetWindowsHookEx ( WH_GETMESSAGE , GetMsgProc ,
ModuleFromAddress ( GetMsgProc ), 0 );
bOk = ( g_hHook != NULL );
}
else
{
bOk = :: UnhookWindowsHookEx ( g_hHook );
g_hHook = NULL ;
}
return bOk ;
}





这里要用到一个未公开的API——SfcFileException,其声明如下:

DWORD WINAPI SfcFileException(DWORD dwUnknown0, PWCHAR pwszFile, DWORD dwUnknown1);

参数说明: dwUnknown0 未知,设为0
pwszFile 文件名
dwUnknown1 未知,设为-1

从参数可以看出SfcFileException只能对单个文件禁止Windows文件保护,注意pwszFile参数是UNICODE字符。函数成功返回 0,失败返回1(一般是文件不受Windows文件保护保护)。在Windows XP里SfcFileException位于SFC_OS.DLL中,没有被导出函数名,只导出了序号,序号为5。下面看代码:

注意:程序需要开启调试权限!

.586
.model flat,stdcall
option casemap:none

include
\masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc

includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib

include \masm32\macros\macros.asm
include \masm32\macros\ucmacros.asm

ProtoDef
typedef proto :dword,:dword,:dword
lpProc typedef ptr ProtoDef

.data
WSTR szFile,"C:\Windows\Explorer.exe"

.data?
SfcFileException lpProc ?

.code
Main proc

invoke
LoadLibrary,SADD('SFC_OS.DLL')
invoke
GetProcAddress,eax,5
mov SfcFileException,eax
invoke SfcFileException,0,offset szFile,-1
.if eax
invoke MessageBox,NULL,SADD('Err'),SADD('Err'),MB_OK
.else
invoke
MessageBox,NULL,SADD('OK'),SADD('OK'),MB_OK
.endif
ret
Main endp
end
Main


代码很简单,就不多说。

参考文献:
《Hacking Windows File Protection》
http://www.bitsum.com/aboutwfp.asp
里面有些不错的东西,建议看一下,英文的。


// 头文件
// ApiHook.h: interface for the CApiHook class.

#ifndef API_HOOK_H
#define API_HOOK_H

class CApiHook
{
public :
HANDLE hProc ;
Unlock ();
Lock ();
BOOL Initialize ( LPCTSTR lpLibFileName , LPCTSTR lpProcName , FARPROC lpNewFunc );
void SetHookOn ( void );
void SetHookOff ( void );
CApiHook ();
virtual ~ CApiHook ();

protected :
BYTE m_OldFunc [ 8 ];
BYTE m_NewFunc [ 8 ];
FARPROC m_lpHookFunc ;
CRITICAL_SECTION m_cs ;
};

#endif

// 实现文件
// ApiHook.cpp: implementation of the CApiHook class.

#include "stdafx.h"
#include "ApiHook.h"
#include < stdio . h >

//////////////////////////////////////////////////////////////////////
// Construction/Destruction
//////////////////////////////////////////////////////////////////////

#define OPEN_FLAGS ( PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE )

CApiHook :: CApiHook ()
{
InitializeCriticalSection (& m_cs );
}

CApiHook ::~ CApiHook ()
{
CloseHandle ( hProc );
DeleteCriticalSection (& m_cs );
}

void CApiHook :: SetHookOn ( void )
{
DWORD dwOldFlag ;

if ( WriteProcessMemory ( hProc , m_lpHookFunc , m_NewFunc , 5 , 0 ))
{
return ;
}

MessageBox ( NULL , "SetHookOn" , "fail" , MB_OK );
return ;
}

void CApiHook :: SetHookOff ( void )
{
DWORD dwOldFlag ;

if ( WriteProcessMemory ( hProc , m_lpHookFunc , m_OldFunc , 5 , 0 ))
{
return ;
}
MessageBox ( NULL , "SetHookOff" , "fail" , MB_OK );
return ;
}

BOOL CApiHook :: Initialize ( LPCTSTR lpLibFileName , LPCTSTR lpProcName , FARPROC lpNewFunc )
{
HMODULE hModule ;

hModule = LoadLibrary ( lpLibFileName );
if ( NULL == hModule )
return FALSE ;

m_lpHookFunc = GetProcAddress ( hModule , lpProcName );
if ( NULL == m_lpHookFunc )
return FALSE ;

DWORD dwProcessID = GetCurrentProcessId ();
DWORD dwOldFlag ;
hProc = GetCurrentProcess ( /*OPEN_FLAGS,0,dwProcessID*/ );

if ( hProc == NULL )
{
MessageBox ( NULL , "Initialize.OpenProcess" , "fail" , MB_OK );
return FALSE ;
}

if ( ReadProcessMemory ( hProc , m_lpHookFunc , m_OldFunc , 5 , 0 ))
{
m_NewFunc [ 0 ]= 0xe9 ;
DWORD * pNewFuncAddress ;
pNewFuncAddress =( DWORD *)& m_NewFunc [ 1 ];
*
pNewFuncAddress =( DWORD ) lpNewFunc -( DWORD ) m_lpHookFunc - 5 ;

return TRUE ;
}

MessageBox ( NULL , "Initialize" , "fail" , MB_OK );
return FALSE ;
}

CApiHook :: Lock ()
{
EnterCriticalSection (& m_cs );
}

CApiHook :: Unlock ()
{
LeaveCriticalSection (& m_cs );
}



#include <stdio.h>
#include <windows.h>

typedef DWORD(__stdcall *CPP) (DWORD param1, PWCHAR param2, DWORD param3);
void Disable_WFP()
{
HINSTANCE hmod=LoadLibrary("sfc_os.dll");
CPP SetSfcFileException;
// the function is stored at the fifth ordinal in sfc_os.dll
SetSfcFileException= (CPP)GetProcAddress(hmod,(LPCSTR)5);
SetSfcFileException(0, L"c:\\windows\\system32\\calc.exe",-1);
//Now we can modify the system file in a complete stealth.
}

void main()
{
Disable_WFP();
}



运行后,删除 C:\WINDOWS\SYSTEM32\CALC.EXE 文件,不会自动恢复
Windows2K3 CN SP1 VC6 测试通过
好像说重启后会恢复,这个未测试,所以叫暂停。