Selasa, Desember 12, 2006

Diskusi Pembuatan SMSGateway Menggunakan Visual Basic 6

Jika Anda ingin berdiskusi dengan saya mengenai pembuatan SMSGateway menggunakan Visual Basic 6, silahkan posting disini. Atau gunakan Email Post pada comment untuk langsung terkirim ke email saya.
Terima Kasih

Virus Pemusnah Masal

Bagaikan senjata epmusnah massal yang sangat menakutkan itu, virus ini juga ternyata memiliki peran yang tidak jauh berbeda. Bagaimana tidak ngeri, coba Anda bayangkan apabila data atau dokumen yang dikerjakan sehari, sebulan, atau bahkan bertahun-tahun hilang begitu saja.

Kita pasti kesal apabila itu terjadi. Dan dapat Anda bayangkan, itu mungkin baru satu komputer, tapi bagaimana bila misalnya itu terjadi pada satu kantor atau mungkin satu kota ? Gak kebayang kan berapa total kerugian. Tapi, memang itulah sedikit gambaran yang terjadi, yang pada beberapa waktu yang lalu sempat membuat heboh.

Virus penghancur dara ini dikenal oleh antivirus PCMAV sebagai virus Aduhai. Dan PCMAV sudah mengenali dua jenis varian dari virus ini, yakni Aduhai.A dan Aduhai.B. Ia dibuat menggunakan bahasa Visual Basic yang di-compile dengan metode P-Code. Virus ini yang ber-icon-kan mirip folder standar Windows ini juga di-compress menggunakan UPX. Sehingga ukuran file/tubuhnya menjadi sebesar 43.008 byte untuk Aduhai.A dan 42.496 byte Aduhai.B.

Pada sistem yang kami uji coba, virus ini berjalan mulus oada Windows 98 SE dan Windows XP. Antivirus lain ada yang mengenali virus ini dengan nama Pacara, DelCanti, atau VB.AN. Bahkan ada beberapa antivirus luar menyebutkan bahwa virus ini masih varian dari virus Brontok/Rontokbro. Padahal ia bukannlah varian dari Brontok, karena ini adalah virus yang berbeda.

Infeksi File dan Memory

Pada saat kali pertama virus dijalankan, ia akanm membuat beberapa file induk yang ia tanamkan pada sistem tersebut, diantaranya pada \%WINDOWS%\SVCHOST.EXE,\%WINDOWS%\system\SVCHOST.EXE,\%SYSTEM32%\EBRR.EXE, dan \%SYSTEM32%\mmtask.exe. Lalu ia memanggil keempat file induk tersebut agar aktif di memory. Jadi pada memory paling tidak terdapat empat buah proses dari virus tersebut dengan anama proses sama seperti nama file induknya.

Apabila virus ini berjalan pada operating system Windows 98, proses dari virus ini tidak akan terlihat pada Task Manager karena ia sembunyikan dengan cara meregister prosesnya sebagai service dengan menggunakan perintah API RegisterServiceProcess.

Virus Aduhai ini juga akan saling menjaga keharmonisan hubungan antara temannyadi memory. Contohnya apabila dari keempat proses virus tersebut ada yang hilang dari memory, entah itu sengaja di-kill oelh user atau karena sebab lain, maka dengan segera virus akan memanggil kembali proses yang hilang itu. Ini merupakan sala satu cara sang virus agar susah dibunuh.

Ia juga akan memonitor setiap aplikasi yang dijalankan dan mencari setiap window dengan class berupa “CabinetWClass”, yang mana class ini merupakann bagian dari class Windows Explorer untuk mencari tau drive/direktori yang sedang diakses oleh user. Apabila drive tersebut beruap Removeable Disk seperti disket atau FlashDisk, ia kan segera membuat duplikat file virus ke drive tersebut. Tentunya menggunakan nama-nama file yang menarik, agar user tertarik mengkliknya.

Beberapa nama file tersebut, diantaranya “Agnes Monica.exe”, “Foto Pacar.exe”, “Bekas Pacar.exe”, “Dian Sastro.exe”, dan lain sebagainya. Lalu, setelah file tersebut berhasil diciptakan, ia akan langsung mengeksekusinya. Alhasil, file tersebut tidak bisa dihapus karena masih aktif di memory.

Infeksi Registry

Seperti halnya virus lain, Aduhai juga akan menginfeksi registry. Pada sistem Windows XP, ia akan menginfeksi registy yang terletak pada HKLM\SOFTWARE\Microsoft\WindowsNT\CurentVersion\WinL\logon\Shell dan HKCU\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Shell dengan cara mengalihkan nilai dari Shell tersebut yang seharusnya mengarahkan kepada file ‘explorer.exe’ dialihkan agar mengarah kepada file induk virus tersebut.

Sementara itu pada Windows 98, ia akan menginfeksi key HKLM\Software\Microsoft\Windows\CurrentVersion\RunServiceOnce\ dengan menambahkan item dengan anama “By: 05062705056127019455” dan pada key HKLM\Software\Microsoft\Windows\CurentVersion\RunServiceOnce\ dengan menambahkan item “Made In Ambon Manise-Sebagai PeSaN Anti Korupsi”.

Nilai dari kedua item tersebut juga diarahkan kepada file induk virus. Dengan menginfeksi run section pada key-key registry tersebut, nantinya saat memulai Windows cirus ini akan aktif otomatis.

Apabila Anda lihat pada Windows Explorer, pasti setiap file aplikasi/executable type information-nya berupa “File Folder” bukan seperti yang biasanya, yakni “Applications”. Itu bisa terjadi karena virus tersebut mengubah nilai registry pada HKLM\SOFTWARE\CLASSES\exefile\, yang terjadi berupa “Applications” menjadi “File Folder”.

Dan walaupun pada virus ini Folder Options tidak disembuyikan seperti halnya yang dilakukan oleh virus-virus lain, tapi tetap saja ia mengisenginya dengan memanipulasi nilai default dari beberapa item pada registry untuk Folder Options tersebut. Yakni, pada HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\UncheckedValue dan HKLM\SOFTWARE\Microsoft\Windows\ CurrentVersion\Explorer\Advanced\\Folder\SuperHidden\UncheckedValue.

Jadi, walaupun Anda melakukan perubahan pada Folder Options untuk menampilkan extensions pada setiap file dan menampilkan file system, tapi tetap saja tidak akan berpengaruh, karena setting-nya akan kembali seperti yang telah ia set.

Saatnya Beraksi

Virus yang dapat menyebar melalui media penyimpanan data atau removeable disk seperti disket atau flashdisk ini juga dapat menyebar melalui jaringan melalui sharing directory. Yakni, apabila direktori yang di-share mengandung virus dan virus tersebut diakses oleh komputer lain di jaringan tersebut, maka komputer yang mengaksesnya juga akan terinfeksi.

Pada saat file virus dieksekusi, ia juga terkadang akan membuat sebuah direktori di bawahnya dengan nama sama seperti nama file virus yang dijalankan dan diberi attribut system dan hidden agar tidak terlihat. Pada saat file virus tersebut diklik ia akan menampilkan isi dari direktori yang telah ia buat sebelumnya itu. Isinya adalah file “Naskah.rtf” atau “Cantik.bmp”.

Dari tubuh sang virus setelah dilakukan proses disassemble, terlihat bahwa ia diprogram menggunakan sebuah form yang berisi tiga buah timer dan satu buah komponen image tempat menampung gambar Dian Sastro yang nantinya akan di-extract menjadi file “Cantik.bmp” tadi. Timer tersebut memiliki peranan masing-masing. Dan ada salah satunya dengan KillBill yang bertugas untk memonitor setiap perubahan waktu yang terjadi

Seperti yang dikatan di awal, virus ini merupakan virus “pemusnah massl” yang dapat menghapus semua data Anda tanpa ampun. Itu dapat terjadi apabila pada komputer Anda bulan menunjukan pada angka 10(Oktober) dan tanggal ganjil. Serta apabila bulan menunjukan pada angka 12 (Desember) dan tanggal berapapun. Jika salah satu kondisi tersebut terpenuhi, maka ia akan menjalankan fungsiDelAllFile seperti yang terlihat pada rutin di tubuh virus tersebut.

Virus ini akan menghapus semua file, tanpa terkecuali file system dari Windows-nya sendiri, dan itu pula yang menyebabkan komputer tidak bisa booting dengan menampilkan pesan berupa “NTLDR is missing”. Apabila itu terjadi hanya pada satu komputer, mungkin belum tentu diakibatkan oleh virus. Tapi, bagaimana misalnya bila itu terjadi pada sebuah kantor secara serentak.

Pembasmian dan Pencegahan

Untuk mengembalikan data yang hilang akibat dihapus oleh virus ini, coba dengan software data recovery, mungkin masih bisa diselamatkan. Dan ingat, bulan Oktober dab Desember Aduhai akan menghapus data Anda, jadi hati-hati dan selalu scan komputer Anda dengan antivirus update terbaru. PC Media Antivirus sudah dapat mengatasi virus ini dengan baik hingga tuntas dan akurat 100%.



Oleh: ARIEF PRABOWO – PCMEDIA Magazine

Visual Basic – ActiveX EXE Tutorial

Just what the heck is an ActiveX EXE? How do I use it and more importantly, why?

An ActiveX EXE is a special type of COM component that is used in specific circumstances. Yes, it is an EXE file, meaning it is loaded into its own address space and given its own process and threads, but it is designed to be an OLE automation server, just like an ActiveX DLL. In other words, it has no forms, has no “starting” point like a sub Main() and exposes interfaces (classes) to be used by a client application, just like an ActiveX DLL.

OK, if an ActiveX EXE is so similar, why would I choose to use an ActiveX EXE over an ActiveX DLL you may ask? Good question but let me explain how an ActiveX DLL works first, before I tell you about an ActiveX EXE.

An ActiveX DLL is mapped into the address space of the client application and becomes part of client’s process; the ActiveX DLL does not spawn its own thread. This means, in versions prior to VB.Net any way, the thread of the client application must yield processing and give that thread to the ActiveX DLL to use. This gives you synchronous processing; the calling application can not continue until the ActiveX DLL returns from the method call. This is a form of Apartment Threading; the DLL is not single threaded, that would mean all of the classes given out to clients would share the same thread, in Apartment Threading, each class is dependant on the thread given to it by the client application and all of those threads work independently.

An ActiveX EXE on the other hand creates a new thread for each new class that it creates! Each thread is independent of the client application. Hold on their Guru, are you talking about Multi-threading in a VB application??? Your damn straight, you can create a fully multi-threaded application by just creating classes from an ActiveX EXE. So, you can create an asynchronous call, meaning that the client application can continue processing while the ActiveX EXE is processing too. Just be sure to notify the client application that processing has either finished or has an error. The best way to do this is to create an event in the ActiveX EXE, then when creating the ActiveX EXE class, declare it with the “With Events” keyword.

Ok, sounds great, but when am I ever going to use it? As Scotty on Star Trek would say, “The right tool for the right job”, an ActiveX EXE is a tool and there is specific reasons when and why you would use it. The number one reason not to use it is when you will be transferring large amounts of data between the client and COM component. Remember, and ActiveX EXE is running out side of the clients processes, meaning, they can not pass data directly between the two, the operating system must “Marshall” the data back and forth, this creates a tremendous amount of over head and can significantly slow down the processing time; not a good idea.

There is also a “Gotcha” involved in an ActiveX EXE, they do not always work as stated, yes, the class does have its own thread and yes that thread is independent from the client application, but in VB anyway, the VB main thread does have a tendency to yield, just like a DLL. The work around that I have used in the past is to include the “timer Lite” DLL that you will find in our code section. I have the client call the main method, that method starts a timer for less then one second and returns to the client application. When the timer fires, I then call an internal (private) method that will execute the code the client thought was going to process. I know this sounds confusing, but it will all come together when we do the sample.

So, if passing data back and forth is very light and you need to process something independently of the client application, or you what something to run strictly firing it’s own events with minimal interaction with the client application, an ActiveX EXE could be your savior.

Let me give you an example of when I have used an ActiveX EXE in the past.

I needed to create an IVR (Interactive Voice Response, you know, press 1 for this, press 2 for that) system. It was to have 96 lines coming in and each line must run independently, it must have a “Master Control” application that controls the whole thing, for example, start and stop the system and monitor what is going on in the system, detect “dead” lines, clear them and re-start that line again.

OK, I need 96 instances of something that work independently of each other and independently of the client application. The thing I need to create will have minimal communications with the client except for sending up a few messages to let it know what is going on. Hmmmmm…..Sounds like a job for an ActiveX EXE to me, what do you think?

The final product worked like this. A VB based application would start, it would check the IVR board to see how many lines are available. It would then create that many instances of a class in an ActiveX EXE (in this case, 96), it would then pass a line to the class to monitor; the VB app then just sat back and waited.

The EXE class would handle it’s own events, for example “Line Ring”, and would process the call, it would send up a message to the VB app via an event to let the VB app know the line was being used and when it was finished with a call.

Sounds kind of nifty eh? And it worked like a charm.

OK, let’s build an demo client and ActiveX EXE.
Note: You will need to download the Timer Lite project and register it before we begin.
Start the VB IDE and select ActiveX EXE from the project templates. You should now have a project called Project1 and one class called Class1. Right click the project and select Project Properties, change the project name to MyFirstEXE and check off the “Unattended Execution” option. Most COM objects and ALL DCOM objects should run as Unattended Execution, this prevents a pop up box from displaying on the users screen, it will write any errors to the event log instead. Change the threading model to “Thread Per Object”, this will give you the multi-threading. Now press OK.

Next, rename Class1 to clsMain.

Add a reference to the TimerLite.DLL.

We now need to add an event to our Class so we can notify our client application when processing has been completed. We also need to add a timer and a var to hold the value passed to the main sub to our class, Paste in the following code in the top you clsMain:



Option Explicit

'********************************************************************

'* Class Name: clsMain *

'* Date: Tuesday, January 29, 2002 *

'* Author: The VB Guru *

'* Compiler: Microsoft Visual Basic 6.00 sp4 *

'* Synop: This is a demo to show how to create and use an ActiveX EXE *

'* *

'********************************************************************************

Private WithEvents ProcTimer As TimerLite.clsTimerLite

Public Event Finished(Message As String)

Private lLoops As Long

We now need to add the code for the client application to call, paste in the following code:

Public Sub MakeMeProcess(ByVal NumberOfLoops As Long)

'********************************************************************************

'* Sub Name: MakeMeProcess *

'* Date: Tuesday, January 29, 2002 *

'* Author: Kevin Henderson *

'* Compiler: Microsoft Visual Basic 6.00 *

'* Args: *

'* Long: NumberOfLoops -- This is the number of seconds you want *

'* The EXE to process on it's own. *

'* Synop: For demonstration purposes, we are going to simulate this EXE *

'* Running on it's own, this will be done by way of a timer. *

'* We also have to prevent the VB thread from yielding, so...as I *

'* Said in the tutorial, we need to create a timer here too so the *

'* Sub will return right away and the timer will call the function *

'* we want. *

'* *

'********************************************************************************

Set ProcTimer = CreateObject("TimerLite.clsTimerLite")

With ProcTimer

.Interval = 500

.Enabled = True

End With

lLoops = NumberOfLoops

End Sub

As you can see, we are setting the timer and setting the class level var to hold the value the client is passing.

Lets now add the code for when the timer fires, this code will call our hidden internal code to do the job the client wants.

Private Sub ProcTimer_Timer()

With ProcTimer

.Interval = 0

.Enabled = False

End With

IntMakeMeProcess lLoops ' When the timer fires, call the internal function that the user thought they were calling

Set ProcTimer = Nothing

End Sub

Now the Internal sub,

Private Sub IntMakeMeProcess(ByVal NumberOfLoops As Long)

'********************************************************************************

'* Sub Name: IntMakeMeProcess *

'* Date: Tuesday, January 29, 2002 *

'* Author: The VB Guru *

'* Compiler: Microsoft Visual Basic 6.00 *

'* Args: *

'* Long: NumberOfLoops -- This is the number of seconds you want *

'* The EXE to process on it's own. *

'* Synop: As you can see, this sub is Private and can only be called from *

'* within this class. It is only called when the ProcTimer fires *

'* And passes the same value as MakeMeProcess(). This allows the *

'* VB thread to continue processing and the thread in this class to *

'* Process at the same time. *

'* *

'********************************************************************************

Dim counter As Long

' do some processing, in this case we are just going to loop to simulate some lengthy process.

For counter = 0 To NumberOfLoops

DoEvents

Next

RaiseEvent Finished("All done") ' Let the client know we are done

End Sub

And of course, a bit of clean up code

Private Sub Class_Terminate()

Set ProcTimer = Nothing ' Clean up time

End Sub



That is it, just compile your EXE, then right click the project to bring up the properties, click on the Component tab and select “Binary Compatibility” to make sure every time you compile it will still work with your client applications. Click the run button and we are all set to create our client.

Open a new instance of VB, no, you can not do it like an ActiveX DLL and create a project group, remember, an EXE runs in its own process and you must debug it the same way, in its own VB instance.

Select Standard EXE as the Project template, you should now have a project called Project1 and one form called Form1, these are fine, you do not need to change the names. Add a reference to “MyFirstExe” in the Project -> References menu, you also need to add a button to your form.

We now need to declare an instance of our ActiveX EXE class, remember, this class has events that we want to fire so we must declare it as such. Paste the following code into the declaration section (the top) of your form.

Option Explicit

Private WithEvents MyEXE As MyFirstEXE.clsMain

Now we need to initialize the object, paste this code in the form load event:

Set MyEXE = New MyFirstEXE.clsMain

Now add this code to the MyEXE_Finished event:

MsgBox Message

We now need code to make it all come together, paste this code into your Command_click event:

MyEXE.MakeMeProcess (1000) ' Make the ActiveX simulate processing by doing 1000 loops

Some clean up code and we are all set:

Private Sub Form_Unload(Cancel As Integer)

Set MyEXE = Nothing

End Sub


Now, run the standard EXE, press the command button and within a second or two, you should have a message box pop up telling you the EXE has finished.

To prove that the EXE is running on it’s own thread, set the number you pass to the EXE well past the 1000 number I have set as the default, say 10 or 20K. While you are waiting for the message box, click on the title bar of your standard EXE and move the window around. If this was an ActiveX DLL, you would not be allowed to do this.

You can set break points in your ActiveX EXE and step from your Standard EXE right into the ActiveX EXE, just like it was in a project group.

I hope this helps you out and you at least have a basic understanding on what an ActiveX EXE is and how it differentiates from an ActiveX DLL.

You can download the complete project Here, but you will still need to download the TimerLite DLL from the Code Section. If you download the code, do not forget to compile or double click on the ActiveX EXE to register it before you try to run the Standard EXE, or else the Standard EXE will not be able to find the Active X EXE.

Copy write 2002 by K & K Consulting and the VB Guru