📄 pvk2002.dpr
字号:
{ 100% Open Source Project bY SMoKE }
Program PVK2002_PLUS_Process_Dumper;
uses Windows,Messages,TLHELP32;
var
WinClass:TwndClassA;
hInst,Handle,hListBox,hRefresh,hDump,hKill,hStatus,hFont:DWORD;
Msg:TMsg;
PosX,PosY:Integer;
Function StrAlloc(Size: Cardinal): PChar;
begin
Inc(Size, SizeOf(Cardinal));
GetMem(Result, Size);
Cardinal(Pointer(Result)^) := Size;
Inc(Result, SizeOf(Cardinal));
end;
Procedure RefreshList;
var hSnapShot:DWORD;
ProcEntry:tagPROCESSENTRY32;
Process:String;
begin
SetWindowTextA(hStatus,'--- Refreshing List ---');
SendMessageA(hListBox,LB_RESETCONTENT,0,0);
hSnapShot:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,GetCurrentProcessId);
ProcEntry.dwSize:=SizeOF(ProcEntry);
Process32First(hSnapShot,ProcEntry);
while GetLastError<>ERROR_NO_MORE_FILES do
begin
Process:=ProcEntry.szExeFile;
SendMessageA(hListBox,LB_ADDSTRING,0,Integer(Process));
Process32Next(hSnapShot,ProcEntry);
end;
CloseHandle(hSnapShot);
SetWindowTextA(hStatus,'--- Done. List Refreshed ---');
end;
Procedure KillProcess;
var Process:PChar;
hSnapShot:DWORD;
ProcEntry:tagPROCESSENTRY32;
PID,ExitCode,hProcess:DWORD;
B:BOOLEAN;
SelItem:Integer;
begin
SetWindowTextA(hStatus,'--- Killing Process ---');
B:=TRUE;
SelItem:=SendMessageA(hListBox,LB_GETCURSEL,0,0);
Process:=StrAlloc(MAX_PATH);
if SelItem=LB_ERR then
begin
SetWindowTextA(hStatus,'--- Select Process To Kill ---');
Exit;
end;
SendMessageA(hListBox,LB_GETTEXT,SelItem,Integer(Process));
hSnapShot:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,GetCurrentProcessId);
ProcEntry.dwSize:=SizeOF(ProcEntry);
Process32First(hSnapShot,ProcEntry);
while GetlastError<>ERROR_NO_MORE_FILES do
begin
if (lStrCmp(ProcEntry.szExeFile,Process)=0) and B then
begin
if MessageBoxA(Handle,'--- Are You Sure You Want To Kill This Process ? ---'+#13#10,'Confirm Process Killing',MB_YESNO)=ID_YES then
begin
PID:=ProcEntry.th32ProcessID;
hProcess:=OpenProcess(PROCESS_TERMINATE,FALSE,PID);
GetExitCodeProcess(hProcess,ExitCode);
TerminateProcess(hProcess,ExitCode);
B:=FALSE;
end
else
begin
SetWindowTextA(hStatus,'--- Failed. Killing Canceled ---');
Exit;
end;
end;
Process32Next(hSnapShot,ProcEntry);
end;
CloseHandle(hSnapShot);
Sleep(500);
RefreshList;
setWindowTextA(hStatus,'--- Done. Process Killed ---');
end;
Procedure DumpProcess;
var Process:PChar;
hSnapShot,hFile,NumRead,NumWrite:DWORD;
MZ:WORD;
PE_ADDR,PE,Imagebase,ImageSize:DWORD;
ProcEntry:tagPROCESSENTRY32;
PID,ExitCode,hProcess:DWORD;
B:BOOLEAN;
SelItem:Integer;
BUFFER:Pointer;
begin
SetWindowTextA(hStatus,'--- Dumping To Disk ---');
B:=TRUE;
SelItem:=SendMessageA(hListBox,LB_GETCURSEL,0,0);
Process:=StrAlloc(MAX_PATH);
if SelItem=LB_ERR then
begin
SetWindowTextA(hStatus,'--- Select Process To Dump ---');
Exit;
end;
SendMessageA(hListBox,LB_GETTEXT,SelItem,Integer(Process));
hSnapShot:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,GetCurrentProcessId);
ProcEntry.dwSize:=SizeOF(ProcEntry);
Process32First(hSnapShot,ProcEntry);
while GetlastError<>ERROR_NO_MORE_FILES do
begin
if (lStrCmp(ProcEntry.szExeFile,Process)=0) and B then
begin
hFile:=CreateFileA(Process,GENERIC_READ,FILE_SHARE_READ,NIL,OPEN_EXISTING,0,0);
if hFile=INVALID_HANDLE_VALUE then
begin
SetWindowTextA(hStatus,'--- Can Not Open The File. Dump Failed ---');
Exit;
end;
ReadFile(hFile,MZ,2,NumRead,NIL);
if MZ<>$5A4D then
begin
SetWindowTextA(hStatus,'--- Not An Executable. Dump Failed ---');
CloseHandle(hFile);
Exit;
end;
SetFilePointer(hFile,$3C,NIL,FILE_BEGIN);
ReadFile(hFile,PE_ADDR,4,NumRead,NIL);
SetFilePointer(hFile,PE_ADDR,NIL,FILE_BEGIN);
ReadFile(hFile,PE,4,Numread,NIL);
if PE<>$00004550 then
begin
SetWindowTextA(hStatus,'--- Not A PE Executable. Dump Failed ---');
CloseHandle(hFile);
Exit;
end;
SetFilePointer(hFile,PE_ADDR+$34,NIL,FILE_BEGIN);
ReadFile(hFile,ImageBase,4,NumRead,NIL);
SetFilePointer(hFile,PE_ADDR+$50,NIL,FILE_BEGIN);
ReadFile(hFile,ImageSize,4,NumRead,NIL);
CloseHandle(hFile);
PID:=ProcEntry.th32ProcessID;
hProcess:=OpenProcess(PROCESS_ALL_ACCESS,FALSE,PID);
GetMem(BUFFER,ImageSize);
if ReadProcessMemory(hProcess,Ptr(ImageBase),BUFFER,ImageSize,NumRead)=FALSE then
begin
SetWindowTextA(hStatus,'--- Can Not Read From Memory. Dump Failed ---');
Exit;
end;
hFile:=CreateFileA('dump.exe',GENERIC_WRITE,0,NIL,CREATE_ALWAYS,0,0);
WriteFile(hFile,BUFFER^,ImageSize,NumWrite,NIL);
CloseHandle(hFile);
B:=FALSE;
end;
Process32Next(hSnapShot,ProcEntry);
end;
CloseHandle(hSnapShot);
Sleep(500);
RefreshList;
SetWindowTextA(hStatus,'--- Done. Successfully Dumped To Disk. DUMP.EXE Created ---');
end;
function WindowProc(hWnd, uMsg, wParam, lParam: Integer): Integer; stdcall;
begin
Result := DefWindowProc(hWnd, uMsg, wParam, lParam);
if (lParam = hRefresh) and (uMsg = WM_COMMAND) then
RefreshList;
if (lParam = hDump) and (uMsg = WM_COMMAND) then
DumpProcess;
if (lParam = hKill) and (uMsg = WM_COMMAND) then
KillProcess;
if uMsg = WM_DESTROY then
ExitProcess(0);
end;
begin
{ ** Register Custom WndClass ** }
hInst := hInstance;
with WinClass do
begin
style := CS_CLASSDC or CS_PARENTDC;
lpfnWndProc := @WindowProc;
hInstance := hInst;
hbrBackground := color_btnface + 1;
lpszClassname := 'PVK_CLASS';
hCursor := LoadCursor(0, IDC_ARROW);
end; { with }
RegisterClass(WinClass);
PosX:=(GetSystemMetrics(SM_CXSCREEN)-399) shr 1;
PosY:=(GetSystemMetrics(SM_CYSCREEN)-286) shr 1;
{ ** Create Main Window ** }
Handle := CreateWindowEx(WS_EX_WINDOWEDGE, 'PVK_CLASS', 'PVK v2.0 (Process Dumper) - SMoKE in 2002',
WS_VISIBLE or WS_CAPTION or WS_SYSMENU,
PosX, PosY, 399, 286, 0, 0, hInst, nil);
{ ** Create ListBox PROCESS LIST ** }
hListBox:=CreateWindow('Listbox','', WS_VISIBLE or WS_CHILD or LBS_STANDARD
or LBS_HASSTRINGS, 0, 0, 393, 217, Handle,
0, hInst,NIL);
{ ** Create a button REFRESH ** }
hRefresh:=CreateWindow('Button', 'REFRESH', WS_VISIBLE or WS_CHILD
or BS_PUSHLIKE or BS_TEXT, 8, 230, 75, 25, Handle,
0, hInst, nil);
{ ** Create a button DUMP PROCESS ** }
hDump:=CreateWindow('Button', 'DUMP PROCESS', WS_VISIBLE or WS_CHILD
or BS_PUSHLIKE or BS_TEXT, 148, 230, 97, 25, Handle,
0, hInst, nil);
{ ** Create a button KILL PROCESS ** }
hKill:=CreateWindow('Button', 'KiLL !', WS_VISIBLE or WS_CHILD
or BS_PUSHLIKE or BS_TEXT, 312, 230, 75, 25, Handle,
0, hInst, nil);
{ ** Create a label (static) STATUS ** }
hStatus:= CreateWindow('Static', '', WS_VISIBLE or WS_CHILD or WS_BORDER
or SS_CENTER, 8, 206, 378, 18, Handle, 0, hInst, nil);
{ ** Create Font Handle ** }
hFont := CreateFont(-11, 0, 0, 0, 400, 0, 0, 0, DEFAULT_CHARSET,
OUT_DEFAULT_PRECIS, CLIP_DEFAULT_PRECIS, DEFAULT_QUALITY,
DEFAULT_PITCH or FF_DONTCARE, 'Arial');
{ Change fonts }
if hFont <> 0 then
begin
SendMessage(hListBox, WM_SETFONT, hFont, 0);
SendMessage(hRefresh, WM_SETFONT, hFont, 0);
SendMessage(hDump, WM_SETFONT, hFont, 0);
SendMessage(hKill, WM_SETFONT, hFont, 0);
SendMessage(hStatus, WM_SETFONT, hFont, 0);
end;
{ ** Create BOLD Font Handle for STATUS ** }
hFont := CreateFont(-11, 0, 0, 0, FW_BOLD, 0, 0, 0, DEFAULT_CHARSET,
OUT_DEFAULT_PRECIS, CLIP_DEFAULT_PRECIS, DEFAULT_QUALITY,
DEFAULT_PITCH or FF_DONTCARE, 'Arial');
if hFont <> 0 then
SendMessage(hStatus, WM_SETFONT, hFont, 0);
SetWindowTextA(hStatus,'--- Waiting ---');
{ Set the focus to the STATUS }
SetFocus(hStatus);
UpdateWindow(Handle);
{ ** Message Loop ** }
while(GetMessage(Msg, Handle, 0, 0)) do
begin
TranslateMessage(msg);
DispatchMessage(msg);
end; { while }
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -