📄 unit1.pas
字号:
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, Tlhelp32, StdCtrls, Registry, ComCtrls, IniFiles, ShlObj,
ExtCtrls, UKillPe, uScript;
type
TForm1 = class(TForm)
PageControl1: TPageControl;
TabSheet1: TTabSheet;
Button1: TButton;
TabSheet2: TTabSheet;
Button2: TButton;
Label1: TLabel;
Edit1: TEdit;
Label2: TLabel;
Edit2: TEdit;
Label3: TLabel;
Edit3: TEdit;
TabSheet3: TTabSheet;
Label4: TLabel;
Edit4: TEdit;
Label5: TLabel;
Edit5: TEdit;
Button3: TButton;
TabSheet4: TTabSheet;
Button4: TButton;
Label6: TLabel;
Button5: TButton;
ListView1: TListView;
CheckBox1: TCheckBox;
CheckBox2: TCheckBox;
CheckBox3: TCheckBox;
CheckBox6: TCheckBox;
Button6: TButton;
SaveDialog1: TSaveDialog;
Button7: TButton;
OpenDialog1: TOpenDialog;
CheckBox7: TCheckBox;
Memo1: TMemo;
CheckBox8: TCheckBox;
CheckBox9: TCheckBox;
CheckBox10: TCheckBox;
CheckBox11: TCheckBox;
TabSheet5: TTabSheet;
Button8: TButton;
Button9: TButton;
Edit6: TEdit;
Button10: TButton;
Button11: TButton;
Button12: TButton;
Button13: TButton;
CheckBox4: TCheckBox;
CheckBox5: TCheckBox;
Button14: TButton;
Button15: TButton;
CheckBox12: TCheckBox;
procedure Button1Click(Sender: TObject);
procedure Button2Click(Sender: TObject);
procedure Button3Click(Sender: TObject);
procedure FormActivate(Sender: TObject);
procedure Button4Click(Sender: TObject);
procedure ListView1Change(Sender: TObject; Item: TListItem;
Change: TItemChange);
procedure Button5Click(Sender: TObject);
procedure Button6Click(Sender: TObject);
procedure Button7Click(Sender: TObject);
procedure Button8Click(Sender: TObject);
procedure Button0Click(Sender: TObject);
procedure Button11Click(Sender: TObject);
procedure Button12Click(Sender: TObject);
procedure Button9Click(Sender: TObject);
procedure Button13Click(Sender: TObject);
procedure Button14Click(Sender: TObject);
procedure Button15Click(Sender: TObject);
private
{ Private declarations }
public
SystemDir,WinDir: String;
{ Public declarations }
end;
var
Form1: TForm1;
Running: Boolean;
const ProgramVer='肥仔杰工具箱 Build 050815';
implementation
{$R *.dfm}
function EnableDebugPrivilege: Boolean;
function EnablePrivilege(hToken: Cardinal; PrivName: string; bEnable: Boolean): Boolean;
var
TP: TOKEN_PRIVILEGES;
Dummy: Cardinal;
begin
TP.PrivilegeCount := 1;
LookupPrivilegeValue(nil, pchar(PrivName), TP.Privileges[0].Luid);
if bEnable then
TP.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED
else TP.Privileges[0].Attributes := 0;
AdjustTokenPrivileges(hToken, False, TP, SizeOf(TP), nil, Dummy);
Result := GetLastError = ERROR_SUCCESS;
end;
var
hToken: Cardinal;
begin
OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES, hToken);
result:=EnablePrivilege(hToken, 'SeDebugPrivilege', True);
CloseHandle(hToken);
end;
function WinExecAndWait32(FileName: string; Visibility: Integer): Integer;
var
zAppName: array[0..512] of char;
zCurDir: array[0..255] of char;
WorkDir: string;
StartupInfo: TStartupInfo;
ProcessInfo: TProcessInformation;
h: THandle;
begin
StrPCopy(zAppName, FileName);
GetDir(0, WorkDir);
StrPCopy(zCurDir, WorkDir);
FillChar(StartupInfo, Sizeof(StartupInfo), #0);
StartupInfo.cb := Sizeof(StartupInfo);
StartupInfo.dwFlags := STARTF_USESHOWWINDOW;
StartupInfo.wShowWindow := Visibility;
if not CreateProcess(nil, zAppName, nil, nil, false,
CREATE_NEW_CONSOLE or NORMAL_PRIORITY_CLASS, nil,
nil, StartupInfo, ProcessInfo) then
Result := -1
else
begin
sleep(1000);
h:= FindWindow(nil,'注册表编辑器');
ShowWindow(h,1);
WaitforSingleObject(ProcessInfo.hProcess, INFINITE);
GetExitCodeProcess(ProcessInfo.hProcess, Cardinal(Result));
end;
end;
procedure TForm1.Button1Click(Sender: TObject);
var
FileName: Array of String;
RegKey: Array of String;
PExePath: String;
StrTmp: String;
FindVirus: Boolean;
FindVirusNumber: Integer;
ContinueLoop,ContinueLoopM: BOOL;
Result,m,n,Regn,ScanType: Integer;
FSnapshotHandle: THandle;
FProcessEntry32: TProcessEntry32;
ModuleSnapShotHandle: THandle;
ModuleEntry: TModuleEntry32;
myReg: TRegistry;
begin
memo1.Clear;
// ParamStr(0); 返回程序名称
//结束进程,删除文件部分
FindVirusNumber:=0;
n:=8;
SetLength(FileName, n+1);
FileName[0]:= 'msnus.exe';
FileName[1]:= 'winhost.exe';
FileName[2]:= 'winis.exe';
FileName[3]:= 'dnsserv.exe';
FileName[4]:= 'updates.exe';
FileName[5]:= 'msnmsr.exe';
FileName[6]:= 'isass.exe';
FileName[7]:= 'integitor.exe';
FileName[8]:= 'msmbw.exe';
FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); //获取系统所有进程快照
FProcessEntry32.dwSize := Sizeof(FProcessEntry32); //调用Process32First前用Sizeof(FProcessEntry32)填充FProcessEntry32.dwSize
ContinueLoop := Process32First(FSnapshotHandle,FProcessEntry32); //获取快照中第一个进程信息并保存到FProcessEntry32结构体中
while integer(ContinueLoop) <> 0 do //循环枚举快照中所有进程信息
begin
FindVirus:= False;
ModuleSnapShotHandle:=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, FProcessEntry32.th32ProcessID);
ModuleEntry.dwSize:=SizeOf(TModuleEntry32);
ContinueLoopM := Module32First(ModuleSnapShotHandle, ModuleEntry);
while integer(ContinueLoopM)<>0 do //查找模块
begin
PExePath:=ModuleEntry.szExePath;
if UpperCase(ExtractFileName(FProcessEntry32.szExeFile))='IEXPLORE.EXE' then
memo1.Lines.Add(' Module:'+PexePath)
else begin
if PexePath=Application.ExeName then Break;
if UpperCase(ExtractFileName(FProcessEntry32.szExeFile))=UpperCase(ExtractFileName(PExePath)) then Break;
end;
ContinueLoopM:= Module32Next(ModuleSnapShotHandle, ModuleEntry);
end;
CloseHandle(ModuleSnapShotHandle);
if Application.ExeName<>PExePath then
begin
ScanType:=0;
memo1.Lines.Add('Process:'+FProcessEntry32.szExeFile);
for m:=0 to n do //按文件名查毒
begin
// if (UpperCase(FProcessEntry32.szExeFile)=UpperCase(FileName[m]))
// or (UpperCase(ExtractFileName(FProcessEntry32.szExeFile))=UpperCase(ExtractFileName(FileName[m])))
// or (UpperCase(PExePath)=UpperCase(FileName[m])) then
if UpperCase(ExtractFileName(FProcessEntry32.szExeFile))=UpperCase(ExtractFileName(FileName[m])) then
begin
ScanType:=1;
FindVirus:= True;
Break;
end;
end;
if NOT(FindVirus) and CheckBox5.Checked then //按特征查毒
begin
m:=FindPeVirus(PExePath);
if m>0 then
begin
ScanType:=2;
FindVirus:= True;
end;
end;
if FindVirus then//找到病毒后中止进程,并删除病毒文件
begin
FindVirusNumber:=FindVirusNumber+1;
memo1.Lines.Add('进程中找到病毒!'+PExePath);
// memo1.Lines.Add('Process ID: '+IntToStr(FProcessEntry32.th32ProcessID));
//找到要中止的进程名
Result:= Integer(TerminateProcess(OpenProcess(PROCESS_TERMINATE, False,
FProcessEntry32.th32ProcessID), 0));
if Result=1 then//结束进程后删除病毒文件
begin
CheckBox3.Checked:= True;
RunScript(m,ScanType,PExePath); //执行杀毒脚本
end;
end;
end;
ContinueLoop:= Process32Next(FSnapshotHandle,FProcessEntry32);//查找下一个符合条件进程
end;//循环枚举快照中所有进程信息
CloseHandle(FSnapshotHandle);
MessageBox(Application.Handle,'查找病毒已经完成!',ProgramVer,MB_ICONINFORMATION+MB_OK);
//注册表修复部分
Regn:=3;
SetLength(RegKey, Regn+1);
RegKey[0]:='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Secure System';
RegKey[1]:='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fxScanner';
RegKey[2]:='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Microsoft NetWork FireWall Services';
RegKey[3]:='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetworkMap';
myReg := TRegistry.Create;
for m:=0 to Regn do
begin
if copy(RegKey[m],1,18)='HKEY_LOCAL_MACHINE' then
begin
myReg.RootKey:=HKEY_LOCAL_MACHINE;
StrTmp:=copy(RegKey[m],19,length(RegKey[m]));
end else if copy(RegKey[m],1,17)='HKEY_CURRENT_USER' then
begin
myReg.RootKey:=HKEY_CURRENT_USER;
StrTmp:=copy(RegKey[m],18,length(RegKey[m]));
end;
myReg.DeleteKey(StrTmp);
myReg.CloseKey;
end;
//解锁注册表编辑器
if CheckBox6.Checked then
begin
myReg.RootKey:=HKEY_LOCAL_MACHINE;
if myReg.OpenKey('\Software\Microsoft\Windows\CurrentVersion\Policies\System',false) then
If myReg.ValueExists('DisableRegistryTools') Then myReg.DeleteValue('DisableRegistryTools');
myReg.RootKey:=HKEY_CURRENT_USER;
if myReg.OpenKey('\Software\Microsoft\Windows\CurrentVersion\Policies\System',false) then
If myReg.ValueExists('DisableRegistryTools') Then myReg.DeleteValue('DisableRegistryTools');
end;
myReg.CloseKey;
myReg.Free;
memo1.Lines.Add('找到病毒:'+IntToStr(FindVirusNumber)+'个');
//编辑hosts
if CheckBox3.Checked then
if Win32Platform = VER_PLATFORM_WIN32_NT then
WinExec(PChar('notepad.exe '+WinDir+SystemDir+'drivers\etc\hosts'),3)
else WinExec(PChar('notepad.exe '+WinDir+'\hosts'),3);
CheckBox3.Checked:= False;
if CheckBox4.Checked then
begin
WinExec('net share admin$ /delete',0);
WinExec('net share print$ /delete',0);
WinExec('net share c$ /delete',0);
WinExec('net share d$ /delete',0);
WinExec('net share e$ /delete',0);
WinExec('net share f$ /delete',0);
WinExec('net share g$ /delete',0);
CheckBox4.Checked:= False;
end;
end;
procedure TForm1.Button2Click(Sender: TObject);
var
myReg: TRegistry;
begin
myReg := TRegistry.Create;
myReg.RootKey:=HKEY_LOCAL_MACHINE;
//IE起始页及标题
if myReg.OpenKey('\Software\Microsoft\Internet Explorer\Main',false) then
begin
myReg.WriteString('Start Page',Trim(Edit1.Text));
myReg.WriteString('Local Page',Trim(Edit1.Text));
myReg.WriteString('Default_Page_URL',Trim(Edit1.Text));
myReg.WriteString('Window Title',Trim(Edit2.Text));
myReg.WriteString('Search Bar',Trim(Edit3.Text));
myReg.WriteString('Search Page',Trim(Edit3.Text));
myReg.WriteString('Default_Search_URL',Trim(Edit3.Text));
myReg.WriteString('CompanyName','Microsoft Corporation');
end;
myReg.RootKey:=HKEY_CURRENT_USER;
//IE起始页及标题
if myReg.OpenKey('\Software\Microsoft\Internet Explorer\Main',false) then
begin
myReg.WriteString('Start Page',Trim(Edit1.Text));
myReg.WriteString('Local Page',Trim(Edit1.Text));
myReg.WriteString('Default_Page_URL',Trim(Edit1.Text));
myReg.WriteString('Window Title',Trim(Edit2.Text));
myReg.WriteString('Search Bar',Trim(Edit3.Text));
myReg.WriteString('Search Page',Trim(Edit3.Text));
myReg.WriteString('Default_Search_URL',Trim(Edit3.Text));
end;
//主页设置解锁
if myReg.OpenKey('\Software\Policies\Microsoft\Internet Explorer\Control Panel',false) then
begin
myReg.WriteInteger('Homepage',0);
myReg.WriteInteger('GeneralTab',0);
myReg.WriteInteger('SecurityTab',0);
myReg.WriteInteger('ContentTab',0);
myReg.WriteInteger('ConnectionsTab',0);
myReg.WriteInteger('ProgramsTab',0);
myReg.WriteInteger('AdvancedTab',0);
end;
//恢复IE设置按钮
if myReg.OpenKey('\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer',false) then
begin
myReg.WriteInteger('NoFolderOptions',0);
myReg.WriteInteger('NoRun',0);
myReg.WriteInteger('NoToolbarCustomize',0);
myReg.WriteInteger('NoViewContextMenu',0);
myReg.WriteInteger('NoBandCustomize',0);
end;
myReg.CloseKey;
myReg.Free;
ShowMessage('IE修复完成!');
end;
procedure TForm1.Button3Click(Sender: TObject);
var
myReg: TRegistry;
StrTmp: String;
begin
myReg := TRegistry.Create;
myReg.RootKey:=HKEY_LOCAL_MACHINE;
//IE起始页及标题
if Win32Platform = VER_PLATFORM_WIN32_NT then
StrTmp:='\SOFTWARE\Microsoft\Windows NT\CurrentVersion'
else StrTmp:='\Software\Microsoft\Windows\CurrentVersion';
if myReg.OpenKey(StrTmp,false) then
begin
myReg.WriteString('RegisteredOwner',Edit4.Text);
myReg.WriteString('RegisteredOrganization',Edit5.Text);
end;
//加快win2k网上邻居速度
if myReg.OpenKey('\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}',false) then
myReg.DeleteKey('\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}');
if CheckBox8.Checked then
myReg.DeleteKey('\SOFTWARE\Classes\CLSID\{FB7199AB-79BF-11d2-8D94-0000F875C541}');
//WIN98多列菜单
StrTmp:='\Software\Microsoft\Windows\CurrentVersion\explorer\Advanced';
if myReg.OpenKey(StrTmp,false) then
myReg.WriteBool('StartMenuScrollPrograms',False);
//加快关机速度
if myReg.OpenKey('\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management',false) then
if CheckBox12.Checked then myReg.WriteInteger('ClearPageFileAtShutdown',0)
else myReg.WriteInteger('ClearPageFileAtShutdown',1);
myReg.RootKey:=HKEY_CURRENT_USER;
StrTmp:='\Software\Microsoft\Windows\CurrentVersion\Explorer';
if myReg.OpenKey(StrTmp,false) then
if CheckBox9.Checked then
myReg.WriteInteger('DesktopProcess',1) else myReg.WriteInteger('DesktopProcess',0);
StrTmp:='\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced';
if myReg.OpenKey(StrTmp,false) then
if CheckBox10.Checked then
myReg.WriteInteger('SeparateProcess',1) else myReg.WriteInteger('SeparateProcess',0);
StrTmp:='\Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess';
if myReg.OpenKey(StrTmp,false) then
if CheckBox11.Checked then
myReg.WriteString('BrowseNewProcess','yes') else myReg.WriteString('BrowseNewProcess','no');
myReg.RootKey:=HKEY_CLASSES_ROOT;
//EXE及TXT文件关联
if CheckBox1.Checked then
if myReg.OpenKey('\exefile\shell\open\command',false) then
myReg.WriteString('','"%1" %*');
if CheckBox2.Checked then
if myReg.OpenKey('\txtfile\shell\open\command',false) then
myReg.WriteString('','Notepad.exe "%1"');
myReg.CloseKey;
myReg.Free;
ShowMessage('系统更改完成!');
end;
procedure TForm1.FormActivate(Sender: TObject);
var
myReg: TRegistry;
StrTmp: String;
begin
Button4.Click;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -