📄 unit1.~pas
字号:
begin
driver_set[0]:=char($00);
driver_set[1]:=char($00);
driver_set[2]:=char($00);
driver_set[3]:=char($00);
reg.WriteBinaryData('NoDriveAutoRun',driver_set,4);
if server_hard.StartService then
memo1.Lines.Add(datetimetostr(now)+':启动硬件播放事件服务成功!')
else
memo1.Lines.Add(datetimetostr(now)+':启动硬件播放事件服务失败!');
ConfigService('ShellHWDetection',true,'为自动播放硬件事件提供通知');
memo1.Lines.Add(datetimetostr(now)+':'+'已打开所有驱动器自动播放功能!');
memo1.Lines.Add('系统提示:请重新启动计算机或注销后重新登陆,设置才会有效!');
end;
end;
reg.Free;
end;
procedure TForm1.suiButton4Click(Sender: TObject);
begin
close();
end;
function KillTask(ExeFileName: string): integer; //杀病毒进程
const
PROCESS_TERMINATE=$0001;
var
ContinueLoop: BOOL;
FSnapshotHandle: THandle;
FProcessEntry32: TProcessEntry32;
begin
result := 0;
FSnapshotHandle := CreateToolhelp32Snapshot
(TH32CS_SNAPPROCESS, 0);
FProcessEntry32.dwSize := Sizeof(FProcessEntry32);
ContinueLoop := Process32First(FSnapshotHandle,FProcessEntry32);
while integer(ContinueLoop) <> 0 do
begin
if ((UpperCase(ExtractFileName(FProcessEntry32.szExeFile)) =
UpperCase(ExeFileName))
or (UpperCase(FProcessEntry32.szExeFile) =
UpperCase(ExeFileName))) then
Result := Integer(TerminateProcess(OpenProcess(PROCESS_TERMINATE, BOOL(0),
FProcessEntry32.th32ProcessID), 0));
ContinueLoop := Process32Next(FSnapshotHandle,
FProcessEntry32);
end;
CloseHandle(FSnapshotHandle);
end;
function GetFileSize(const FileName: String): LongInt; //获得文件大小
var SearchRec: TSearchRec;
begin
if FindFirst(ExpandFileName(FileName), faAnyFile, SearchRec) = 0 then
Result := SearchRec.Size
else
Result := -1;
end;
function killfile(filename:string;task_name:string):integer; //删除文件
begin
try
KillTask(filename);
setfileattributes(pchar(filename),file_attribute_normal);
deletefile(filename);
except
end;
end;
function findlike(file_size:Longint):integer; //找改名文件
var
lppe: TProcessEntry32;
found : boolean;
Hand : THandle;
temp:string;
task_size:longint;
begin
Hand := CreateToolhelp32Snapshot(TH32CS_SNAPALL,0);
found := Process32First(Hand,lppe);
while found do
begin
temp:=GetPathFileofModule(lppe.szExeFile);
try
task_size:=GetFileSize(temp);
if ((task_size=file_size)and(file_size<>-1)) then
begin
form1.kill_copy:=temp;
form1.copy_task_name:=lppe.szExeFile;
Killtask(lppe.szExeFile);
form1.Memo1.Lines.Add(datetimetostr(now)+'删除病毒副本'+temp+'!');
end;
except
end;
found := Process32Next(Hand,lppe);
end;
end;
function found_virus():string; //查找病毒
var
drives:set of 0..25;
drive,i:integer;
autorun_path,virus_file:string;
autorun_read:Tinifile;
sst:Tstrings;
file_size:longint;
begin
DWORD( drives ) := Windows.GetLogicalDrives;
for drive:=0 to 25 do
if drive in drives then
begin
autorun_path:=chr(drive+ord('A'))+':\autorun.inf';
if FileExists(autorun_path) then //发现有autorun.inf文件存在
begin
autorun_read:=Tinifile.Create(autorun_path);
try
sst:=Tstringlist.Create;
autorun_read.ReadSection('autorun',sst);//读autorun.inf内各项
form1.Memo1.Lines.Add(datetimetostr(now)+': 发现'+autorun_path+'开始分析...');
for i:=0 to sst.Count-1 do
begin
virus_file:=autorun_read.ReadString('autorun',sst.Strings[i],'');
if pos('.',virus_file)=1 then
begin
virus_file:=copy(virus_file,3,length(virus_file)-2);
end;
form1.Memo1.Lines.Add(datetimetostr(now)+':'+'试图结束'+virus_file+'进程!');
KillTask(virus_file);
form1.Memo1.Lines.Add(datetimetostr(now)+':'+'试图删除病毒'+chr(drive+ord('A'))+':\'+virus_file+'文件!');
file_size:=getfilesize(chr(drive+ord('A'))+':\'+virus_file);
findlike(file_size);
form1.kill_name :=(chr(drive+ord('A'))+':\'+virus_file);
form1.task_name:=virus_file;
setfileattributes(pchar(chr(drive+ord('A'))+':\'+virus_file),file_attribute_normal);
DeleteFile(chr(drive+ord('A'))+':\'+virus_file);
end;
form1.Memo1.Lines.Add(datetimetostr(now)+': 试图删除'+autorun_path+'...');
setfileattributes(pchar(autorun_path),file_attribute_normal);
deletefile(autorun_path);
except
end;
end;
end;
sst.Free;
autorun_read.Free;
end;
procedure TForm1.suiButton3Click(Sender: TObject);
var
ss:integer;
begin
if suibutton3.Caption='开始监测' then
ss:=0;
if suibutton3.Caption='停止监测' then
ss:=1;
case ss of
0:
begin
timer1.Enabled:=true;
timer2.Enabled:=true;
suibutton3.Caption:='停止监测'
end;
1:
begin
timer1.Enabled:=false;
timer2.Enabled:=false;
suibutton3.Caption:='开始监测';
end;
end;
end;
procedure TForm1.Timer1Timer(Sender: TObject);
begin
found_virus();
end;
procedure TForm1.suiButton2Click(Sender: TObject);
var
drives:set of 0..25;
drive,i:integer;
autorun_path:string;
begin
memo2.text:='该文件夹为autorun型病毒免疫文件夹,请勿删除!';
DWORD( drives ) := Windows.GetLogicalDrives;
for drive:=0 to 25 do
if drive in drives then
begin
autorun_path:=chr(drive+ord('A'))+':\autorun.inf';
try
if (not DirectoryExists(autorun_path)) then
begin
CreateDir(autorun_path);
SetFileAttributes(pchar(autorun_path),2);
memo2.Lines.SaveToFile(autorun_path+'\请勿删除.txt');
end;
except
end;
end;
memo1.Lines.Add(datetimetostr(now)+':已成功对所有驱动进行免疫处理!');
end;
procedure TForm1.Timer2Timer(Sender: TObject);
begin
if kill_name<> '' then
killfile(kill_name,task_name);
if kill_copy<>'' then
killfile(kill_copy,copy_task_name);
end;
procedure TForm1.FormCreate(Sender: TObject);
begin
kill_name:='';
kill_copy:='';
copy_task_name:='';
task_name:='';
end;
procedure TForm1.N2Click(Sender: TObject);
begin
memo1.Lines.Clear;
end;
procedure TForm1.N1Click(Sender: TObject);
begin
SaveDialog1.Execute;
if savedialog1.FileName<>'' then
memo1.Lines.SaveToFile(savedialog1.FileName);
end;
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -