📄 unit1.pas

📁 进程获取工具。process hunter
💻 PAS
字号:
unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls, ComCtrls, ExtCtrls, UList, ProcList, Menus, DrvMgr;

type
  TForm1 = class(TForm)
    ListView1: TListView;
    Panel1: TPanel;
    Button1: TButton;
    Button2: TButton;
    Timer1: TTimer;
    PopupMenu1: TPopupMenu;
    Kill1: TMenuItem;
    CheckBox2: TCheckBox;
    CheckBox3: TCheckBox;
    CheckBox4: TCheckBox;
    CheckBox5: TCheckBox;
    CheckBox6: TCheckBox;
    CheckBox7: TCheckBox;
    CheckBox8: TCheckBox;
    CheckBox1: TCheckBox;
    CheckBox10: TCheckBox;
    CheckBox11: TCheckBox;
    CheckBox12: TCheckBox;
    CheckBox13: TCheckBox;
    Button3: TButton;
    Button4: TButton;
    Button5: TButton;
    Button6: TButton;
    CheckBox9: TCheckBox;
    CheckBox14: TCheckBox;
    Splitter1: TSplitter;
    ListBox1: TListBox;
    procedure Timer1Timer(Sender: TObject);
    procedure FormCreate(Sender: TObject);
    procedure Kill1Click(Sender: TObject);
    procedure Button1Click(Sender: TObject);
    procedure Button2Click(Sender: TObject);
    procedure Button3Click(Sender: TObject);
    procedure Button4Click(Sender: TObject);
    procedure Button5Click(Sender: TObject);
    procedure FormCanResize(Sender: TObject; var NewWidth,
      NewHeight: Integer; var Resize: Boolean);
    procedure Button6Click(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;
  List: PListStruct;
  Sel: integer;
  sItem: TListItem;
  drPath: string;

const
  drName = 'phunter';

implementation

{$R *.dfm}

function GetState(Process: PProcessRecord): string;
begin
 if Process^.Visible then Result := 'Visible' else
   if Process^.SignalState = 1 then Result := 'Deleted' else Result := 'Hidden';
end;

procedure TForm1.Timer1Timer(Sender: TObject);
var
 Process: PProcessRecord;
 Item: TListItem;
 State, DrvText: string;
 r: integer;
 Data: PListStruct;
begin
  FreeListWidthData(List);
  List := nil;
  GetFullProcessesInfo(List);
  Data := List;
  for r := 0 to ListView1.Items.Count - 1 do
    begin
      if Data <> nil then
       begin
        Item := ListView1.Items.Item[r];
        Process := Data^.pData;
        State := GetState(Process);
        if (lstrcmp(PChar(Item.Caption), Process^.ProcessName) <> 0) or
           (Item.SubItems.Strings[0] <> IntToStr(Process^.ProcessId)) or
           (Item.SubItems.Strings[1] <> IntToStr(Process^.ParrentPID)) or
           (Item.SubItems.Strings[2] <> IntToHex(Process^.pEPROCESS, 8)) or
           (Item.SubItems.Strings[3] <> State) then
          begin
            Item.Caption := Process^.ProcessName;
            Item.SubItems.Strings[0] := IntToStr(Process^.ProcessId);
            Item.SubItems.Strings[1] := IntToStr(Process^.ParrentPID);
            Item.SubItems.Strings[2] := IntToHex(Process^.pEPROCESS, 8);
            Item.SubItems.Strings[3] := State;
          end;
        Data := Data^.pNext;
       end else ListView1.Items.Delete(ListView1.Items.Count - 1);
    end;

    while (Data <> nil) do
     begin
       Item := ListView1.Items.Add;
       Process := Data^.pData;                                                                         
       Item.Caption := Process^.ProcessName;
       Item.SubItems.Append(IntToStr(Process^.ProcessId));
       Item.SubItems.Append(IntToStr(Process^.ParrentPID));
       Item.SubItems.Append(IntToHex(Process^.pEPROCESS, 8));
       State := GetState(Process);
       Item.SubItems.Append(State);
       Data := Data^.pNext;
    end;
  FreeListWidthData(List);
  DrvText := DrvGetLogString();
  if DrvText <> '' then ListBox1.Items.Text := ListBox1.Items.Text + DrvText;
end;

procedure TForm1.FormCreate(Sender: TObject);
begin
 ListView1.DoubleBuffered := true;
 ListView1.ControlStyle:=ListView1.ControlStyle + [csOpaque];
 drPath := ExtractFilePath(paramstr(0)) + 'phunter.sys';
end;

procedure TForm1.Kill1Click(Sender: TObject);
var
 Item: TListItem;
 hProcess: integer;
begin
 Item := ListView1.Selected;
 if Item <> nil then
   begin
    hProcess := OpenProcess(PROCESS_TERMINATE, false, StrToInt(Item.SubItems.Strings[0]));
    if hProcess > 0 then
     begin
       TerminateProcess(hProcess, 0);
       CloseHandle(hProcess);
     end else ShowMessage('Can not open process!');
   end;
end;

procedure TForm1.Button1Click(Sender: TObject);
var
 Res: boolean;
 r: dword;
begin
  Button2.Enabled := true;
  Button1.Enabled := false;
  Button3.Enabled := false;
  Button4.Enabled := false;
  Button5.Enabled := false;
  Button6.Enabled := false;

  for r := 0 to Panel1.ControlCount - 1 do
   if Panel1.Controls[r].ClassType = TCheckBox then
     TCheckBox(Panel1.Controls[r]).Enabled := false;

  if CheckBox10.Checked or CheckBox11.Checked or
     CheckBox1.Checked  or CheckBox12.Checked or
     CheckBox13.Checked or CheckBox9.Checked or CheckBox14.Checked then
    begin
      InstallDriver(drName, PChar(drPath));
      LoadDriver(drName);
      Res := OpenDriver();
        if Res then
          begin
            if CheckBox12.Checked then SetSwapcontextHook();
            if CheckBox13.Checked then SetSyscallHook();
          end else
          begin
            ShowMessage('Driver not loaded!');
            CheckBox10.Checked := false;
            CheckBox11.Checked := false;
            CheckBox1.Checked  := false;
            CheckBox12.Checked := false;
            CheckBox13.Checked := false;
          end;
    end;
  Timer1.Enabled  := true;
end;

procedure TForm1.Button2Click(Sender: TObject);
var
 r: dword;
begin
  Timer1.Enabled  := false;
  Button2.Enabled := false;
  Button1.Enabled := true;
  Button3.Enabled := true;
  Button4.Enabled := true;
  Button5.Enabled := true;
  Button6.Enabled := true;

  for r := 0 to Panel1.ControlCount - 1 do
   if Panel1.Controls[r].ClassType = TCheckBox then
     TCheckBox(Panel1.Controls[r]).Enabled := true;

  UnhookAll();

  CloseHandle(hDriver);
  hDriver := 0;
  ListView1.Items.Clear;
end;

procedure TForm1.Button3Click(Sender: TObject);
begin
 CheckBox2.Checked  := true;
 CheckBox3.Checked  := true;
 CheckBox4.Checked  := true;
 CheckBox5.Checked  := true;
 CheckBox6.Checked  := true;
 CheckBox7.Checked  := true;
 CheckBox8.Checked  := true;
 CheckBox9.Checked  := false;
 CheckBox10.Checked := false;
 CheckBox11.Checked := false;
 CheckBox1.Checked  := false;
 CheckBox12.Checked := false;
 CheckBox13.Checked := false;
 CheckBox14.Checked := false;
end;

procedure TForm1.Button4Click(Sender: TObject);
begin
 CheckBox2.Checked  := true;
 CheckBox3.Checked  := true;
 CheckBox4.Checked  := true;
 CheckBox5.Checked  := true;
 CheckBox6.Checked  := true;
 CheckBox7.Checked  := true;
 CheckBox8.Checked  := true;
 CheckBox10.Checked := true;
 CheckBox11.Checked := true;
 CheckBox1.Checked  := true;
 CheckBox12.Checked := false;
 CheckBox13.Checked := false;
 CheckBox9.Checked  := false;
 CheckBox14.Checked := false;
end;

procedure TForm1.Button5Click(Sender: TObject);
begin
 CheckBox2.Checked  := true;
 CheckBox3.Checked  := true;
 CheckBox4.Checked  := true;
 CheckBox5.Checked  := true;
 CheckBox6.Checked  := true;
 CheckBox7.Checked  := true;
 CheckBox8.Checked  := true;
 CheckBox10.Checked := true;
 CheckBox11.Checked := true;
 CheckBox1.Checked  := true;
 CheckBox12.Checked := true;
 CheckBox13.Checked := true;
 CheckBox9.Checked  := true;
 CheckBox14.Checked := true;
end;

procedure TForm1.FormCanResize(Sender: TObject; var NewWidth,
  NewHeight: Integer; var Resize: Boolean);
begin
 Resize := NewWidth = Form1.Width;
end;

procedure TForm1.Button6Click(Sender: TObject);
var
 r: dword;
begin
  for r := 0 to Panel1.ControlCount - 1 do
   if Panel1.Controls[r].ClassType = TCheckBox then
     TCheckBox(Panel1.Controls[r]).Checked := false;
end;

end.
💿 文件大小 268 K
👤 上传用户 xukejia
📂 所属分类 Linux/Unix编程
🏷️ 相关标签

#process #hunter #进程
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -