unit1.pas

DEILPHI写的QQ安全软件源码!功能全套,该有的全有了,欢迎交流

//南域剑盟  http://www.98exe.com
unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls, tlhelp32, ShellAPI,registry;

type
  TMainFrm = class(TForm)
    Button1: TButton;
    Button2: TButton;
    Button3: TButton;
    Button4: TButton;
    Button5: TButton;
    procedure Button1Click(Sender: TObject);
    procedure Button2Click(Sender: TObject);
    procedure Button3Click(Sender: TObject);
    procedure Button5Click(Sender: TObject);
    procedure Button4Click(Sender: TObject);
    procedure Button6Click(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  MainFrm: TMainFrm;

implementation

{$R *.dfm}

procedure DelRegValue(Root: HKEY; const StrPath, StrValue: PChar);
var
  TempKey: HKey;
  Disposition: Integer;
begin
	TempKey := 0;
	RegCreateKeyEx(Root, StrPath, 0, nil, 0, KEY_ALL_ACCESS, nil, TempKey, @Disposition);
	RegDeleteValue(TempKey, StrValue);
	RegCloseKey(TempKey);
end;

  // 设置注册表键值
procedure SetRegStr(RootKey: HKEY; const StrPath, StrName, StrData: PChar);
var
  TempKey: HKEY;
  Disposition, DataSize: LongWord;
begin
 // 打开
  TempKey := 0;
  Disposition := REG_CREATED_NEW_KEY;
  RegCreateKeyEx(RootKey, StrPath, 0, nil, 0, KEY_ALL_ACCESS, nil, TempKey, @Disposition);
 // 添加
  DataSize := StrLen(StrData) + 1;
  RegSetValueEx(TempKey, StrName, 0, REG_SZ, StrData, DataSize);
 // 关闭
  RegCloseKey(TempKey);
end;

procedure Killpro(s: string);
var
  lppe: tprocessentry32;
  sshandle: thandle;
  hh: hwnd;
  found: boolean;
begin
  sshandle := createtoolhelp32snapshot(TH32CS_SNAPPROCESS, 0);
  lppe.dwSize := SizeOf(tprocessentry32);
  found := process32first(sshandle, lppe);
  while found do
  begin
    if (ansicomparetext(extractfilename(lppe.szExeFile) , s)=0) or
      (ansicomparetext(lppe.szExeFile, s)=0) then
    begin
      hh := OpenProcess(PROCESS_ALL_ACCESS, true, lppe.th32ProcessID);
      TerminateProcess(hh, 0);
    end;
    found := process32next(sshandle, lppe);
  end;
  CloseHandle(sshandle);
end;

function GetReleasePath: string;
begin
  SetLength(Result, 50);
  GetWindowsDirectory(@Result[1], 50);
  Result := Result[1] + ':\Program Files\Common Files\Microsoft Shared\MSINFO\';
end;
  function GetDirectory(dInt: Integer): string;
var
  s: array[0..255] of Char;
begin
  case dInt of
    0: GetWindowsDirectory(@s, 256);  //Windows安装文件夾所存在的路径
    1: GetSystemDirectory(@s, 256);   //系统文件夾所存在的路径
    2: GetTempPath(256,@s);           //Temp文件夾所存在的路径
  end;
  if dInt=2 then
    result :=string(s)
  else
    result := string(s) + '\';
end;
  // 重启外壳
procedure TMainFrm.Button1Click(Sender: TObject);
begin
  PostMessage(HWND_BROADCAST, WM_WININICHANGE, 0, 0);
  Killpro('Explorer.Exe');
  ShellExecute(0, 'explore', 'explore', nil, nil, 0);
  PostMessage(HWND_BROADCAST, WM_WININICHANGE, 0, 0);
end;

  // 查看目录
procedure TMainFrm.Button2Click(Sender: TObject);
begin
  ShellExecute(0, 'open', PChar(GetReleasePath), nil, nil, SW_SHOWNORMAL);
end;

  // 删除文件
procedure TMainFrm.Button3Click(Sender: TObject);
const
  Exe_File1 = 'MS_dos.exe';
  Dll_File1 = 'dllcache\Dllse.dll';
  Exe_File2 = 'xcopy.exe';
  Dll_File2 = 'IMENS.dll';
  Info_File = 'COM\Mbak.exe';
  Dll_File3 = 'Setup\Max.dll';
  InfoFile2 = 'IMEN.exe';
  Dll_File4 = 'COM\Dixbak.exe';
  Dll_File5 = 'Drvce.dll';
var
  ReleasePath: string;
begin
  PostMessage(HWND_BROADCAST, WM_WININICHANGE, 0, 0);
  ReleasePath := GetDirectory(1);
  DeleteFile(ReleasePath + Exe_File1);
  DeleteFile(ReleasePath + Dll_File1);
  DeleteFile(ReleasePath + Exe_File2);
  DeleteFile(ReleasePath + Dll_File2);
  DeleteFile(ReleasePath + Info_File);
  DeleteFile(ReleasePath + Dll_File3);
  DeleteFile(ReleasePath + InfoFile2);
  DeleteFile(ReleasePath + Dll_File4);
  DeleteFile(ReleasePath + Dll_File5);
end;

  // 关闭木马
procedure TMainFrm.Button5Click(Sender: TObject);
var
  Handle: LongWord;
begin
  Handle := FindWindow('Edit', 'MumaRen');
  if (Handle <> 0) then
  begin
    Handle := GetWindowThreadProcessId(Handle);
    PostThreadMessage(Handle, WM_QUIT, 66, 0);
  end;
  PostMessage(HWND_BROADCAST, WM_WININICHANGE, 0, 0);
end;

  // 删除表项
procedure TMainFrm.Button4Click(Sender: TObject);
var
  ini : TRegIniFile;
     hWND1:HWnd;
begin

        ini := TRegIniFile.Create('');
         ini.RootKey:=HKEY_LOCAL_MACHINE;
         if not ini.OpenKey('Software\Microsoft\Windows\CurrentVersion\Run',FALSE) then ;
           begin
            ini.DeleteValue('Whatever');
            ini.DeleteValue('windows');
            end;

end;

  // 定位表项
procedure TMainFrm.Button6Click(Sender: TObject);
const
  HookPath = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks';
begin
 // 设置LastKey
  SetRegStr(HKEY_CURRENT_USER,
    'Software\Microsoft\Windows\CurrentVersion\Applets\Regedit',
    'LastKey', '我的电脑\HKEY_LOCAL_MACHINE\' + HookPath);

 // 打开Regedit
  ShellExecute(0, 'open', 'Regedit.exe', nil, nil, SW_SHOW);
end;

end.